Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91736 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Virus, Malware... i've tried EVERYTHING!


  • This topic is locked This topic is locked
11 replies to this topic

#1 I Hate computer viruses!!

I Hate computer viruses!!

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 27 May 2008 - 06:58 PM

Can someone PLEASE help me? I have run about 20 different virus programs and fixes and nothing will get rid of this malware i have. I dont know what I need to to. it started about a week ago with a bad link off MySpace, and i had the Vundo virus. I ran AVG, Stinger, Trend Micro, Smitfraud, Spybot, and FixVundo. I have also run AdAware and a few others I dont even know at this point. My AVG says i dont have any viruses, but every time i run a search on the interent i get tons of pop ups which are very annoying. what is scary, is that they pertain to what i'm searching for - like they have little brains that KNOW what i'm doing! what other information are they gathering?! Also, starting this weekend, for some reason whenever I click on a link that I searched for, it will pop up with a windows warning saying "the webpage you requested is not available offline. To view this page, click Connect" with two buttons, one to "connect" and one to "Stay offline". Also, i have two networked computers and i can no longer access my other computer from the virus infected computer. however, i can acces the infected computer from the other one. Any help would be greatly appreciated!!! thank you!!!!!!

Here is my current Hijack this report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:03 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\IDU\IDUServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\IDU\iptray.exe
C:\Program Files\Intel\IDU\awtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\Melissa\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Melissa\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Yvakt Class - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - C:\WINDOWS\system32\v199.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {e7e45758-c350-630a-7b84-bebdc199841a} - {a148991c-dbeb-48b7-a036-053c85754e7e} - C:\WINDOWS\system32\fsskxhir.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [awTray.exe] "C:\Program Files\Intel\IDU\awtray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s
O4 - HKCU\..\Run: [QdrModule16] "C:\Program Files\QdrModule\QdrModule16.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinn...am/skillgam.cab
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g...ds_2_0_0_71.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.co...ALStreaming.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howu...nload/appdl.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g...ds_2_0_0_24.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.../ax/adwerkz.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink...xp/CheckDVD.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinn...jattack/bja.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1191586757765
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cherrytap.com...geUploader4.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://aolsvc.aol.co...mesLauncher.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/...ewer/isetup.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinn...v46/sol/sol.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.betterpho...geUploader3.cab
O16 - DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} (Matn5250 Control) - http://www.daytonfre...ha/matn5250.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://hutchence.arm...timage40803.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.co...ic/SimCityX.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.co...gamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.co...yScapeTeleX.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.co...NetOpPlugin.ocx
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.co...snmusax4227.cab
O16 - DPF: {F89EF74A-956B-4BD3-A066-4F23DF891982} (Drag and Drop Uploader Control) - http://www.betterpho...opUploader2.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: bth4nu - bth4nu.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

--
End of file - 12676 bytes

    Advertisements

Register to Remove


#2 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 29 May 2008 - 08:00 AM

Hi I Hate computer viruses!! and welcome to the forums.

My name is Dave. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can sometimes take a while to research so please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • I recommend you make a backup of any data that you have created, such as documents, pictures, music, ect... before we begin the fix.

Please download SDFix and save it to your Desktop.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Double click on SDFix.exe. It should automatically extract a folder called SDFix to your system drive (usually C:\). Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • Open the SDFix folder and double click on RunThis.bat to start the script.
  • Type Y and press Enter to begin the script.
  • It will start cleaning your PC and then prompt you to press any key to Reboot.
  • Press any key to restart the PC.
  • Your system will take longer than normal to restart as the fixtool will be removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished.
  • Press any key to end the script and to load your desktop icons.
  • A text file should automatically open, so please copy the contents and post them here. We also need you to post a new HijackThis log

IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#3 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 31 May 2008 - 04:47 AM

How are you making out here? Still need help? Please let me know. Thanks, Dave
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#4 I Hate computer viruses!!

I Hate computer viruses!!

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 31 May 2008 - 08:36 PM

Hi Dave,

Thank you for taking the time to help me. Sorry it has taken me while to get back to you. I havent had time to sit down and do this until tonite. I have attached my SDFIX report below, as well as my new Hijack This report.

SDFix Report:

SDFix: Version 1.187
Run by Melissa on Sat 05/31/2008 at 09:04 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\ctfmon32.exe - Deleted
C:\WINDOWS\ctrlpan.dll - Deleted
C:\WINDOWS\directx32.exe - Deleted
C:\WINDOWS\dnsrelay.dll - Deleted
C:\WINDOWS\editpad.exe - Deleted
C:\WINDOWS\explore.exe - Deleted
C:\WINDOWS\explorer32.exe - Deleted
C:\WINDOWS\funniest.exe - Deleted
C:\WINDOWS\funny.exe - Deleted
C:\WINDOWS\gfmnaaa.dll - Deleted
C:\WINDOWS\helpcvs.exe - Deleted
C:\WINDOWS\inetinf.exe - Deleted
C:\WINDOWS\internet.exe - Deleted
C:\WINDOWS\msconfd.dll - Deleted
C:\WINDOWS\msspi.dll - Deleted
C:\WINDOWS\mswsc10.dll - Deleted
C:\WINDOWS\mswsc20.dll - Deleted
C:\WINDOWS\qttasks.exe - Deleted
C:\WINDOWS\quicken.exe - Deleted
C:\WINDOWS\rundll16.exe - Deleted
C:\WINDOWS\rundll32.vbe - Deleted
C:\WINDOWS\searchword.dll - Deleted
C:\WINDOWS\sistem.exe - Deleted
C:\WINDOWS\svchost32.exe - Deleted
C:\WINDOWS\svcinit.exe - Deleted
C:\WINDOWS\system32\hljwugsf.bin - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 21:22:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5391A2C7-52F1-4595-9349-12E66BC78918}]
"namfkhgpcadadpkllpdfagjodhmk"=hex:6a,61,61,64,62,61,63,65,64,69,6d,6f,67,67,68,6e,65,70,68,68,00,..
"maggandnmldfjgmjfkoigpepab"=hex:69,61,6f,63,68,61,65,61,6c,63,61,61,69,66,63,66,67,6b,00,00

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\CoffeeCup Software\\VisualSite Designer\\VisualSite Designer.exe"="C:\\Program Files\\CoffeeCup Software\\VisualSite Designer\\VisualSite Designer.exe:*:Enabled:Homepage Creator 1.0"
"C:\\Program Files\\SecondLife\\SLVoice.exe"="C:\\Program Files\\SecondLife\\SLVoice.exe:*:Enabled:SLVoice"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\ehome\\ehshell.exe"="C:\\WINDOWS\\ehome\\ehshell.exe:LocalSubNet:Enabled:Media Center"
"C:\\Program Files\\CoffeeCup Software\\CoffeeCup Visual Site Designer\\vsd.exe"="C:\\Program Files\\CoffeeCup Software\\CoffeeCup Visual Site Designer\\vsd.exe:*:Enabled:Visual Site Designer Application"
"C:\\Program Files\\JAlbumWin\\JAlbumWin.exe"="C:\\Program Files\\JAlbumWin\\JAlbumWin.exe:*:Enabled:JAlbumWin"
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe:*:Enabled:JavaÖ Platform SE binary"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 31 Jul 2002 318 ..SH. --- "C:\WINDOWS\WSYS049.SYS"
Tue 10 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sun 1 Jan 2006 56 ..SHR --- "C:\WINDOWS\system32\C48DA935BD.sys"
Sun 1 Jan 2006 3,350 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 9 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Sat 5 Aug 2006 13 ...H. --- "C:\Documents and Settings\All Users\Application Data\YUAÄ3113>.sys"
Sat 6 Jan 2007 13 ...H. --- "C:\Documents and Settings\All Users\Application Data\UYAÄ3113>.sys"
Mon 21 Nov 2005 13 ...H. --- "C:\Documents and Settings\All Users\Application Data\YAÄ3113>.sys"
Sun 12 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sat 6 Jan 2007 452 A..H. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM1373.tmp"
Wed 9 Nov 2005 62 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM13FB.tmp"
Wed 9 Nov 2005 720,896 ...HR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM16B5.tmp"
Wed 9 Nov 2005 720,896 ...HR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM16B6.tmp"
Mon 30 Jan 2006 525 ...HR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM16F2.tmp"
Sat 6 Jan 2007 13 ...H. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17A1.tmp"
Mon 21 Nov 2005 13 ...H. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17A2.tmp"
Sat 5 Aug 2006 13 ...H. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17A3.tmp"
Wed 16 Mar 2005 16,011 A..HR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17B7.tmp"
Wed 16 Mar 2005 22,329 A..HR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17B8.tmp"
Wed 16 Mar 2005 22,200 A..HR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17B9.tmp"
Wed 16 Mar 2005 15,243 A..HR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17BA.tmp"
Wed 16 Mar 2005 16,182 A..HR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17BB.tmp"
Sat 12 Nov 2005 135 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17BC.tmp"
Wed 9 Nov 2005 151 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17BF.tmp"
Sun 9 Jul 2006 2,041 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17C0.tmp"
Sun 9 Jul 2006 20,312 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17C1.tmp"
Sun 9 Jul 2006 4,072 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17C2.tmp"
Sun 9 Jul 2006 8,166 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17C3.tmp"
Sun 9 Jul 2006 2,041 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17C4.tmp"
Sun 9 Jul 2006 347 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17C6.tmp"
Sun 9 Jul 2006 8,166 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17C7.tmp"
Sat 15 Jul 2006 7,168 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17C9.tmp"
Mon 11 Sep 2006 76 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17D9.tmp"
Wed 9 Nov 2005 62 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17E6.tmp"
Wed 9 Nov 2005 42 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17EA.tmp"
Thu 24 Nov 2005 70,144 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17EF.tmp"
Wed 9 Nov 2005 151 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17F2.tmp"
Tue 25 Jul 2006 445,640 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17F6.tmp"
Wed 9 Nov 2005 9,506 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17F8.tmp"
Wed 9 Nov 2005 740 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17F9.tmp"
Tue 25 Jul 2006 11,116 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17FA.tmp"
Wed 9 Nov 2005 294 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM17FC.tmp"
Wed 9 Nov 2005 90 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM1803.tmp"
Wed 9 Nov 2005 516 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM1805.tmp"
Sat 19 May 2007 255 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM180C.tmp"
Wed 9 Nov 2005 146 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM180D.tmp"
Wed 9 Nov 2005 757 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM1817.tmp"
Wed 9 Nov 2005 545 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM1823.tmp"
Wed 9 Nov 2005 150 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM1854.tmp"
Tue 10 Aug 2004 19,528 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM185D.tmp"
Wed 9 Nov 2005 798 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM185F.tmp"
Wed 9 Nov 2005 84 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM18B8.tmp"
Wed 9 Nov 2005 62 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM18D7.tmp"
Wed 9 Nov 2005 62 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM18E2.tmp"
Wed 9 Nov 2005 113 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM18E3.tmp"
Wed 9 Nov 2005 113 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM18E4.tmp"
Wed 9 Nov 2005 67 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM18E6.tmp"
Wed 9 Nov 2005 67 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM18E7.tmp"
Wed 9 Nov 2005 67 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM18E8.tmp"
Wed 9 Nov 2005 67 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM18EA.tmp"
Wed 9 Nov 2005 67 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM18EB.tmp"
Wed 9 Nov 2005 67 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM18EC.tmp"
Wed 9 Nov 2005 181 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM18EF.tmp"
Wed 9 Nov 2005 62 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM18F1.tmp"
Wed 9 Nov 2005 348 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM18F2.tmp"
Wed 9 Nov 2005 482 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM18F8.tmp"
Wed 9 Nov 2005 84 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM18F9.tmp"
Wed 9 Nov 2005 148 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM1900.tmp"
Wed 9 Nov 2005 84 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM1902.tmp"
Tue 28 Nov 2006 189,952 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM1910.tmp"
Wed 9 Nov 2005 62 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM1915.tmp"
Thu 11 May 2006 2,696 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM1932.tmp"
Thu 11 May 2006 170 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM1933.tmp"
Thu 11 May 2006 122 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM1969.tmp"
Sat 17 Jun 2006 4,316,674 A..H. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM1991.tmp"
Wed 14 Feb 2007 62 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM199F.tmp"
Thu 11 May 2006 113 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM19A0.tmp"
Wed 9 Nov 2005 113 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM19A1.tmp"
Wed 9 Nov 2005 67 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM1AFF.tmp"
Wed 9 Nov 2005 67 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM1C26.tmp"
Wed 9 Nov 2005 67 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM1D6A.tmp"
Wed 9 Nov 2005 67 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM1FD1.tmp"
Wed 9 Nov 2005 67 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM221C.tmp"
Thu 11 May 2006 67 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM234D.tmp"
Thu 11 May 2006 76 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM234E.tmp"
Thu 11 May 2006 181 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM234F.tmp"
Sat 6 Jan 2007 5,632 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM2351.tmp"
Thu 11 May 2006 183 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM2352.tmp"
Mon 11 Sep 2006 182 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM2354.tmp"
Thu 11 May 2006 20 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM2355.tmp"
Thu 11 May 2006 150 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM2356.tmp"
Wed 9 Nov 2005 181 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM2359.tmp"
Wed 9 Nov 2005 62 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM235C.tmp"
Wed 9 Nov 2005 348 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM235D.tmp"
Thu 11 May 2006 542 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM2364.tmp"
Wed 9 Nov 2005 84 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM2365.tmp"
Thu 11 May 2006 234 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM236C.tmp"
Wed 9 Nov 2005 84 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM2370.tmp"
Fri 10 Aug 2007 62 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM2384.tmp"
Wed 9 Nov 2005 113 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM2385.tmp"
Wed 9 Nov 2005 113 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM2386.tmp"
Wed 9 Nov 2005 67 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM2388.tmp"
Wed 9 Nov 2005 67 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM238A.tmp"
Wed 9 Nov 2005 67 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM238B.tmp"
Wed 9 Nov 2005 67 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM238C.tmp"
Wed 9 Nov 2005 67 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM238D.tmp"
Wed 9 Nov 2005 67 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM238E.tmp"
Wed 9 Nov 2005 20 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM238F.tmp"
Sun 1 Jul 2007 5,120 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM2499.tmp"
Sun 1 Jul 2007 7,168 A.SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM24B8.tmp"
Thu 31 Aug 2006 4,469 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM27F.tmp"
Fri 1 Sep 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM289.tmp"
Mon 16 Oct 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM293.tmp"
Tue 17 Oct 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM29D.tmp"
Wed 14 Mar 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM2A7.tmp"
Wed 30 Aug 2006 4,469 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM2B1.tmp"
Wed 13 Sep 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM2BB.tmp"
Tue 15 Aug 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM2C5.tmp"
Thu 24 Aug 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM2CF.tmp"
Thu 14 Sep 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM2DA.tmp"
Mon 11 Sep 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM2E4.tmp"
Wed 4 Oct 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM2EE.tmp"
Sun 10 Sep 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM2F9.tmp"
Sun 10 Sep 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM303.tmp"
Thu 12 Oct 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM30D.tmp"
Wed 6 Sep 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM317.tmp"
Sat 19 May 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM322.tmp"
Wed 6 Dec 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM32C.tmp"
Wed 16 Aug 2006 4,469 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM336.tmp"
Wed 11 Oct 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM340.tmp"
Sun 25 Mar 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM34A.tmp"
Mon 28 Aug 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM354.tmp"
Fri 5 Jan 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM35E.tmp"
Thu 7 Sep 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM368.tmp"
Sat 17 Feb 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM372.tmp"
Fri 30 Mar 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM37D.tmp"
Thu 22 Mar 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM387.tmp"
Sun 17 Sep 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM391.tmp"
Sat 2 Jun 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM39C.tmp"
Wed 16 Aug 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM3A6.tmp"
Tue 2 Jan 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM3B1.tmp"
Thu 5 Apr 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM3BB.tmp"
Fri 4 Aug 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM3C5.tmp"
Fri 1 Dec 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM3CF.tmp"
Mon 23 Oct 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM3D9.tmp"
Mon 30 Apr 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM3E3.tmp"
Thu 8 Mar 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM3EE.tmp"
Thu 31 Aug 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM3F8.tmp"
Thu 17 Aug 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM402.tmp"
Sun 23 Jul 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM40C.tmp"
Fri 16 Mar 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM416.tmp"
Tue 12 Sep 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM420.tmp"
Sat 2 Jun 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM42A.tmp"
Sat 19 May 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM434.tmp"
Thu 15 Feb 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM43E.tmp"
Thu 15 Feb 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM448.tmp"
Wed 18 Oct 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM452.tmp"
Sat 19 May 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM45C.tmp"
Fri 26 Jan 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM467.tmp"
Fri 15 Sep 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM471.tmp"
Mon 18 Sep 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM47B.tmp"
Thu 24 Aug 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM485.tmp"
Sun 24 Jun 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM48F.tmp"
Mon 25 Dec 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM499.tmp"
Fri 22 Sep 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM4A3.tmp"
Sun 23 Jul 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM4AD.tmp"
Wed 27 Sep 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM4B7.tmp"
Thu 16 Nov 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM4C1.tmp"
Mon 7 Aug 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM4CB.tmp"
Thu 24 May 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM4D5.tmp"
Fri 29 Sep 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM4DF.tmp"
Tue 30 Jan 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM4E9.tmp"
Wed 23 Aug 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM4F3.tmp"
Thu 10 Aug 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM4FD.tmp"
Sat 5 May 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM508.tmp"
Tue 20 Jun 2006 29,538 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM512.tmp"
Mon 9 Oct 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM51C.tmp"
Tue 1 Aug 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM527.tmp"
Thu 5 Oct 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM531.tmp"
Mon 2 Oct 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM53C.tmp"
Sun 23 Jul 2006 110,997 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM546.tmp"
Sun 23 Jul 2006 291,165 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM550.tmp"
Thu 10 May 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM55A.tmp"
Sat 24 Mar 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM564.tmp"
Tue 10 Apr 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM56E.tmp"
Fri 18 Aug 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM578.tmp"
Wed 28 Mar 2007 4,469 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM582.tmp"
Thu 14 Jun 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM58C.tmp"
Tue 13 Mar 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM597.tmp"
Tue 18 Jul 2006 156,022 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM5A1.tmp"
Tue 26 Sep 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM5AB.tmp"
Fri 6 Oct 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM5B5.tmp"
Mon 6 Aug 2007 11,495 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM5C0.tmp"
Sun 24 Jun 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM5CA.tmp"
Sun 23 Jul 2006 53,633 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM5D4.tmp"
Sun 23 Jul 2006 111,085 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM5DE.tmp"
Tue 3 Oct 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM5E9.tmp"
Sun 23 Jul 2006 291,339 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM5F3.tmp"
Wed 28 Mar 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM5FD.tmp"
Fri 15 Sep 2006 4,469 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM607.tmp"
Fri 13 Oct 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM611.tmp"
Sat 19 May 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM61B.tmp"
Fri 25 Aug 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM625.tmp"
Fri 15 Sep 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM630.tmp"
Tue 19 Sep 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM63B.tmp"
Mon 14 Aug 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM646.tmp"
Fri 11 Aug 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM650.tmp"
Sun 23 Jul 2006 45,535 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM65A.tmp"
Sun 23 Jul 2006 25,046 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM664.tmp"
Sun 23 Jul 2006 4,577 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM66E.tmp"
Sun 23 Jul 2006 12,769 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM679.tmp"
Sun 23 Jul 2006 4,577 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM683.tmp"
Sun 23 Jul 2006 4,577 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM68D.tmp"
Sun 23 Jul 2006 291,297 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM697.tmp"
Sat 6 Jan 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM6A1.tmp"
Sat 20 Jan 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM6AB.tmp"
Fri 16 Mar 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM6B6.tmp"
Fri 7 Jul 2006 53,586 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM6C0.tmp"
Fri 7 Jul 2006 57,672 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM6CA.tmp"
Tue 29 Aug 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM6D5.tmp"
Wed 19 Jul 2006 156,130 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM6E0.tmp"
Wed 19 Jul 2006 14,193 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM6EB.tmp"
Mon 25 Sep 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM6F5.tmp"
Sat 18 Nov 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM700.tmp"
Wed 26 Jul 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM70A.tmp"
Wed 30 Aug 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM715.tmp"
Wed 20 Dec 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM71F.tmp"
Thu 24 Aug 2006 3,499 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM733.tmp"
Thu 16 Nov 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM73D.tmp"
Thu 24 Aug 2006 4,577 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM748.tmp"
Wed 14 Feb 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM753.tmp"
Wed 9 Aug 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM75D.tmp"
Wed 11 Apr 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM767.tmp"
Sun 15 Oct 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM771.tmp"
Sun 23 Jul 2006 6,142 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM77B.tmp"
Sun 23 Jul 2006 53,459 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM785.tmp"
Sat 16 Dec 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM78F.tmp"
Tue 25 Jul 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM799.tmp"
Thu 16 Nov 2006 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM7B7.tmp"
Sat 14 Oct 2006 4,577 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM7C1.tmp"
Fri 11 Aug 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM7D5.tmp"
Sun 30 Jul 2006 12,768 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM7E0.tmp"
Tue 26 Dec 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM7EB.tmp"
Wed 2 Aug 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM7F5.tmp"
Thu 21 Dec 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM7FF.tmp"
Sat 9 Sep 2006 21,598 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM80A.tmp"
Fri 9 Mar 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM814.tmp"
Fri 25 May 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM81E.tmp"
Fri 25 May 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM828.tmp"
Thu 7 Dec 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM832.tmp"
Thu 7 Dec 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM83C.tmp"
Sat 27 Jan 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM851.tmp"
Sun 20 May 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM85B.tmp"
Sun 20 May 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM865.tmp"
Sun 20 May 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM86F.tmp"
Sun 20 May 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM879.tmp"
Wed 27 Sep 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM883.tmp"
Sat 18 Nov 2006 4,469 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM88D.tmp"
Fri 17 Nov 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM898.tmp"
Fri 17 Nov 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM8A2.tmp"
Fri 17 Nov 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM8AC.tmp"
Wed 15 Nov 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM8B7.tmp"
Sun 3 Sep 2006 21,598 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM8C3.tmp"
Tue 27 Jun 2006 57,695 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM8CE.tmp"
Tue 8 Aug 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM8D8.tmp"
Thu 7 Sep 2006 12,768 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM8E3.tmp"
Thu 7 Sep 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM8EE.tmp"
Fri 18 Aug 2006 123,311 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM8F8.tmp"
Fri 18 Aug 2006 38,888 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM903.tmp"
Fri 18 Aug 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM90D.tmp"
Fri 18 Aug 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM917.tmp"
Fri 28 Jul 2006 12,652 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM922.tmp"
Fri 28 Jul 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM92D.tmp"
Tue 29 Aug 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM938.tmp"
Tue 19 Sep 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM942.tmp"
Fri 25 Aug 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM94C.tmp"
Fri 25 Aug 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM956.tmp"
Fri 1 Sep 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM961.tmp"
Sun 9 Jul 2006 25,613 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM96B.tmp"
Sun 9 Jul 2006 25,439 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM976.tmp"
Tue 26 Sep 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM981.tmp"
Sun 25 Mar 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM98B.tmp"
Tue 25 Jul 2006 12,652 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM995.tmp"
Tue 25 Jul 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM99F.tmp"
Fri 4 Aug 2006 12,652 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM9A9.tmp"
Fri 4 Aug 2006 12,768 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM9B4.tmp"
Fri 4 Aug 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM9BE.tmp"
Wed 21 Jun 2006 29,665 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM9C8.tmp"
Thu 5 Oct 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM9D3.tmp"
Thu 5 Oct 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM9DD.tmp"
Wed 28 Jun 2006 57,825 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM9E7.tmp"
Sat 19 Aug 2006 123,361 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM9F1.tmp"
Sat 19 Aug 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOM9FB.tmp"
Thu 3 Aug 2006 12,652 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMA05.tmp"
Thu 3 Aug 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMA0F.tmp"
Mon 19 Mar 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMA1A.tmp"
Thu 31 Aug 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMA25.tmp"
Sun 21 Jan 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMA2F.tmp"
Sun 3 Jun 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMA3A.tmp"
Sun 3 Jun 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMA45.tmp"
Sun 3 Jun 2007 12,768 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMA50.tmp"
Tue 3 Oct 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMA5B.tmp"
Sat 26 Aug 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMA65.tmp"
Fri 8 Sep 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMA6F.tmp"
Wed 16 Aug 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMA7A.tmp"
Wed 16 Aug 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMA84.tmp"
Thu 29 Mar 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMA8F.tmp"
Sat 16 Sep 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMA99.tmp"
Sat 16 Sep 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMAA3.tmp"
Sat 16 Sep 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMAAD.tmp"
Sat 16 Sep 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMAB7.tmp"
Sat 16 Sep 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMAC1.tmp"
Sat 16 Sep 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMACB.tmp"
Thu 21 Sep 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMAD5.tmp"
Thu 21 Sep 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMADF.tmp"
Sat 2 Sep 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMAEA.tmp"
Sat 5 Aug 2006 12,768 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMAF4.tmp"
Sat 5 Aug 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMAFE.tmp"
Sat 6 Jan 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMB08.tmp"
Fri 21 Jul 2006 1,424 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMB12.tmp"
Fri 21 Jul 2006 14,318 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMB1C.tmp"
Fri 23 Mar 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMB26.tmp"
Sun 18 Feb 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMB30.tmp"
Fri 13 Oct 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMB3A.tmp"
Thu 24 May 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMB44.tmp"
Wed 3 Jan 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMB4E.tmp"
Wed 6 Sep 2006 12,652 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMB58.tmp"
Wed 6 Sep 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMB62.tmp"
Wed 4 Apr 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMB6C.tmp"
Wed 30 Aug 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMB76.tmp"
Sat 29 Jul 2006 12,652 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMB80.tmp"
Sat 29 Jul 2006 12,768 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMB8B.tmp"
Sat 29 Jul 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMB96.tmp"
Sat 29 Jul 2006 12,768 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMBA0.tmp"
Sat 29 Jul 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMBAA.tmp"
Wed 31 Jan 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMBB4.tmp"
Thu 27 Jul 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMBBE.tmp"
Wed 9 May 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMBC8.tmp"
Sat 12 Aug 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMBD3.tmp"
Wed 13 Jun 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMBDD.tmp"
Sat 2 Sep 2006 21,598 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMBE7.tmp"
Thu 28 Sep 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMBF2.tmp"
Thu 15 Mar 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMBFC.tmp"
Thu 15 Mar 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMC06.tmp"
Thu 22 Dec 2005 28,578 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMC11.tmp"
Thu 22 Dec 2005 28,672 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMC1B.tmp"
Thu 22 Dec 2005 1,412 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMC26.tmp"
Thu 22 Dec 2005 1,408 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMC30.tmp"
Thu 22 Dec 2005 70,018 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMC3A.tmp"
Thu 22 Dec 2005 70,018 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMC45.tmp"
Wed 14 Feb 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMC4F.tmp"
Thu 12 Oct 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMC59.tmp"
Tue 24 Oct 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMC63.tmp"
Sat 30 Sep 2006 12,768 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMC6D.tmp"
Sat 30 Sep 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMC77.tmp"
Sun 7 Jan 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMC82.tmp"
Sat 23 Sep 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMC8C.tmp"
Tue 1 May 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMC97.tmp"
Mon 11 Sep 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMCA1.tmp"
Mon 11 Sep 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMCAB.tmp"
Fri 29 Sep 2006 12,652 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMCB5.tmp"
Fri 29 Sep 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMCBF.tmp"
Mon 25 Jun 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMCC9.tmp"
Mon 25 Jun 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMCD3.tmp"
Mon 25 Jun 2007 12,768 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMCDD.tmp"
Mon 25 Jun 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMCE8.tmp"
Mon 25 Jun 2007 12,768 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMCF2.tmp"
Tue 10 Oct 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMCFD.tmp"
Wed 11 Apr 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMD07.tmp"
Fri 20 Oct 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMD12.tmp"
Sat 31 Mar 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMD1C.tmp"
Mon 26 Mar 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMD30.tmp"
Tue 17 Oct 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMD3A.tmp"
Wed 26 Jul 2006 12,768 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMD44.tmp"
Wed 26 Jul 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMD4F.tmp"
Wed 18 Oct 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMD59.tmp"
Sat 8 Jul 2006 291,340 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMD63.tmp"
Sat 8 Jul 2006 1,414 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMD6D.tmp"
Sat 8 Jul 2006 53,729 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMD77.tmp"
Sat 8 Jul 2006 57,813 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMD81.tmp"
Fri 6 Oct 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMD8B.tmp"
Sun 19 Nov 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMD95.tmp"
Sun 19 Nov 2006 12,768 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMD9F.tmp"
Sun 19 Nov 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMDA9.tmp"
Thu 19 Oct 2006 4,468 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMDB4.tmp"
Sun 18 Mar 2007 12,653 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMDBF.tmp"
Sat 7 Oct 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMDCA.tmp"
Sat 17 Mar 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMDD4.tmp"
Sat 17 Mar 2007 12,768 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMDDE.tmp"
Sat 17 Mar 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMDE8.tmp"
Sun 6 May 2007 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOME11.tmp"
Mon 18 Sep 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOME1B.tmp"
Sun 23 Jul 2006 45,390 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOME3A.tmp"
Sun 23 Jul 2006 24,921 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOME45.tmp"
Fri 7 Jul 2006 291,167 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOME4F.tmp"
Fri 7 Jul 2006 139,602 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOME5A.tmp"
Fri 7 Jul 2006 102,728 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOME65.tmp"
Fri 7 Jul 2006 131,414 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOME6F.tmp"
Fri 7 Jul 2006 30,714 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOME7B.tmp"
Thu 10 Aug 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOME90.tmp"
Mon 16 Oct 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOME9A.tmp"
Sun 17 Dec 2006 4,576 ..SHR --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMEA4.tmp"
Wed 9 Nov 2005 209 ..SH. --- "C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro\IOMED7.tmp"
Wed 20 Sep 2006 29,696 A..H. --- "C:\Documents and Settings\Melissa\My Documents\Artistic Expressions1\~WRL0001.tmp"
Sun 28 Oct 2007 1,824,768 A..H. --- "C:\Documents and Settings\Melissa\My Documents\Artistic Expressions1\~WRL0003.tmp"
Sun 28 Oct 2007 1,825,280 ...H. --- "C:\Documents and Settings\Melissa\My Documents\Artistic Expressions1\~WRL0496.tmp"
Tue 25 Jul 2006 11,116 A.SH. --- "C:\Documents and Settings\Melissa\My Documents\My Music\License Backup\drmv2key.bak"

Finished!



HJT REPORT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:20 PM, on 5/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\IDU\IDUServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\Program Files\Intel\IDU\awtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Yvakt Class - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - C:\WINDOWS\system32\v199.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {e7e45758-c350-630a-7b84-bebdc199841a} - {a148991c-dbeb-48b7-a036-053c85754e7e} - C:\WINDOWS\system32\fsskxhir.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [awTray.exe] "C:\Program Files\Intel\IDU\awtray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinn...am/skillgam.cab
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g...ds_2_0_0_71.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.co...ALStreaming.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howu...nload/appdl.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g...ds_2_0_0_24.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.../ax/adwerkz.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink...xp/CheckDVD.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinn...jattack/bja.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1191586757765
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cherrytap.com...geUploader4.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://aolsvc.aol.co...mesLauncher.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/...ewer/isetup.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinn...v46/sol/sol.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.betterpho...geUploader3.cab
O16 - DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} (Matn5250 Control) - http://www.daytonfre...ha/matn5250.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://hutchence.arm...timage40803.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.co...ic/SimCityX.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.co...gamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.co...yScapeTeleX.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.co...NetOpPlugin.ocx
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.co...snmusax4227.cab
O16 - DPF: {F89EF74A-956B-4BD3-A066-4F23DF891982} (Drag and Drop Uploader Control) - http://www.betterpho...opUploader2.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: bth4nu - bth4nu.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel« Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

--
End of file - 12403 bytes

THANKS AGAIN!!

#5 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 31 May 2008 - 08:47 PM

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#6 I Hate computer viruses!!

I Hate computer viruses!!

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 01 June 2008 - 07:59 AM

Here is my ComboFix report:

ComboFix 08-05-29.1 - Melissa 2008-06-01 8:31:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.463 [GMT -5:00]
Running from: C:\Documents and Settings\Melissa\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM4bc7ed24.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\deodffck.dll
C:\WINDOWS\system32\fsskxhir.dll
C:\WINDOWS\system32\fusehnqa.dll
C:\WINDOWS\system32\lshwcdyy.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\phkwvqvf.dll
C:\WINDOWS\system32\rfodqnii.dll
C:\WINDOWS\system32\wuamqvls.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.

2008-05-22 04:51 . 2008-05-29 21:12 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-21 17:20 . 2008-05-31 18:11 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-21 17:20 . 2008-05-21 17:20 <DIR> d-------- C:\Program Files\AVG
2008-05-21 17:20 . 2008-05-21 17:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-21 17:20 . 2008-05-21 17:20 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-21 17:20 . 2008-05-21 17:20 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-19 20:13 . 2008-05-19 20:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-19 20:02 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-19 20:02 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-19 20:02 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-19 20:02 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-19 20:02 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-19 20:02 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-19 20:02 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-19 20:02 . 2008-05-19 20:02 3,702 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-17 17:32 . 2008-05-17 17:32 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\Malwarebytes
2008-05-17 17:32 . 2008-05-17 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-17 17:32 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-17 17:32 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-17 17:31 . 2008-05-17 17:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-17 17:15 . 2008-05-17 17:15 <DIR> d-------- C:\VundoFix Backups
2008-05-17 15:13 . 2008-05-17 15:13 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-17 15:11 . 2008-05-21 17:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-17 15:05 . 2008-05-31 21:26 <DIR> d-------- C:\SDFix
2008-05-17 08:44 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\T?sks
2008-05-17 08:42 . 2008-05-17 08:29 <DIR> d-------- C:\Program Files\Common Files\ÓppPatch
2008-05-17 08:42 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET
2008-05-17 08:41 . 2008-05-17 08:30 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\?icrosoft.NET
2008-05-17 08:40 . 2008-05-17 08:30 <DIR> d-------- C:\WINDOWS\šasks
2008-05-17 08:40 . 2007-08-12 15:33 <DIR> d-------- C:\WINDOWS\AppPatch
2008-05-17 08:40 . 2008-05-17 08:29 <DIR> d-------- C:\WINDOWS\s?mbols
2008-05-17 08:38 . 2008-05-17 08:38 <DIR> d-------- C:\WINDOWS\ÓppPatch
2008-05-17 08:38 . 2008-05-17 08:38 <DIR> d-------- C:\WINDOWS\system32\ÓppPatch
2008-05-17 08:38 . 2008-05-17 08:29 <DIR> d-------- C:\WINDOWS\system32\šasks
2008-05-17 08:38 . 2008-05-17 08:38 <DIR> d-------- C:\WINDOWS\?icrosoft
2008-05-17 08:38 . 2008-05-17 08:38 <DIR> d-------- C:\Program Files\M?crosoft
2008-05-17 08:38 . 2008-05-17 08:38 <DIR> d-------- C:\Program Files\Common Files\šasks
2008-05-17 08:37 . 2008-05-17 08:34 <DIR> d-------- C:\WINDOWS\system32\s?mbols
2008-05-17 08:36 . 2008-05-17 08:36 <DIR> d-------- C:\WINDOWS\system32\M?crosoft.NET
2008-05-17 08:36 . 2008-02-19 18:18 <DIR> d-------- C:\Program Files\Common Files\System
2008-05-17 08:36 . 2008-05-17 08:36 <DIR> d-------- C:\Program Files\?ymantec
2008-05-17 08:36 . 2008-05-17 08:36 <DIR> d-------- C:\Program Files\?racle
2008-05-17 08:35 . 2008-04-18 16:42 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2008-05-17 08:34 . 2008-05-17 08:34 <DIR> d-------- C:\WINDOWS\system32\s?mbols
2008-05-17 08:34 . 2008-02-19 18:19 <DIR> dr--s---- C:\WINDOWS\Fonts
2008-05-17 08:34 . 2008-04-18 16:43 <DIR> dr--s---- C:\WINDOWS\assembly
2008-05-17 08:34 . 2007-08-12 15:33 <DIR> d-------- C:\WINDOWS\AppPatch
2008-05-17 08:34 . 2008-05-17 08:33 <DIR> d-------- C:\Program Files\Common Files\s?curity
2008-05-17 08:34 . 2008-05-17 08:34 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\A?pPatch
2008-05-17 08:34 . 2008-05-17 08:34 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\?ymbols
2008-05-17 08:34 . 2007-12-21 14:45 <DIR> d---s---- C:\Documents and Settings\Melissa\Application Data\Microsoft
2008-05-17 08:33 . 2008-05-17 08:33 <DIR> d-------- C:\WINDOWS\system32\F?nts
2008-05-17 08:33 . 2008-05-17 08:29 <DIR> d-------- C:\WINDOWS\M?crosoft
2008-05-17 08:33 . 2008-05-17 08:33 <DIR> d-------- C:\Program Files\M?crosoft.NET
2008-05-17 08:33 . 2008-05-17 08:33 <DIR> d-------- C:\Program Files\Common Files\s?curity
2008-05-17 08:33 . 2008-05-17 08:29 <DIR> d-------- C:\Program Files\Common Files\S?mantec
2008-05-17 08:33 . 2008-05-17 08:33 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\S?mantec
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\WINDOWS\system32\S?mantec
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\WINDOWS\system32\?ystem
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\WINDOWS\system32\?ymantec
2008-05-17 08:32 . 2008-05-17 08:29 <DIR> d-------- C:\WINDOWS\system32\s?stem
2008-05-17 08:32 . 2008-05-17 08:28 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\šasks
2008-05-17 08:32 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\Common Files\F?nts
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\Common Files\A?pPatch
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\Common Files\?icrosoft
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\Common Files\?icrosoft
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\?icrosoft.NET
2008-05-17 08:32 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\s?stem32
2008-05-17 08:32 . 2008-05-17 08:29 <DIR> d-------- C:\Program Files\A?pPatch
2008-05-17 08:32 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\S?mantec
2008-05-17 08:32 . 2008-05-17 08:38 <DIR> d-------- C:\Program Files\M?crosoft
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\ÓppPatch
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\a?sembly
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\?ymantec
2008-05-17 08:32 . 2008-05-17 08:29 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\?racle
2008-05-17 08:31 . 2007-11-20 12:53 <DIR> d---s---- C:\WINDOWS\Tasks
2008-05-17 08:31 . 2008-05-17 08:28 <DIR> d-------- C:\WINDOWS\system32\?racle
2008-05-17 08:31 . 2005-11-09 19:16 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-05-17 08:31 . 2008-05-17 08:36 <DIR> d-------- C:\WINDOWS\system32\M?crosoft.NET
2008-05-17 08:31 . 2008-02-19 18:17 <DIR> d-------- C:\WINDOWS\system
2008-05-17 08:31 . 2008-05-17 08:29 <DIR> d-------- C:\Program Files\ÓppPatch
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\s?stem32
2008-05-17 08:31 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\F?nts
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\Common Files\W?nSxS
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\Common Files\T?sks
2008-05-17 08:31 . 2008-02-19 18:18 <DIR> d-------- C:\Program Files\Common Files\System
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\Common Files\M?crosoft.NET
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\Common Files\M?crosoft
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\Common Files\?ymbols
2008-05-17 08:31 . 2008-05-17 20:21 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-17 08:31 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\Common Files\A?pPatch
2008-05-17 08:31 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\Common Files\s?mbols
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\?icrosoft
2008-05-17 08:31 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\s?stem
2008-05-17 08:31 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\s?curity
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\Ódobe
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\s?stem32
2008-05-17 08:31 . 2007-12-21 14:45 <DIR> d---s---- C:\Documents and Settings\Melissa\Application Data\Microsoft
2008-05-17 08:31 . 2008-05-17 08:34 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\A?pPatch
2008-05-17 08:31 . 2008-05-17 08:29 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\s?mbols
2008-05-17 08:31 . 2008-05-17 08:30 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\s?curity
2008-05-17 08:30 . 2008-05-17 08:30 <DIR> d-------- C:\Program Files\Ódobe
2008-05-17 08:30 . 2008-05-17 08:30 <DIR> d-------- C:\Program Files\W?nSxS
2008-05-17 08:30 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\Common Files\?racle
2008-05-17 08:30 . 2008-05-17 08:38 <DIR> d-------- C:\Program Files\Common Files\šasks
2008-05-17 08:30 . 2008-05-17 08:29 <DIR> d-------- C:\Program Files\Common Files\a?sembly
2008-05-17 08:30 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\Common Files\M?crosoft
2008-05-17 08:30 . 2007-09-30 12:58 <DIR> d-------- C:\Program Files\Adobe
2008-05-17 08:30 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\šasks
2008-05-17 08:30 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\a?sembly
2008-05-17 08:30 . 2008-05-17 08:33 <DIR> d-------- C:\Program Files\M?crosoft.NET
2008-05-17 08:30 . 2008-05-17 08:30 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\s?stem
2008-05-17 08:30 . 2008-05-17 08:30 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\s?curity
2008-05-17 08:30 . 2008-05-17 08:30 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\F?nts
2008-05-17 08:30 . 2008-05-17 08:30 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\?ystem32
2008-05-17 08:30 . 2008-05-17 08:30 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\?icrosoft.NET
2008-05-17 08:30 . 2008-05-17 08:31 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\s?stem32
2008-05-17 08:30 . 2008-05-17 08:33 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\S?mantec
2008-05-17 08:30 . 2008-05-17 08:29 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\M?crosoft.NET
2008-05-17 08:29 . 2008-05-17 08:29 <DIR> d-------- C:\WINDOWS\system32\šasks
2008-05-17 08:29 . 2008-05-17 08:29 <DIR> d-------- C:\Program Files\ÓppPatch
2008-05-17 08:29 . 2008-05-17 08:38 <DIR> d-------- C:\Program Files\Common Files\šasks
2008-05-17 08:29 . 2008-05-17 08:29 <DIR> d-------- C:\Program Files\Common Files\ÓppPatch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 01:49 101 ----a-w C:\Documents and Settings\Melissa\Application Data\ftpfile.dat
2008-05-26 19:56 7,700 ----a-w C:\WINDOWS\tn5250.tmp
2008-05-24 22:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-22 12:15 --------- d-----w C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro
2008-05-20 02:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-20 01:27 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-18 01:35 --------- d-----w C:\Program Files\LimeWire
2008-05-18 01:33 --------- d-----w C:\Program Files\iPod
2008-05-18 01:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 01:30 --------- d-----w C:\Program Files\EPSON
2008-05-18 01:29 --------- d-----w C:\Program Files\CoffeeCup Software
2008-05-18 01:21 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-18 01:20 --------- d-----w C:\Documents and Settings\Melissa\Application Data\AdobeUM
2008-05-18 01:10 --------- d-----w C:\Documents and Settings\Melissa\Application Data\Photodex
2008-05-17 19:55 --------- d-----w C:\Program Files\Image RollNow!
2008-05-17 19:54 --------- d-----w C:\Program Files\Java
2008-04-19 14:53 --------- d-----w C:\Program Files\gossiper
2008-04-19 14:53 --------- d-----w C:\Program Files\Conduit
2008-04-19 14:50 --------- d-----w C:\Program Files\Vectorian Giotto
2008-04-18 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-18 21:48 --------- d-----w C:\Program Files\Sonic
2008-04-18 21:48 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-04-14 02:03 --------- d-----w C:\Documents and Settings\Melissa\Application Data\VIP Torrent
2008-04-14 01:59 --------- d-----w C:\Program Files\VIP Torrent
2008-04-09 13:13 --------- d-----w C:\Program Files\GE
2008-04-05 18:33 --------- d-----w C:\Program Files\SecondLife
2007-01-06 18:54 13 ---h--w C:\Documents and Settings\All Users\Application Data\┘Ţ├─3113Ť.sys
2006-08-05 13:35 13 ---h--w C:\Documents and Settings\All Users\Application Data\Ţ┘├─3113Ť.sys
2005-11-21 23:40 13 ---h--w C:\Documents and Settings\All Users\Application Data\Ţ├─3113Ť.sys
2005-11-10 00:45 56 ----a-w C:\Program Files\Common Files\appop.log
2006-01-01 17:10 56 --sh--r C:\WINDOWS\system32\C48DA935BD.sys
2006-01-01 17:11 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00172AD1-F4BD-48C0-AEB5-A4CFE4638393}]
C:\WINDOWS\system32\v199.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iomega Automatic Backup Pro"="C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" [2005-03-03 19:55 18964480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ipTray.exe"="C:\Program Files\Intel\IDU\iptray.exe" [2005-04-29 21:06 1267200]
"awTray.exe"="C:\Program Files\Intel\IDU\awtray.exe" [2005-03-11 03:35 1910784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 09:30 7110656]
"nwiz"="nwiz.exe" [2005-08-02 09:30 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-08-02 09:30 86016]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-04 15:03 188416]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-04-04 15:01 335872]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-04-04 15:04 49152]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2005-04-08 20:37 7081984]
"HPHUPD08"="C:\Program Files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 11:35 49152]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"WheelMouse"="C:\Program Files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe" [2007-02-27 12:30 184320]
"RegistryMechanic"="" []
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-21 17:20 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-07 00:06 5181440]

C:\Documents and Settings\Melissa\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 20:55:40 18432]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54 65588]
Program Neighborhood Agent.lnk - C:\Program Files\Citrix\ICA Client\pnagent.exe [2006-05-02 18:22:30 233744]
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\CineTray.exe [2006-07-25 02:01:00 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bth4nu]
bth4nu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\CoffeeCup Software\\VisualSite Designer\\VisualSite Designer.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\CoffeeCup Software\\CoffeeCup Visual Site Designer\\vsd.exe"=
"C:\\Program Files\\JAlbumWin\\JAlbumWin.exe"=
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:IDU Service UDP Port
"2804:TCP"= 2804:TCP:IDU Service TCP Port
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"45688:TCP"= 45688:TCP:LImewire
"45688:UDP"= 45688:UDP:limewire

R0 IABFilt;Iomega Snapshot Volume Filter;C:\WINDOWS\system32\DRIVERS\IABFilt.sys [2005-03-03 13:23]
R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\drivers\ivicd.sys [2005-01-12 07:29]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-21 17:20]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-21 17:20]
R2 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-03-28 03:34]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 06:07]
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 20:55]
S3 iviudf;iviudf;C:\WINDOWS\system32\drivers\IviUdf.sys [2005-01-12 21:28]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 07:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

.
Contents of the 'Scheduled Tasks' folder
"2008-05-30 00:51:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-01 13:05:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 08:53:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Iomega Automatic Backup Pro = "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s?????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\IDU\IDUServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2008-06-01 8:59:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-01 13:58:57

Pre-Run: 102,310,924,288 bytes free
Post-Run: 102,805,626,880 bytes free

308 --- E O F --- 2008-05-17 08:01:37

#7 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 01 June 2008 - 02:01 PM

1. Please open Notepad
  • Click Start , then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00172AD1-F4BD-48C0-AEB5-A4CFE4638393}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bth4nu]

DirLook::
C:\WINDOWS\?icrosoft
C:\WINDOWS\system32\s?mbols
C:\WINDOWS\system32\F?nts
C:\WINDOWS\system32\?ystem
C:\WINDOWS\system32\?ymantec
C:\WINDOWS\system32\s?stem
C:\Documents and Settings\Melissa\Application Data\s?stem32
C:\Documents and Settings\Melissa\Application Data\A?pPatch
C:\Documents and Settings\Melissa\Application Data\s?mbols
C:\Documents and Settings\Melissa\Application Data\s?curity
C:\Documents and Settings\Melissa\Application Data\s?stem
C:\Program Files\Common Files\M?crosoft
C:\Program Files\Common Files\?ymbols
C:\Program Files\Common Files\ÓppPatch
C:\Program Files\šasks


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#8 I Hate computer viruses!!

I Hate computer viruses!!

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 01 June 2008 - 04:52 PM

ComboFix 08-05-29.1 - Melissa 2008-06-01 17:20:30.2 - NTFSx86
Running from: C:\Documents and Settings\Melissa\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Melissa\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Melissa\Local Settings\Temporary Internet Files\zap18BF.tmp
C:\Documents and Settings\Melissa\Local Settings\Temporary Internet Files\zap293.tmp
C:\WINDOWS\system32\wapiicomsv32.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.

2008-06-01 09:10 . 2008-06-01 09:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-01 09:10 . 2008-06-01 09:10 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-01 09:06 . 2008-06-01 09:06 <DIR> d-------- C:\WINDOWS\Cache
2008-06-01 09:06 . 2008-06-01 09:06 <DIR> d-------- C:\Program Files\Coupons
2008-06-01 09:06 . 2008-06-01 09:06 206,168 -ra------ C:\WINDOWS\system32\cpnprt2.cid
2008-05-22 04:51 . 2008-05-29 21:12 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-21 17:20 . 2008-05-31 18:11 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-21 17:20 . 2008-05-21 17:20 <DIR> d-------- C:\Program Files\AVG
2008-05-21 17:20 . 2008-05-21 17:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-21 17:20 . 2008-05-21 17:20 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-21 17:20 . 2008-05-21 17:20 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-19 20:13 . 2008-05-19 20:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-19 20:02 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-19 20:02 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-19 20:02 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-19 20:02 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-19 20:02 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-19 20:02 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-19 20:02 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-19 20:02 . 2008-05-19 20:02 3,702 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-17 17:32 . 2008-05-17 17:32 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\Malwarebytes
2008-05-17 17:32 . 2008-05-17 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-17 17:32 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-17 17:32 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-17 17:31 . 2008-05-17 17:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-17 17:15 . 2008-05-17 17:15 <DIR> d-------- C:\VundoFix Backups
2008-05-17 15:13 . 2008-05-17 15:13 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-17 15:11 . 2008-05-21 17:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-17 15:05 . 2008-05-31 21:26 <DIR> d-------- C:\SDFix
2008-05-17 08:44 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\T?sks
2008-05-17 08:42 . 2008-05-17 08:29 <DIR> d-------- C:\Program Files\Common Files\?ppPatch
2008-05-17 08:42 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET
2008-05-17 08:41 . 2008-05-17 08:30 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\?icrosoft.NET
2008-05-17 08:40 . 2007-08-12 15:33 <DIR> d-------- C:\WINDOWS\AppPatch
2008-05-17 08:40 . 2007-11-20 12:53 <DIR> d---s---- C:\WINDOWS\Tasks
2008-05-17 08:40 . 2008-05-17 08:29 <DIR> d-------- C:\WINDOWS\s?mbols
2008-05-17 08:38 . 2008-05-17 08:38 <DIR> d-------- C:\WINDOWS\system32\?ppPatch
2008-05-17 08:38 . 2008-05-17 08:29 <DIR> d-------- C:\WINDOWS\system32\?asks
2008-05-17 08:38 . 2007-08-12 15:33 <DIR> d-------- C:\WINDOWS\AppPatch
2008-05-17 08:38 . 2008-05-17 08:38 <DIR> d-------- C:\WINDOWS\?icrosoft
2008-05-17 08:38 . 2008-05-17 08:38 <DIR> d-------- C:\Program Files\M?crosoft
2008-05-17 08:38 . 2008-05-17 08:38 <DIR> d-------- C:\Program Files\Common Files\?asks
2008-05-17 08:37 . 2008-05-17 08:34 <DIR> d-------- C:\WINDOWS\system32\s?mbols
2008-05-17 08:36 . 2008-05-17 08:36 <DIR> d-------- C:\WINDOWS\system32\M?crosoft.NET
2008-05-17 08:36 . 2008-02-19 18:18 <DIR> d-------- C:\Program Files\Common Files\System
2008-05-17 08:36 . 2008-05-17 08:36 <DIR> d-------- C:\Program Files\?ymantec
2008-05-17 08:36 . 2008-05-17 08:36 <DIR> d-------- C:\Program Files\?racle
2008-05-17 08:35 . 2008-04-18 16:42 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2008-05-17 08:34 . 2008-05-17 08:34 <DIR> d-------- C:\WINDOWS\system32\s?mbols
2008-05-17 08:34 . 2008-02-19 18:19 <DIR> dr--s---- C:\WINDOWS\Fonts
2008-05-17 08:34 . 2008-04-18 16:43 <DIR> dr--s---- C:\WINDOWS\assembly
2008-05-17 08:34 . 2007-08-12 15:33 <DIR> d-------- C:\WINDOWS\AppPatch
2008-05-17 08:34 . 2008-05-17 08:33 <DIR> d-------- C:\Program Files\Common Files\s?curity
2008-05-17 08:34 . 2008-05-17 08:34 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\A?pPatch
2008-05-17 08:34 . 2008-05-17 08:34 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\?ymbols
2008-05-17 08:34 . 2007-12-21 14:45 <DIR> d---s---- C:\Documents and Settings\Melissa\Application Data\Microsoft
2008-05-17 08:33 . 2008-05-17 08:33 <DIR> d-------- C:\WINDOWS\system32\F?nts
2008-05-17 08:33 . 2008-05-17 08:29 <DIR> d-------- C:\WINDOWS\M?crosoft
2008-05-17 08:33 . 2008-05-17 08:33 <DIR> d-------- C:\Program Files\M?crosoft.NET
2008-05-17 08:33 . 2008-05-17 08:33 <DIR> d-------- C:\Program Files\Common Files\s?curity
2008-05-17 08:33 . 2008-05-17 08:29 <DIR> d-------- C:\Program Files\Common Files\S?mantec
2008-05-17 08:33 . 2008-05-17 08:33 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\S?mantec
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\WINDOWS\system32\S?mantec
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\WINDOWS\system32\?ystem
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\WINDOWS\system32\?ymantec
2008-05-17 08:32 . 2008-05-17 08:29 <DIR> d-------- C:\WINDOWS\system32\s?stem
2008-05-17 08:32 . 2008-05-17 08:28 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2008-05-17 08:32 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\Common Files\F?nts
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\Common Files\A?pPatch
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\Common Files\?icrosoft
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\Common Files\?icrosoft
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\?icrosoft.NET
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\?asks
2008-05-17 08:32 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\s?stem32
2008-05-17 08:32 . 2008-05-17 08:29 <DIR> d-------- C:\Program Files\A?pPatch
2008-05-17 08:32 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\S?mantec
2008-05-17 08:32 . 2008-05-17 08:38 <DIR> d-------- C:\Program Files\M?crosoft
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\a?sembly
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\?ymantec
2008-05-17 08:32 . 2008-05-17 08:29 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\?racle
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\?ppPatch
2008-05-17 08:31 . 2007-11-20 12:53 <DIR> d---s---- C:\WINDOWS\Tasks
2008-05-17 08:31 . 2008-05-17 08:28 <DIR> d-------- C:\WINDOWS\system32\?racle
2008-05-17 08:31 . 2005-11-09 19:16 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-05-17 08:31 . 2008-05-17 08:36 <DIR> d-------- C:\WINDOWS\system32\M?crosoft.NET
2008-05-17 08:31 . 2008-02-19 18:17 <DIR> d-------- C:\WINDOWS\system
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\s?stem32
2008-05-17 08:31 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\F?nts
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\Common Files\W?nSxS
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\Common Files\T?sks
2008-05-17 08:31 . 2008-02-19 18:18 <DIR> d-------- C:\Program Files\Common Files\System
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\Common Files\M?crosoft.NET
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\Common Files\M?crosoft
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\Common Files\?ymbols
2008-05-17 08:31 . 2008-05-17 20:21 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-17 08:31 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\Common Files\A?pPatch
2008-05-17 08:31 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\Common Files\s?mbols
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\?icrosoft
2008-05-17 08:31 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\s?stem
2008-05-17 08:31 . 2008-05-17 08:29 <DIR> d-------- C:\Program Files\A?pPatch
2008-05-17 08:31 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\s?curity
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\s?stem32
2008-05-17 08:31 . 2007-12-21 14:45 <DIR> d---s---- C:\Documents and Settings\Melissa\Application Data\Microsoft
2008-05-17 08:31 . 2007-09-01 15:36 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\Adobe
2008-05-17 08:31 . 2008-05-17 08:34 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\A?pPatch
2008-05-17 08:31 . 2008-05-17 08:29 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\s?mbols
2008-05-17 08:31 . 2008-05-17 08:30 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\s?curity
2008-05-17 08:30 . 2008-05-17 08:30 <DIR> d-------- C:\Program Files\W?nSxS
2008-05-17 08:30 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\Common Files\?racle
2008-05-17 08:30 . 2008-05-17 08:38 <DIR> d-------- C:\Program Files\Common Files\?asks
2008-05-17 08:30 . 2008-05-17 08:29 <DIR> d-------- C:\Program Files\Common Files\a?sembly
2008-05-17 08:30 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\Common Files\M?crosoft
2008-05-17 08:30 . 2007-09-30 12:58 <DIR> d-------- C:\Program Files\Adobe
2008-05-17 08:30 . 2007-09-30 12:58 <DIR> d-------- C:\Program Files\Adobe
2008-05-17 08:30 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\?asks
2008-05-17 08:30 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\a?sembly
2008-05-17 08:30 . 2008-05-17 08:33 <DIR> d-------- C:\Program Files\M?crosoft.NET
2008-05-17 08:30 . 2008-05-17 08:30 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\s?stem
2008-05-17 08:30 . 2008-05-17 08:30 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\s?curity
2008-05-17 08:30 . 2008-05-17 08:30 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\F?nts
2008-05-17 08:30 . 2008-05-17 08:30 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\?ystem32
2008-05-17 08:30 . 2008-05-17 08:30 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\?icrosoft.NET
2008-05-17 08:30 . 2008-05-17 08:31 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\s?stem32
2008-05-17 08:30 . 2008-05-17 08:33 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\S?mantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 15:25 7,700 ----a-w C:\WINDOWS\tn5250.tmp
2008-05-30 01:49 101 ----a-w C:\Documents and Settings\Melissa\Application Data\ftpfile.dat
2008-05-24 22:30 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-24 22:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-22 12:15 --------- d-----w C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro
2008-05-20 02:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-20 01:27 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-18 01:35 --------- d-----w C:\Program Files\LimeWire
2008-05-18 01:33 --------- d-----w C:\Program Files\iPod
2008-05-18 01:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 01:30 --------- d-----w C:\Program Files\EPSON
2008-05-18 01:29 --------- d-----w C:\Program Files\CoffeeCup Software
2008-05-18 01:21 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-18 01:20 --------- d-----w C:\Documents and Settings\Melissa\Application Data\AdobeUM
2008-05-18 01:10 --------- d-----w C:\Documents and Settings\Melissa\Application Data\Photodex
2008-05-17 19:55 --------- d-----w C:\Program Files\Image RollNow!
2008-05-17 19:54 --------- d-----w C:\Program Files\Java
2008-04-19 14:53 --------- d-----w C:\Program Files\gossiper
2008-04-19 14:53 --------- d-----w C:\Program Files\Conduit
2008-04-19 14:50 --------- d-----w C:\Program Files\Vectorian Giotto
2008-04-18 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-18 21:48 --------- d-----w C:\Program Files\Sonic
2008-04-18 21:48 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-04-14 02:03 --------- d-----w C:\Documents and Settings\Melissa\Application Data\VIP Torrent
2008-04-14 01:59 --------- d-----w C:\Program Files\VIP Torrent
2008-04-09 13:13 --------- d-----w C:\Program Files\GE
2008-04-05 18:33 --------- d-----w C:\Program Files\SecondLife
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-05 21:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 21:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 21:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 20:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 20:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2007-01-06 18:54 13 ---h--w C:\Documents and Settings\All Users\Application Data\┘Ţ├─3113Ť.sys
2006-08-05 13:35 13 ---h--w C:\Documents and Settings\All Users\Application Data\Ţ┘├─3113Ť.sys
2005-11-21 23:40 13 ---h--w C:\Documents and Settings\All Users\Application Data\Ţ├─3113Ť.sys
2005-11-10 00:45 56 ----a-w C:\Program Files\Common Files\appop.log
2006-01-01 17:10 56 --sh--r C:\WINDOWS\system32\C48DA935BD.sys
2006-01-01 17:11 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\Melissa\Application Data\A?pPatch ----

2008-05-17 08:34 0 d-------- C:\Documents and Settings\Melissa\Application Data\A?pPatch\

---- Directory of C:\Documents and Settings\Melissa\Application Data\s?curity ----

2008-05-17 08:30 0 d-------- C:\Documents and Settings\Melissa\Application Data\s?curity\

---- Directory of C:\Documents and Settings\Melissa\Application Data\s?mbols ----

2008-05-17 08:29 0 d-------- C:\Documents and Settings\Melissa\Application Data\s?mbols\

---- Directory of C:\Documents and Settings\Melissa\Application Data\s?stem ----

2008-05-17 08:30 0 d-------- C:\Documents and Settings\Melissa\Application Data\s?stem\

---- Directory of C:\Documents and Settings\Melissa\Application Data\s?stem32 ----

2008-05-17 08:31 0 d-------- C:\Documents and Settings\Melissa\Application Data\s?stem32\

---- Directory of C:\Program Files\Common Files\?ymbols ----

2008-05-17 08:31 0 d-------- C:\Program Files\Common Files\?ymbols\

---- Directory of C:\Program Files\Common Files\M?crosoft ----

2008-05-17 08:31 0 d-------- C:\Program Files\Common Files\M?crosoft\

---- Directory of C:\Program Files\Common Files\ÓppPatch ----

C:\Program Files\Common Files\ÓppPatch\

---- Directory of C:\Program Files\šasks ----

C:\Program Files\šasks\

---- Directory of C:\WINDOWS\?icrosoft ----

2008-05-17 08:38 0 d-------- C:\WINDOWS\?icrosoft\

---- Directory of C:\WINDOWS\system32\?ymantec ----

2008-05-17 08:32 0 d-------- C:\WINDOWS\system32\?ymantec\

---- Directory of C:\WINDOWS\system32\?ystem ----

2008-05-17 08:32 0 d-------- C:\WINDOWS\system32\?ystem\

---- Directory of C:\WINDOWS\system32\F?nts ----

2008-05-17 08:33 0 d-------- C:\WINDOWS\system32\F?nts\

---- Directory of C:\WINDOWS\system32\s?mbols ----

2008-05-17 08:34 0 d-------- C:\WINDOWS\system32\s?mbols\

---- Directory of C:\WINDOWS\system32\s?stem ----

2008-05-17 08:29 0 d-------- C:\WINDOWS\system32\s?stem\


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iomega Automatic Backup Pro"="C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" [2005-03-03 19:55 18964480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ipTray.exe"="C:\Program Files\Intel\IDU\iptray.exe" [2005-04-29 21:06 1267200]
"awTray.exe"="C:\Program Files\Intel\IDU\awtray.exe" [2005-03-11 03:35 1910784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 09:30 7110656]
"nwiz"="nwiz.exe" [2005-08-02 09:30 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-08-02 09:30 86016]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-04 15:03 188416]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-04-04 15:01 335872]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-04-04 15:04 49152]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2005-04-08 20:37 7081984]
"HPHUPD08"="C:\Program Files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 11:35 49152]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"WheelMouse"="C:\Program Files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe" [2007-02-27 12:30 184320]
"RegistryMechanic"="" []
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-21 17:20 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-07 00:06 5181440]

C:\Documents and Settings\Melissa\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 20:55:40 18432]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54 65588]
Program Neighborhood Agent.lnk - C:\Program Files\Citrix\ICA Client\pnagent.exe [2006-05-02 18:22:30 233744]
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\CineTray.exe [2006-07-25 02:01:00 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\CoffeeCup Software\\VisualSite Designer\\VisualSite Designer.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\CoffeeCup Software\\CoffeeCup Visual Site Designer\\vsd.exe"=
"C:\\Program Files\\JAlbumWin\\JAlbumWin.exe"=
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:IDU Service UDP Port
"2804:TCP"= 2804:TCP:IDU Service TCP Port
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"45688:TCP"= 45688:TCP:LImewire
"45688:UDP"= 45688:UDP:limewire

R0 IABFilt;Iomega Snapshot Volume Filter;C:\WINDOWS\system32\DRIVERS\IABFilt.sys [2005-03-03 13:23]
R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\drivers\ivicd.sys [2005-01-12 07:29]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-21 17:20]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-21 17:20]
R2 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-03-28 03:34]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 06:07]
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 20:55]
S3 iviudf;iviudf;C:\WINDOWS\system32\drivers\IviUdf.sys [2005-01-12 21:28]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 07:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

.
Contents of the 'Scheduled Tasks' folder
"2008-05-30 00:51:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-01 22:05:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 17:24:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Iomega Automatic Backup Pro = "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s?????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-01 17:27:02
ComboFix-quarantined-files.txt 2008-06-01 22:26:39
ComboFix2.txt 2008-06-01 13:59:01

Pre-Run: 104,743,264,256 bytes free
Post-Run: 104,885,927,936 bytes free

315 --- E O F --- 2008-05-17 08:01:37


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:03 PM, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\IDU\IDUServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\Program Files\Intel\IDU\awtray.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [awTray.exe] "C:\Program Files\Intel\IDU\awtray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinn...am/skillgam.cab
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g...ds_2_0_0_71.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.co...ALStreaming.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howu...nload/appdl.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g...ds_2_0_0_24.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.../ax/adwerkz.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink...xp/CheckDVD.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinn...jattack/bja.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1191586757765
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cherrytap.com...geUploader4.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://aolsvc.aol.co...mesLauncher.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/...ewer/isetup.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinn...v46/sol/sol.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.betterpho...geUploader3.cab
O16 - DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} (Matn5250 Control) - http://www.daytonfre...ha/matn5250.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://hutchence.arm...timage40803.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.co...ic/SimCityX.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.co...gamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.co...yScapeTeleX.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.co...NetOpPlugin.ocx
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.co...snmusax4227.cab
O16 - DPF: {F89EF74A-956B-4BD3-A066-4F23DF891982} (Drag and Drop Uploader Control) - http://www.betterpho...opUploader2.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

--
End of file - 12458 bytes

#9 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 01 June 2008 - 05:37 PM

Hi,

OK, it appears you have several empty folders from a purityscan infection. We'll get those now, then go from there.


1. Please open Notepad
  • Click Start , then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Folder::
C:\Program Files\T?sks
C:\Program Files\Common Files\ÓppPatch
C:\Program Files\Common Files\?icrosoft.NET
C:\Program Files\M?crosoft
C:\Program Files\Common Files\šasks
C:\Program Files\?ymantec
C:\Program Files\?racle
C:\Program Files\Common Files\s?curity
C:\Program Files\M?crosoft.NET
C:\Program Files\Common Files\S?mantec
C:\Program Files\šasks
C:\Program Files\Common Files\F?nts
C:\Program Files\Common Files\A?pPatch
C:\Program Files\Common Files\?icrosoft
C:\Program Files\s?stem32
C:\Program Files\A?pPatch
C:\Program Files\ÓppPatch
C:\Program Files\F?nts
C:\Program Files\Common Files\W?nSxS
C:\Program Files\Common Files\T?sks
C:\Program Files\Common Files\M?crosoft
C:\Program Files\Common Files\?ymbols
C:\Program Files\Common Files\s?mbols
C:\Program Files\?icrosoft
C:\Program Files\s?stem
C:\Program Files\s?curity
C:\Program Files\W?nSxS
C:\Program Files\Common Files\?racle
C:\Program Files\Common Files\a?sembly
C:\Program Files\šasks
C:\Program Files\a?sembly
C:\Documents and Settings\Melissa\Application Data\?icrosoft.NET
C:\Documents and Settings\Melissa\Application Data\A?pPatch
C:\Documents and Settings\Melissa\Application Data\?ymbols
C:\Documents and Settings\Melissa\Application Data\S?mantec
C:\Documents and Settings\Melissa\Application Data\ÓppPatch
C:\Documents and Settings\Melissa\Application Data\a?sembly
C:\Documents and Settings\Melissa\Application Data\?ymantec
C:\Documents and Settings\Melissa\Application Data\s?stem32
C:\Documents and Settings\Melissa\Application Data\A?pPatch
C:\Documents and Settings\Melissa\Application Data\s?mbols
C:\Documents and Settings\Melissa\Application Data\s?curity
C:\Documents and Settings\Melissa\Application Data\s?stem
C:\Documents and Settings\Melissa\Application Data\F?nts
C:\Documents and Settings\Melissa\Application Data\?ystem32
C:\Documents and Settings\Melissa\Application Data\?icrosoft.NET
C:\WINDOWS\šasks
C:\WINDOWS\s?mbols
C:\WINDOWS\ÓppPatch
C:\WINDOWS\system32\ÓppPatch
C:\WINDOWS\system32\šasks
C:\WINDOWS\?icrosoft
C:\WINDOWS\system32\s?mbols
C:\WINDOWS\system32\F?nts
C:\WINDOWS\system32\S?mantec
C:\WINDOWS\system32\?ystem
C:\WINDOWS\system32\?ymantec
C:\WINDOWS\system32\s?stem
C:\WINDOWS\system32\A?pPatch
C:\WINDOWS\system32\?racle
C:\WINDOWS\system32\M?crosoft.NET
C:\WINDOWS\system32\šasks


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#10 I Hate computer viruses!!

I Hate computer viruses!!

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 01 June 2008 - 08:06 PM

ComboFix 08-05-29.1 - Melissa 2008-06-01 20:59:49.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.513 [GMT -5:00]
Running from: C:\Documents and Settings\Melissa\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Melissa\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 )))))))))))))))))))))))))))))))
.

2008-06-01 09:10 . 2008-06-01 09:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-01 09:10 . 2008-06-01 09:10 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-01 09:06 . 2008-06-01 09:06 <DIR> d-------- C:\WINDOWS\Cache
2008-06-01 09:06 . 2008-06-01 09:06 <DIR> d-------- C:\Program Files\Coupons
2008-06-01 09:06 . 2008-06-01 09:06 206,168 -ra------ C:\WINDOWS\system32\cpnprt2.cid
2008-05-22 04:51 . 2008-05-29 21:12 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-21 17:20 . 2008-06-01 18:17 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-21 17:20 . 2008-05-21 17:20 <DIR> d-------- C:\Program Files\AVG
2008-05-21 17:20 . 2008-05-21 17:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-21 17:20 . 2008-05-21 17:20 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-21 17:20 . 2008-05-21 17:20 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-19 20:13 . 2008-05-19 20:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-19 20:02 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-19 20:02 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-19 20:02 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-19 20:02 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-19 20:02 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-19 20:02 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-19 20:02 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-19 20:02 . 2008-05-19 20:02 3,702 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-17 17:32 . 2008-05-17 17:32 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\Malwarebytes
2008-05-17 17:32 . 2008-05-17 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-17 17:32 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-17 17:32 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-17 17:31 . 2008-05-17 17:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-17 17:15 . 2008-05-17 17:15 <DIR> d-------- C:\VundoFix Backups
2008-05-17 15:13 . 2008-05-17 15:13 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-17 15:11 . 2008-05-21 17:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-17 15:05 . 2008-05-31 21:26 <DIR> d-------- C:\SDFix
2008-05-17 08:44 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\T?sks
2008-05-17 08:42 . 2008-05-17 08:29 <DIR> d-------- C:\Program Files\Common Files\?ppPatch
2008-05-17 08:42 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET
2008-05-17 08:41 . 2008-05-17 08:30 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\?icrosoft.NET
2008-05-17 08:40 . 2007-08-12 15:33 <DIR> d-------- C:\WINDOWS\AppPatch
2008-05-17 08:40 . 2007-11-20 12:53 <DIR> d---s---- C:\WINDOWS\Tasks
2008-05-17 08:40 . 2008-05-17 08:29 <DIR> d-------- C:\WINDOWS\s?mbols
2008-05-17 08:38 . 2008-05-17 08:38 <DIR> d-------- C:\WINDOWS\system32\?ppPatch
2008-05-17 08:38 . 2008-05-17 08:29 <DIR> d-------- C:\WINDOWS\system32\?asks
2008-05-17 08:38 . 2007-08-12 15:33 <DIR> d-------- C:\WINDOWS\AppPatch
2008-05-17 08:38 . 2008-05-17 08:38 <DIR> d-------- C:\WINDOWS\?icrosoft
2008-05-17 08:38 . 2008-05-17 08:38 <DIR> d-------- C:\Program Files\M?crosoft
2008-05-17 08:38 . 2008-05-17 08:38 <DIR> d-------- C:\Program Files\Common Files\?asks
2008-05-17 08:37 . 2008-05-17 08:34 <DIR> d-------- C:\WINDOWS\system32\s?mbols
2008-05-17 08:36 . 2008-05-17 08:36 <DIR> d-------- C:\WINDOWS\system32\M?crosoft.NET
2008-05-17 08:36 . 2008-02-19 18:18 <DIR> d-------- C:\Program Files\Common Files\System
2008-05-17 08:36 . 2008-05-17 08:36 <DIR> d-------- C:\Program Files\?ymantec
2008-05-17 08:36 . 2008-05-17 08:36 <DIR> d-------- C:\Program Files\?racle
2008-05-17 08:35 . 2008-04-18 16:42 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2008-05-17 08:34 . 2008-05-17 08:34 <DIR> d-------- C:\WINDOWS\system32\s?mbols
2008-05-17 08:34 . 2008-02-19 18:19 <DIR> dr--s---- C:\WINDOWS\Fonts
2008-05-17 08:34 . 2008-04-18 16:43 <DIR> dr--s---- C:\WINDOWS\assembly
2008-05-17 08:34 . 2007-08-12 15:33 <DIR> d-------- C:\WINDOWS\AppPatch
2008-05-17 08:34 . 2008-05-17 08:33 <DIR> d-------- C:\Program Files\Common Files\s?curity
2008-05-17 08:34 . 2008-05-17 08:34 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\A?pPatch
2008-05-17 08:34 . 2008-05-17 08:34 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\?ymbols
2008-05-17 08:34 . 2007-12-21 14:45 <DIR> d---s---- C:\Documents and Settings\Melissa\Application Data\Microsoft
2008-05-17 08:33 . 2008-05-17 08:33 <DIR> d-------- C:\WINDOWS\system32\F?nts
2008-05-17 08:33 . 2008-05-17 08:29 <DIR> d-------- C:\WINDOWS\M?crosoft
2008-05-17 08:33 . 2008-05-17 08:33 <DIR> d-------- C:\Program Files\M?crosoft.NET
2008-05-17 08:33 . 2008-05-17 08:33 <DIR> d-------- C:\Program Files\Common Files\s?curity
2008-05-17 08:33 . 2008-05-17 08:29 <DIR> d-------- C:\Program Files\Common Files\S?mantec
2008-05-17 08:33 . 2008-05-17 08:33 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\S?mantec
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\WINDOWS\system32\S?mantec
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\WINDOWS\system32\?ystem
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\WINDOWS\system32\?ymantec
2008-05-17 08:32 . 2008-05-17 08:29 <DIR> d-------- C:\WINDOWS\system32\s?stem
2008-05-17 08:32 . 2008-05-17 08:28 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2008-05-17 08:32 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\Common Files\F?nts
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\Common Files\A?pPatch
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\Common Files\?icrosoft
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\Common Files\?icrosoft
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\?icrosoft.NET
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\?asks
2008-05-17 08:32 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\s?stem32
2008-05-17 08:32 . 2008-05-17 08:29 <DIR> d-------- C:\Program Files\A?pPatch
2008-05-17 08:32 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\S?mantec
2008-05-17 08:32 . 2008-05-17 08:38 <DIR> d-------- C:\Program Files\M?crosoft
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\a?sembly
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\?ymantec
2008-05-17 08:32 . 2008-05-17 08:29 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\?racle
2008-05-17 08:32 . 2008-05-17 08:32 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\?ppPatch
2008-05-17 08:31 . 2007-11-20 12:53 <DIR> d---s---- C:\WINDOWS\Tasks
2008-05-17 08:31 . 2008-05-17 08:28 <DIR> d-------- C:\WINDOWS\system32\?racle
2008-05-17 08:31 . 2005-11-09 19:16 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-05-17 08:31 . 2008-05-17 08:36 <DIR> d-------- C:\WINDOWS\system32\M?crosoft.NET
2008-05-17 08:31 . 2008-02-19 18:17 <DIR> d-------- C:\WINDOWS\system
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\s?stem32
2008-05-17 08:31 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\F?nts
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\Common Files\W?nSxS
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\Common Files\T?sks
2008-05-17 08:31 . 2008-02-19 18:18 <DIR> d-------- C:\Program Files\Common Files\System
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\Common Files\M?crosoft.NET
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\Common Files\M?crosoft
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\Common Files\?ymbols
2008-05-17 08:31 . 2008-05-17 20:21 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-17 08:31 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\Common Files\A?pPatch
2008-05-17 08:31 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\Common Files\s?mbols
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\?icrosoft
2008-05-17 08:31 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\s?stem
2008-05-17 08:31 . 2008-05-17 08:29 <DIR> d-------- C:\Program Files\A?pPatch
2008-05-17 08:31 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\s?curity
2008-05-17 08:31 . 2008-05-17 08:31 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\s?stem32
2008-05-17 08:31 . 2007-12-21 14:45 <DIR> d---s---- C:\Documents and Settings\Melissa\Application Data\Microsoft
2008-05-17 08:31 . 2007-09-01 15:36 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\Adobe
2008-05-17 08:31 . 2008-05-17 08:34 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\A?pPatch
2008-05-17 08:31 . 2008-05-17 08:29 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\s?mbols
2008-05-17 08:31 . 2008-05-17 08:30 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\s?curity
2008-05-17 08:30 . 2008-05-17 08:30 <DIR> d-------- C:\Program Files\W?nSxS
2008-05-17 08:30 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\Common Files\?racle
2008-05-17 08:30 . 2008-05-17 08:38 <DIR> d-------- C:\Program Files\Common Files\?asks
2008-05-17 08:30 . 2008-05-17 08:29 <DIR> d-------- C:\Program Files\Common Files\a?sembly
2008-05-17 08:30 . 2008-05-17 08:31 <DIR> d-------- C:\Program Files\Common Files\M?crosoft
2008-05-17 08:30 . 2007-09-30 12:58 <DIR> d-------- C:\Program Files\Adobe
2008-05-17 08:30 . 2007-09-30 12:58 <DIR> d-------- C:\Program Files\Adobe
2008-05-17 08:30 . 2008-05-17 08:32 <DIR> d-------- C:\Program Files\?asks
2008-05-17 08:30 . 2008-05-17 08:28 <DIR> d-------- C:\Program Files\a?sembly
2008-05-17 08:30 . 2008-05-17 08:33 <DIR> d-------- C:\Program Files\M?crosoft.NET
2008-05-17 08:30 . 2008-05-17 08:30 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\s?stem
2008-05-17 08:30 . 2008-05-17 08:30 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\s?curity
2008-05-17 08:30 . 2008-05-17 08:30 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\F?nts
2008-05-17 08:30 . 2008-05-17 08:30 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\?ystem32
2008-05-17 08:30 . 2008-05-17 08:30 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\?icrosoft.NET
2008-05-17 08:30 . 2008-05-17 08:31 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\s?stem32
2008-05-17 08:30 . 2008-05-17 08:33 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\S?mantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 00:27 7,700 ----a-w C:\WINDOWS\tn5250.tmp
2008-05-30 01:49 101 ----a-w C:\Documents and Settings\Melissa\Application Data\ftpfile.dat
2008-05-24 22:30 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-24 22:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-22 12:15 --------- d-----w C:\Documents and Settings\Melissa\Application Data\Iomega Automatic Backup Pro
2008-05-20 02:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-20 01:27 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-18 01:35 --------- d-----w C:\Program Files\LimeWire
2008-05-18 01:33 --------- d-----w C:\Program Files\iPod
2008-05-18 01:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 01:30 --------- d-----w C:\Program Files\EPSON
2008-05-18 01:29 --------- d-----w C:\Program Files\CoffeeCup Software
2008-05-18 01:21 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-18 01:20 --------- d-----w C:\Documents and Settings\Melissa\Application Data\AdobeUM
2008-05-18 01:10 --------- d-----w C:\Documents and Settings\Melissa\Application Data\Photodex
2008-05-17 19:55 --------- d-----w C:\Program Files\Image RollNow!
2008-05-17 19:54 --------- d-----w C:\Program Files\Java
2008-04-19 14:53 --------- d-----w C:\Program Files\gossiper
2008-04-19 14:53 --------- d-----w C:\Program Files\Conduit
2008-04-19 14:50 --------- d-----w C:\Program Files\Vectorian Giotto
2008-04-18 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-18 21:48 --------- d-----w C:\Program Files\Sonic
2008-04-18 21:48 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-04-14 02:03 --------- d-----w C:\Documents and Settings\Melissa\Application Data\VIP Torrent
2008-04-14 01:59 --------- d-----w C:\Program Files\VIP Torrent
2008-04-09 13:13 --------- d-----w C:\Program Files\GE
2008-04-05 18:33 --------- d-----w C:\Program Files\SecondLife
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-05 21:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 21:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 21:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 20:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 20:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2007-01-06 18:54 13 ---h--w C:\Documents and Settings\All Users\Application Data\┘Ţ├─3113Ť.sys
2006-08-05 13:35 13 ---h--w C:\Documents and Settings\All Users\Application Data\Ţ┘├─3113Ť.sys
2005-11-21 23:40 13 ---h--w C:\Documents and Settings\All Users\Application Data\Ţ├─3113Ť.sys
2005-11-10 00:45 56 ----a-w C:\Program Files\Common Files\appop.log
2006-01-01 17:10 56 --sh--r C:\WINDOWS\system32\C48DA935BD.sys
2006-01-01 17:11 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iomega Automatic Backup Pro"="C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" [2005-03-03 19:55 18964480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ipTray.exe"="C:\Program Files\Intel\IDU\iptray.exe" [2005-04-29 21:06 1267200]
"awTray.exe"="C:\Program Files\Intel\IDU\awtray.exe" [2005-03-11 03:35 1910784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 09:30 7110656]
"nwiz"="nwiz.exe" [2005-08-02 09:30 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-08-02 09:30 86016]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-04 15:03 188416]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-04-04 15:01 335872]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-04-04 15:04 49152]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2005-04-08 20:37 7081984]
"HPHUPD08"="C:\Program Files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 11:35 49152]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"WheelMouse"="C:\Program Files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe" [2007-02-27 12:30 184320]
"RegistryMechanic"="" []
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-21 17:20 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-07 00:06 5181440]

C:\Documents and Settings\Melissa\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 20:55:40 18432]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54 65588]
Program Neighborhood Agent.lnk - C:\Program Files\Citrix\ICA Client\pnagent.exe [2006-05-02 18:22:30 233744]
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\CineTray.exe [2006-07-25 02:01:00 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\CoffeeCup Software\\VisualSite Designer\\VisualSite Designer.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\CoffeeCup Software\\CoffeeCup Visual Site Designer\\vsd.exe"=
"C:\\Program Files\\JAlbumWin\\JAlbumWin.exe"=
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:IDU Service UDP Port
"2804:TCP"= 2804:TCP:IDU Service TCP Port
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"45688:TCP"= 45688:TCP:LImewire
"45688:UDP"= 45688:UDP:limewire

R0 IABFilt;Iomega Snapshot Volume Filter;C:\WINDOWS\system32\DRIVERS\IABFilt.sys [2005-03-03 13:23]
R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\drivers\ivicd.sys [2005-01-12 07:29]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-21 17:20]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-21 17:20]
R2 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-03-28 03:34]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 06:07]
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 20:55]
S3 iviudf;iviudf;C:\WINDOWS\system32\drivers\IviUdf.sys [2005-01-12 21:28]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 07:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

.
Contents of the 'Scheduled Tasks' folder
"2008-05-30 00:51:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-02 02:05:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 21:03:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Iomega Automatic Backup Pro = "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s?????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\Amhooker.dll
.
Completion time: 2008-06-01 21:05:16
ComboFix-quarantined-files.txt 2008-06-02 02:05:05
ComboFix2.txt 2008-06-01 22:27:03
ComboFix3.txt 2008-06-01 13:59:01

Pre-Run: 104,829,583,360 bytes free
Post-Run: 104,855,642,112 bytes free

283 --- E O F --- 2008-05-17 08:01:37



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:26 PM, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\IDU\IDUServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\Program Files\Intel\IDU\awtray.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [awTray.exe] "C:\Program Files\Intel\IDU\awtray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinn...am/skillgam.cab
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g...ds_2_0_0_71.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.co...ALStreaming.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howu...nload/appdl.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g...ds_2_0_0_24.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.../ax/adwerkz.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink...xp/CheckDVD.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinn...jattack/bja.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1191586757765
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cherrytap.com...geUploader4.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://aolsvc.aol.co...mesLauncher.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/...ewer/isetup.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinn...v46/sol/sol.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.betterpho...geUploader3.cab
O16 - DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} (Matn5250 Control) - http://www.daytonfre...ha/matn5250.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://hutchence.arm...timage40803.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.co...ic/SimCityX.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.co...gamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.co...yScapeTeleX.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.co...NetOpPlugin.ocx
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.co...snmusax4227.cab
O16 - DPF: {F89EF74A-956B-4BD3-A066-4F23DF891982} (Drag and Drop Uploader Control) - http://www.betterpho...opUploader2.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

--
End of file - 12458 bytes

#11 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 02 June 2008 - 07:06 AM

Hi,
It doesn't appear that last script ran properly. I double checked it and it looks ok. I wonder if the top line...

Folder::

...got cut off. Can you run it again and make sure everything is there? Thanks and post a new log when done.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#12 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 11 June 2008 - 08:25 AM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users