Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please Help with HIJACK Log [Solved]


  • This topic is locked This topic is locked

#1
Lorelle

Lorelle

    Member

  • Member
  • PipPip
  • 11 posts
I have created this hijack log ....I am unable to access any MS website or other antivirus sites....very frustrated!! any help would be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:05 PM, on 9/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FOG\FOGService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FOG\FOGTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = ?
O4 - Global Startup: FOGTray.exe.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ScanSnap Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1247848925828
O16 - DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} (Nafi Class) - file:///C:/Documents%20and%20Settings/DYS%20Administrator/My%20Documents/Downloads/SimpleShare_NASFinder/NASFinder-050809/html/nafcom.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: FOG Service (Fog Service) - FOG - C:\Program Files\FOG\FOGService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1ca2a3f39db6ece) (gupdate1ca2a3f39db6ece) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8341 bytes
  • 0

Advertisements


#2
Perplexus

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Hello and welcome to Geeks To Go!:)

My name is Perplexus and I will be helping you fix your computer problem.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate, so stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Before we proceed to clean your computer from malware there are some points you should consider that will make the process go smoother:
  • To make sure that you receive an email when this topic is updated, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
  • Before beginning the fix, read this post completely. If there's anything that you do not understand, please ask your questions before proceeding as you may temporarily be disconnected from the internet. No question is considered dumb here. It's better to be safe than sorry!
  • Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.
  • It is IMPORTANT that you do not miss a step & perform everything in the correct order/sequence.
  • Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested, as it can be very dangerous and cause harm to your system.
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
---------------------------------------------------------------------------------------------

------------------
Step 1:
------------------

  • Download OTL by OldTimer to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

------------------
Step 2:
------------------

Download RootRepeal from one of the following locations:Unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

------------------
Step 3:
------------------

Please post back with the following:
  • Any other symptoms you might be having
  • OTL.Txt
  • Extras.txt
  • RootRepeal.txt

  • 0

#3
Lorelle

Lorelle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here are copies of the two OTL files

OTL logfile created on: 9/21/2009 10:59:38 AM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\DYS Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.95 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 73.57% Memory free
3.80 Gb Paging File | 3.41 Gb Available in Paging File | 89.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.33 Gb Total Space | 59.33 Gb Free Space | 82.03% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.12 Gb Free Space | 55.79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 982.05 Mb Total Space | 914.45 Mb Free Space | 93.12% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: L-097-DYSLOANER
Current User Name: DYS Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)
PRC - c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\FOG\FOGService.exe (FOG)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
PRC - C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)
PRC - C:\WINDOWS\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\StorageSync\StrgSync.exe ()
PRC - C:\Program Files\FOG\FOGTray.exe ()
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\DYS Administrator\My Documents\Downloads\OTL(2).exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Credential Vault Host Control Service [Auto | Running]) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV - (Credential Vault Host Storage [Auto | Running]) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV - (Fog Service [Auto | Running]) -- C:\Program Files\FOG\FOGService.exe (FOG)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (getPlus® Helper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (gupdate1ca2a3f39db6ece [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (HPSLPSVC [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Stopped]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (STacSV [Auto | Running]) -- c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe (IDT, Inc.)
SRV - (wltrysvc [Auto | Stopped]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (xvbkkkkpt [Auto | Stopped]) -- C:\WINDOWS\System32\hzsjzy.dll ()

========== Driver Services (SafeList) ==========

DRV - (AESTAud [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (cvusbdrv [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (e1yexpress [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e1y5132.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (iastor [Boot | Running]) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
DRV - (IntcHdmiAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (NuidFltr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV - (OA001Afx [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\OA001Afx.sys (Creative Technology Ltd.)
DRV - (OA001Ufd [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\OA001Ufd.sys (Creative Technology Ltd.)
DRV - (OA001Vid [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\OA001Vid.sys (Creative Technology Ltd.)
DRV - (PBADRV [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (rimmptsk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\rimmptsk.sys (REDC)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\sthda.sys (IDT, Inc.)
DRV - (StillCam [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (USBCCID [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\usbccid.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}:3.1.6.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/17 11:01:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/26 15:26:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/14 08:56:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/14 08:56:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/26 07:47:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/07/30 10:32:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DYS Administrator\Application Data\mozilla\Extensions
[2009/07/30 10:32:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DYS Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/20 15:59:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DYS Administrator\Application Data\mozilla\Firefox\Profiles\wo568rxg.default\extensions
[2009/07/30 10:40:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DYS Administrator\Application Data\mozilla\Firefox\Profiles\wo568rxg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/23 14:22:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DYS Administrator\Application Data\mozilla\Firefox\Profiles\wo568rxg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/30 14:36:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DYS Administrator\Application Data\mozilla\Firefox\Profiles\wo568rxg.default\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}
[2009/06/16 10:22:26 | 00,002,463 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Application Data\Mozilla\FireFox\Profiles\wo568rxg.default\searchplugins\diigo--google.xml
[2009/09/20 15:59:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/14 08:56:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/26 15:26:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/09/02 20:45:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/14 08:56:27 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/14 08:56:27 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/14 08:56:29 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 22:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/02/27 15:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/08/28 12:58:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/08/28 12:58:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/08/28 12:58:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/08/28 12:58:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/08/28 12:58:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/08/28 12:58:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/08/28 12:58:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/14 17:37:10 | 00,032,456 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/07/15 14:10:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/15 14:10:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/15 14:10:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/15 14:10:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/15 14:10:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/15 14:10:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/15 14:10:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk = C:\Program Files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FOGTray.exe.lnk = C:\WINDOWS\Installer\{51250BB7-F5E5-4A3C-B322-A9D2899C18BD}\_C25BE279FDDD602A651DDD.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk = C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1247848925828 (MUWebControl Class)
O16 - DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} file:///C:/Documents%20and%20Settings/DYS%20Administrator/My%20Documents/Downloads/SimpleShare_NASFinder/NASFinder-050809/html/nafcom.cab (Nafi Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/15 11:46:51 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/03/21 10:06:58 | 00,059,288 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\DYS Administrator\Desktop\*.tmp files]
[2009/09/21 10:55:55 | 00,018,432 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\My Documents\prgrams ABC.xls
[2009/09/21 10:51:31 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/09/21 07:49:17 | 00,198,656 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\Computer Inventory Sheets.xls
[2009/09/20 17:44:49 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/20 17:44:49 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/09/20 17:44:49 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/09/20 17:44:49 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/09/20 17:44:49 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/09/20 17:44:49 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/09/20 17:44:49 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/20 17:44:49 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/09/20 17:44:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/20 17:44:44 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/09/20 17:44:27 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/20 17:08:05 | 00,008,342 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\My Documents\hijackthis1
[2009/09/20 17:07:18 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\HijackThis.lnk
[2009/09/20 17:07:18 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/20 16:53:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DYS Administrator\Desktop\support-rma-request-form_files
[2009/09/20 16:53:12 | 00,013,302 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\support-rma-request-form.htm
[2009/09/20 15:46:32 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\Oct 27 menu day write up 2.doc
[2009/09/20 15:38:24 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\Oct 27 menu day write up 1.doc
[2009/09/20 11:03:15 | 00,200,019 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\My Documents\OCT 1 brochure.pdf
[2009/09/18 15:13:41 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\My Documents\Computer Basics 1.doc
[2009/09/18 08:27:07 | 00,142,848 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\My Documents\United Streaming Pass Code.doc
[2009/09/15 18:14:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DYS Administrator\My Documents\How to's
[2009/09/14 17:27:25 | 00,000,527 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StorageSync.lnk
[2009/09/14 17:27:12 | 00,000,000 | ---D | C] -- C:\Program Files\StorageSync
[2009/09/14 17:20:43 | 00,000,000 | ---D | C] -- C:\Win98 Driver
[2009/09/14 15:10:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/09/14 13:08:34 | 06,806,528 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\My Documents\ALEKS TRAINING HEC DYS 102208.ppt
[2009/09/14 12:38:23 | 00,073,728 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\My Documents\X2 Staff Lookup.doc
[2009/09/14 11:48:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DYS Administrator\My Documents\Coaching from Kansas state
[2009/09/14 11:41:00 | 00,086,370 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\ARTEn Computer Lab.pdf
[2009/09/14 10:29:11 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\Oct 27 menu day write up blank.doc
[2009/09/14 10:27:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DYS Administrator\My Documents\SIOP Lesson Plans
[2009/09/11 17:49:36 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\My Documents\RM Education Board meeting Sponsor.doc
[2009/09/11 07:42:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DYS Administrator\Desktop\masscue september 09
[2009/09/09 09:56:11 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\RFP for media technologies.doc
[2009/09/09 09:17:17 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\RFP.doc
[2009/09/09 08:54:21 | 00,013,041 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\summer recording for HEC.xlsx
[2009/09/09 08:18:13 | 00,035,840 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\Professional Development Plan Information-2.doc
[2009/09/08 20:31:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DYS Administrator\Application Data\AVG8
[2009/09/08 10:56:57 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\Professional Development Plan Information.doc
[2009/09/08 10:37:50 | 00,037,888 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\Administrative Assistant to Technology.doc
[2009/09/08 10:27:21 | 00,094,208 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\Rubric_for_Effective_Pedagogy_4 shirley.doc
[2009/09/08 10:27:21 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\~$bric_for_Effective_Pedagogy_4 shirley.doc
[2009/09/08 09:37:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DYS Administrator\Desktop\Reading Program words
[2009/09/03 10:11:48 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\DYS Administrator\My Documents\Default.rdp
[2009/09/03 09:51:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DYS Administrator\My Documents\Expense Report
[2009/09/03 09:37:03 | 00,290,304 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\HEC Favorites printed 109.xls
[2009/09/03 09:28:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DYS Administrator\Desktop\2008 - 2009 HEC Personal
[2009/09/03 08:15:02 | 00,174,592 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\My Documents\speech lessons-1.doc
[2009/09/02 20:45:45 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/02 20:45:45 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/09/02 20:45:45 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/09/02 08:41:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DYS Administrator\Application Data\U3
[2009/09/02 08:09:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DYS Administrator\Desktop\Volleyball
[2009/08/31 12:54:48 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/08/31 12:54:44 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2009/08/31 12:54:44 | 00,023,400 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2009/08/31 12:54:32 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/08/31 12:54:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/08/31 12:54:28 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/08/31 12:54:20 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/08/31 12:54:15 | 02,060,288 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2009/08/31 12:54:15 | 00,039,424 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\drivers\usbaapl.sys
[2009/08/31 12:54:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/08/31 12:51:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DYS Administrator\My Documents\IPOD in classroom
[2009/08/31 09:42:58 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/08/31 09:42:58 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/31 09:31:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DYS Administrator\Application Data\Google
[2009/08/31 09:31:04 | 00,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/08/31 09:30:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DYS Administrator\Local Settings\Application Data\Google
[2009/08/31 09:29:36 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/08/31 09:29:36 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/08/31 09:29:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/08/31 09:17:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/08/31 09:14:35 | 00,315,604 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\Jennings_Diigo.pdf
[2009/08/31 09:06:01 | 00,220,672 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\Jothen_slamdunk_template.ppt
[2009/08/31 09:03:18 | 00,029,364 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\LIbrary congress handout.pdf
[2009/08/29 09:29:22 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\DYS Education Initiative.doc
[2009/08/28 16:58:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/08/28 12:55:28 | 00,105,462 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\Audacity.pdf
[2009/08/28 11:48:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DYS Administrator\Desktop\RedSox
[2009/08/28 11:22:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DYS Administrator\My Documents\RedSox pics
[2009/08/28 11:20:12 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\My Documents\good websites.doc
[2009/08/28 08:37:32 | 00,000,000 | ---D | C] -- C:\Program Files\Photo Story 3 for Windows
[2009/08/28 08:30:22 | 00,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/08/28 08:30:06 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009/08/27 15:31:19 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\ROBERT DYKES.doc
[2009/08/27 10:34:40 | 00,093,696 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\My Documents\ltr to Sept 1 faciliators.doc
[2009/08/27 09:36:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/08/27 09:15:40 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009/08/27 08:02:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DYS Administrator\My Documents\Digital Story Telling
[2009/08/27 07:59:19 | 00,030,785 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\Stinger_ExcitetoWriteStoryboard.pdf
[2009/08/27 07:59:07 | 00,265,486 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\Stinger_ExcitetoWriteHandouts.pdf
[2009/08/27 07:57:51 | 00,091,801 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\Stinger_Biography.pdf
[2009/08/27 07:56:28 | 01,603,775 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\Taylor_MyVoiceMyWorldNECC09handout.pdf
[2009/08/27 07:41:25 | 00,047,766 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\kennedy and butternut.jpg
[2009/08/26 15:26:42 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/26 15:26:42 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/26 15:26:29 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/08/26 15:25:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DYS Administrator\Application Data\Sun
[2009/08/26 13:06:53 | 00,843,264 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\My Documents\Great Websites.ppt
[2009/08/26 11:42:22 | 00,012,091 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\rick letter.docx
[2009/08/26 11:34:37 | 00,012,091 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\June 22.docx
[2009/08/26 11:23:56 | 00,063,186 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\8-26-2009 11-23-56 AM.png
[2009/08/26 08:10:03 | 00,003,767 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\n595137469_1048661_2323.jpg
[2009/08/26 07:47:40 | 00,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2009/08/25 18:16:25 | 00,087,552 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\My Documents\Rubric_for_Effective_Pedagogy_3_coaches.doc
[2009/08/24 19:09:15 | 00,034,067 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\Desktop\voicemail
[2009/08/24 11:37:04 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2009/08/24 11:37:04 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2009/08/24 09:41:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DYS Administrator\Desktop\New Folder
[2009/08/23 19:50:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/08/23 19:22:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DYS Administrator\Local Settings\Application Data\WMTools Downloaded Files
[2009/08/23 15:37:07 | 00,164,352 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\My Documents\presentation_template.ppt
[2009/08/23 14:25:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DYS Administrator\Desktop\get_video.mpr
[2009/08/23 14:13:46 | 00,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FLV Player.lnk
[2009/08/23 14:13:46 | 00,000,000 | ---D | C] -- C:\Program Files\FLV Player
[2009/08/23 11:53:50 | 02,696,192 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\My Documents\Intro to Moodle.ppt
[2009/08/23 10:53:02 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/08/23 10:30:32 | 04,558,848 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\My Documents\introductiontomoodle-090514210638-phpapp02.ppt
[2009/08/23 10:30:23 | 01,714,176 | ---- | C] () -- C:\Documents and Settings\DYS Administrator\My Documents\presentation19en-1211420618664815-9.ppt
[2009/08/20 13:15:44 | 00,000,161 | ---- | C] () -- C:\WINDOWS\DISPARAM.INI
[2009/08/13 12:46:06 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/07/17 10:45:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/16 18:02:12 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/07/16 17:47:28 | 00,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/07/16 17:47:28 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/07/16 17:42:39 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4980.dll
[2009/07/16 17:36:52 | 00,279,888 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
[2009/07/16 17:34:52 | 00,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/04/14 08:00:00 | 00,162,155 | RHS- | C] () -- C:\WINDOWS\System32\hzsjzy.dll
[2008/04/14 08:00:00 | 00,000,638 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/04/14 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/06/30 15:58:44 | 00,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 15:58:44 | 00,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\DYS Administrator\Desktop\*.tmp files]
[2009/09/21 11:00:00 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EB5C220C-E74F-4BD5-B518-93817EF361CF}.job
[2009/09/21 10:55:55 | 00,018,432 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\My Documents\prgrams ABC.xls
[2009/09/21 10:47:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/21 09:47:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/21 09:08:14 | 00,198,656 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\Computer Inventory Sheets.xls
[2009/09/21 07:47:13 | 00,002,209 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FOGTray.exe.lnk
[2009/09/21 07:47:13 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/20 17:52:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/20 17:50:52 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/20 17:08:05 | 00,008,342 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\My Documents\hijackthis1
[2009/09/20 17:07:18 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\HijackThis.lnk
[2009/09/20 17:06:09 | 00,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/20 17:06:09 | 00,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/20 17:06:09 | 00,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/20 17:00:32 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/09/20 17:00:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/20 16:58:12 | 00,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/20 16:53:14 | 00,013,302 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\support-rma-request-form.htm
[2009/09/20 15:55:27 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\Oct 27 menu day write up 2.doc
[2009/09/20 15:38:25 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\Oct 27 menu day write up 1.doc
[2009/09/20 11:03:15 | 00,200,019 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\My Documents\OCT 1 brochure.pdf
[2009/09/18 15:13:41 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\My Documents\Computer Basics 1.doc
[2009/09/18 08:27:08 | 00,142,848 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\My Documents\United Streaming Pass Code.doc
[2009/09/14 17:27:25 | 00,000,527 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StorageSync.lnk
[2009/09/14 13:08:35 | 06,806,528 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\My Documents\ALEKS TRAINING HEC DYS 102208.ppt
[2009/09/14 12:38:24 | 00,073,728 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\My Documents\X2 Staff Lookup.doc
[2009/09/14 11:41:00 | 00,086,370 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\ARTEn Computer Lab.pdf
[2009/09/14 10:29:11 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\Oct 27 menu day write up blank.doc
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/11 17:49:36 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\My Documents\RM Education Board meeting Sponsor.doc
[2009/09/09 09:56:11 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\RFP for media technologies.doc
[2009/09/09 09:17:18 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\RFP.doc
[2009/09/09 08:54:22 | 00,013,041 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\summer recording for HEC.xlsx
[2009/09/09 08:18:13 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\Professional Development Plan Information-2.doc
[2009/09/08 14:54:02 | 00,094,208 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\Rubric_for_Effective_Pedagogy_4 shirley.doc
[2009/09/08 10:56:57 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\Professional Development Plan Information.doc
[2009/09/08 10:37:50 | 00,037,888 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\Administrative Assistant to Technology.doc
[2009/09/08 10:29:12 | 00,087,552 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\My Documents\Rubric_for_Effective_Pedagogy_3_coaches.doc
[2009/09/08 10:27:21 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\~$bric_for_Effective_Pedagogy_4 shirley.doc
[2009/09/03 10:11:48 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\DYS Administrator\My Documents\Default.rdp
[2009/09/03 08:15:02 | 00,174,592 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\My Documents\speech lessons-1.doc
[2009/08/31 22:32:02 | 00,843,264 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\My Documents\Great Websites.ppt
[2009/08/31 12:54:48 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/08/31 09:31:04 | 00,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/08/31 09:14:35 | 00,315,604 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\Jennings_Diigo.pdf
[2009/08/31 09:06:01 | 00,220,672 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\Jothen_slamdunk_template.ppt
[2009/08/31 09:03:18 | 00,029,364 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\LIbrary congress handout.pdf
[2009/08/29 09:29:22 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\DYS Education Initiative.doc
[2009/08/28 15:32:57 | 00,007,680 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/28 15:06:22 | 00,180,057 | ---- | M] () -- C:\WINDOWS\hpwins14.dat
[2009/08/28 15:05:36 | 00,000,638 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/28 12:55:28 | 00,105,462 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\Audacity.pdf
[2009/08/28 11:20:13 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\My Documents\good websites.doc
[2009/08/28 08:30:14 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/28 08:30:13 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/08/28 08:30:13 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/08/28 08:29:15 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
[2009/08/27 15:31:20 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\ROBERT DYKES.doc
[2009/08/27 10:34:41 | 00,093,696 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\My Documents\ltr to Sept 1 faciliators.doc
[2009/08/27 07:59:19 | 00,030,785 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\Stinger_ExcitetoWriteStoryboard.pdf
[2009/08/27 07:59:07 | 00,265,486 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\Stinger_ExcitetoWriteHandouts.pdf
[2009/08/27 07:57:51 | 00,091,801 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\Stinger_Biography.pdf
[2009/08/27 07:56:28 | 01,603,775 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\Taylor_MyVoiceMyWorldNECC09handout.pdf
[2009/08/27 07:41:25 | 00,047,766 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\kennedy and butternut.jpg
[2009/08/26 12:05:23 | 00,012,091 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\rick letter.docx
[2009/08/26 11:40:28 | 00,012,091 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\June 22.docx
[2009/08/26 11:24:13 | 00,063,186 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\8-26-2009 11-23-56 AM.png
[2009/08/26 08:10:03 | 00,003,767 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\n595137469_1048661_2323.jpg
[2009/08/26 07:47:40 | 00,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2009/08/24 19:09:15 | 00,034,067 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\Desktop\voicemail
[2009/08/24 17:57:44 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/08/23 19:37:22 | 02,696,192 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\My Documents\Intro to Moodle.ppt
[2009/08/23 15:37:07 | 00,164,352 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\My Documents\presentation_template.ppt
[2009/08/23 14:13:46 | 00,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FLV Player.lnk
[2009/08/23 10:53:02 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/08/23 10:30:32 | 04,558,848 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\My Documents\introductiontomoodle-090514210638-phpapp02.ppt
[2009/08/23 10:30:23 | 01,714,176 | ---- | M] () -- C:\Documents and Settings\DYS Administrator\My Documents\presentation19en-1211420618664815-9.ppt
< End of report >

OTL Extras logfile created on: 9/21/2009 10:59:38 AM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\DYS Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.95 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 73.57% Memory free
3.80 Gb Paging File | 3.41 Gb Available in Paging File | 89.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.33 Gb Total Space | 59.33 Gb Free Space | 82.03% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.12 Gb Free Space | 55.79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 982.05 Mb Total Space | 914.45 Mb Free Space | 93.12% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: L-097-DYSLOANER
Current User Name: DYS Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3194:TCP" = 3194:TCP:*:Enabled:xheaomi

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\Photo Story 3 for Windows\PhotoStory3.exe" = C:\Program Files\Photo Story 3 for Windows\PhotoStory3.exe:*:Enabled:Photo Story 3 for Windows -- (Microsoft Corp.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 15
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{4994A7CB-2BF4-4664-8FCE-DB66055ECEBC}" = Broadcom USH Host Components
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{51250BB7-F5E5-4A3C-B322-A9D2899C18BD}" = FOG Service
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Ver.3.53.02
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DCF7BBA-39A9-4e27-9154-F57BCED90CBF}" = HP Officejet J6400 Series
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer
"{E9BE42A2-6815-42BC-82A9-A60401ABD417}" = ScanSnap Organizer
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F20A984B-9B30-4A9E-A3AC-918AF0D85A48}" = Snagit 9.1.1
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Creative OA001" = Integrated Webcam Driver (1.03.02.0919)
"FLV Player" = FLV Player 2.0 (build 25)
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROSet" = Intel® Network Connections Drivers
"StorageSync" = StorageSync Backup Software
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/8/2009 9:50:16 AM | Computer Name = L-097-DYSLOANER | Source = Google Update | ID = 20
Description =

Error - 9/11/2009 3:49:54 PM | Computer Name = L-097-DYSLOANER | Source = Google Update | ID = 20
Description =

Error - 9/11/2009 4:50:02 PM | Computer Name = L-097-DYSLOANER | Source = Google Update | ID = 20
Description =

Error - 9/14/2009 1:03:54 PM | Computer Name = L-097-DYSLOANER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 9/15/2009 7:58:05 PM | Computer Name = L-097-DYSLOANER | Source = Application Error | ID = 1000
Description = Faulting application hpqste08.exe, version 100.0.175.0, faulting module
HPZidr12.dll, version 12.1.1.54, fault address 0x000075a2.

Error - 9/20/2009 5:47:09 PM | Computer Name = L-097-DYSLOANER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 9/20/2009 5:47:09 PM | Computer Name = L-097-DYSLOANER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/20/2009 5:47:09 PM | Computer Name = L-097-DYSLOANER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/21/2009 7:47:05 AM | Computer Name = L-097-DYSLOANER | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 9/20/2009 5:45:45 PM | Computer Name = L-097-DYSLOANER | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/20/2009 5:47:11 PM | Computer Name = L-097-DYSLOANER | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/20/2009 5:47:12 PM | Computer Name = L-097-DYSLOANER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 9/20/2009 5:50:47 PM | Computer Name = L-097-DYSLOANER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 9/21/2009 7:46:43 AM | Computer Name = L-097-DYSLOANER | Source = SCardSvr | ID = 610
Description = Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL
GET_STATE: The device has been removed.

Error - 9/21/2009 7:47:12 AM | Computer Name = L-097-DYSLOANER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 9/21/2009 7:47:12 AM | Computer Name = L-097-DYSLOANER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 9/21/2009 9:42:07 AM | Computer Name = L-097-DYSLOANER | Source = Print | ID = 6161
Description = The document Untitled - Notepad owned by DYS Administrator failed
to print on printer HP Officejet J6400 series. Data type: NT EMF 1.008. Size of
the spool file in bytes: 9532. Number of bytes printed: 0. Total number of pages
in the document: 3. Number of pages printed: 0. Client machine: \\L-097-DYSLOANER.
Win32 error code returned by the print processor: 6 (0x6).

Error - 9/21/2009 9:47:00 AM | Computer Name = L-097-DYSLOANER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 9/21/2009 9:59:01 AM | Computer Name = L-097-DYSLOANER | Source = Print | ID = 6161
Description = The document Untitled - Notepad owned by DYS Administrator failed
to print on printer HP Officejet J6400 series. Data type: NT EMF 1.008. Size of
the spool file in bytes: 65536. Number of bytes printed: 0. Total number of pages
in the document: 3. Number of pages printed: 0. Client machine: \\L-097-DYSLOANER.
Win32 error code returned by the print processor: 6 (0x6).


< End of report >
  • 0

#4
Perplexus

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
I see you've ran ComboFix as well. This is a very dangerous program and should not be run without trained supervision.

Please post the C:\ComboFix.txt log for my review.
  • 0

#5
Lorelle

Lorelle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Both RootRepeal and Combofix logs attached. Thank you in advance for your help.

Attached Files


  • 0

#6
Perplexus

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Please post them instead of attaching them.
  • 0

#7
Lorelle

Lorelle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Boot Repeal Log

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/21 11:10
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\DOCUME~1\DYSADM~1\LOCALS~1\Temp\catchme.sys
Address: 0xBA440000 Size: 31744 File Visible: No Signed: -
Status: -

Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0x9E5A8000 Size: 851968 File Visible: No Signed: -
Status: -

Name: PROCEXP90.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Address: 0xBA5CC000 Size: 6464 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9E1D6000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\Temp\HPSLPS173.log
Status: Locked to the Windows API!

Path: c:\documents and settings\dys administrator\application data\skype\lallessio\etilqs_cylteibq0gq9sb0o2q5e
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\dys administrator\application data\skype\lallessio\etilqs_tlo79agtumjemzffzilq
Status: Allocation size mismatch (API: 16384, Raw: 0)

==EOF==

Attached Files


  • 0

#8
Perplexus

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Please post the ComboFix log please. Do not attach it.
  • 0

#9
Lorelle

Lorelle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Combo fix log

ComboFix 09-09-18.02 - DYS Administrator 09/20/2009 17:47.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2000.1518 [GMT -4:00]
Running from: c:\documents and settings\DYS Administrator\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\jestertb.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 )))))))))))))))))))))))))))))))
.

2009-09-20 21:07 . 2009-09-20 21:07 -------- d-----w- c:\program files\Trend Micro
2009-09-14 21:27 . 2009-09-14 21:27 -------- d-----w- c:\program files\StorageSync
2009-09-14 21:20 . 2009-09-14 21:20 -------- d-----w- C:\Win98 Driver
2009-09-14 19:10 . 2009-09-20 20:32 -------- d-----w- c:\windows\system32\NtmsData
2009-09-09 00:31 . 2009-09-09 00:31 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\AVG8
2009-09-02 12:41 . 2009-09-02 12:41 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\U3
2009-08-31 16:54 . 2009-03-19 20:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-31 16:54 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-08-31 16:54 . 2009-08-31 16:54 -------- d-----w- c:\program files\iPod
2009-08-31 16:54 . 2009-08-31 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-31 16:54 . 2009-08-31 16:54 -------- d-----w- c:\program files\iTunes
2009-08-31 16:54 . 2009-08-31 16:54 -------- d-----w- c:\program files\Bonjour
2009-08-31 16:54 . 2009-07-09 16:16 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-31 16:54 . 2009-07-09 16:16 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-31 16:54 . 2009-08-31 16:54 -------- d-----w- c:\program files\Common Files\Apple
2009-08-31 13:47 . 2009-08-31 13:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-08-31 13:30 . 2009-08-31 13:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-08-31 13:30 . 2009-08-31 13:30 -------- d-----w- c:\documents and settings\DYS Administrator\Local Settings\Application Data\Google
2009-08-31 13:29 . 2009-08-31 13:30 -------- d-----w- c:\program files\Google
2009-08-31 13:29 . 2009-08-31 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-31 13:17 . 2009-08-31 13:19 -------- d-----w- c:\windows\system32\Adobe
2009-08-28 20:58 . 2009-08-28 20:58 -------- d-----w- c:\windows\Sun
2009-08-28 12:37 . 2009-08-28 12:37 -------- d-----w- c:\program files\Photo Story 3 for Windows
2009-08-28 12:30 . 2009-08-28 12:30 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-27 13:15 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-26 19:26 . 2009-07-25 09:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-26 19:26 . 2009-09-03 00:45 -------- d-----w- c:\program files\Java
2009-08-24 15:37 . 2008-04-14 04:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-08-24 15:37 . 2008-04-14 04:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-08-23 23:50 . 2009-08-23 23:50 -------- d-----w- c:\program files\Common Files\Skype
2009-08-23 23:22 . 2009-08-23 23:22 -------- d-----w- c:\documents and settings\DYS Administrator\Local Settings\Application Data\WMTools Downloaded Files
2009-08-23 18:13 . 2009-08-23 18:13 -------- d-----w- c:\program files\FLV Player
2009-08-22 01:40 . 2009-08-22 01:40 -------- d-----w- c:\documents and settings\DYS Staff\Application Data\PFU

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-20 21:37 . 2009-07-16 21:58 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-31 16:54 . 2009-08-17 21:25 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\Apple Computer
2009-08-29 13:26 . 2009-08-17 21:24 -------- d-----w- c:\program files\QuickTime
2009-08-28 19:06 . 2009-08-18 15:02 180057 ----a-w- c:\windows\hpwins14.dat
2009-08-26 00:48 . 2009-08-20 20:06 -------- d-----w- c:\program files\AVS4YOU
2009-08-26 00:48 . 2009-08-20 20:07 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-08-25 19:08 . 2009-07-30 19:57 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\Skype
2009-08-25 12:11 . 2009-07-30 19:58 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\skypePM
2009-08-23 23:50 . 2009-07-16 22:00 -------- d-----r- c:\program files\Skype
2009-08-23 23:50 . 2009-07-16 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-20 20:09 . 2009-08-20 20:09 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\AVS4YOU
2009-08-20 20:09 . 2009-08-20 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-08-20 17:30 . 2009-07-16 22:15 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-20 17:29 . 2009-08-20 17:29 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\Fujitsu
2009-08-20 17:24 . 2009-08-20 17:19 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\PFU
2009-08-20 17:19 . 2009-08-20 17:14 -------- d-----w- c:\program files\Common Files\PFU
2009-08-20 17:19 . 2009-07-16 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-20 17:13 . 2009-08-20 17:13 -------- d-----w- c:\program files\PFU
2009-08-20 17:13 . 2009-08-20 17:13 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\InstallShield
2009-08-20 17:09 . 2009-08-20 17:09 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\Leadertech
2009-08-18 15:12 . 2009-08-18 15:12 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-08-18 15:11 . 2009-08-18 15:11 -------- d-----w- c:\program files\Common Files\HP
2009-08-18 15:11 . 2009-08-18 15:11 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-08-18 15:11 . 2009-08-18 15:11 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-18 15:10 . 2009-08-18 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-08-18 15:06 . 2009-08-18 15:06 -------- d-----w- c:\program files\HP
2009-08-18 14:07 . 2009-08-18 14:01 -------- d-----w- c:\program files\Common Files\eSellerate
2009-08-18 14:02 . 2009-08-18 14:02 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\Memeo
2009-08-18 14:01 . 2009-08-18 14:01 -------- d-----w- c:\program files\Western Digital
2009-08-18 14:01 . 2009-08-18 14:01 -------- d-----w- c:\program files\Western Digital Corporation
2009-08-17 21:24 . 2009-08-17 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-17 21:23 . 2009-08-17 21:23 -------- d-----w- c:\program files\Apple Software Update
2009-08-17 21:23 . 2009-08-17 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-07 12:47 . 2009-08-07 12:47 -------- d-----w- c:\documents and settings\DYS Staff\Application Data\Skype
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 16:15 . 2009-07-31 16:15 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\Talkback
2009-07-30 21:16 . 2009-07-30 21:16 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\SecondLife
2009-07-30 19:58 . 2009-07-30 19:58 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-30 18:14 . 2009-07-30 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-07-30 18:14 . 2009-07-30 18:11 -------- d-----w- c:\program files\TechSmith
2009-07-30 18:13 . 2009-07-30 18:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-30 18:11 . 2009-07-30 18:11 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-07-30 14:29 . 2009-07-30 14:29 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\Thunderbird
2009-07-30 14:28 . 2009-07-30 14:28 46056 ----a-w- c:\documents and settings\DYS Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-27 23:04 . 2009-07-27 23:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-27 22:09 . 2009-07-27 22:09 -------- d-----w- c:\documents and settings\DYS Staff\Application Data\Thunderbird
2009-07-27 18:36 . 2009-07-27 18:36 46056 ----a-w- c:\documents and settings\DYS Staff\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-21 06:52 . 2009-07-21 06:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-21 06:52 . 2009-07-21 06:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 15:03 . 2009-07-16 20:27 46056 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 15:03 . 2009-07-16 20:13 46056 ----a-w- c:\documents and settings\DYS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-16 21:58 . 2009-07-16 21:58 0 ----a-w- c:\windows\nsreg.dat
2009-07-15 15:44 . 2009-07-15 15:44 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-03 17:09 . 2008-04-14 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2008-04-14 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2008-04-14 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2008-04-14 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2008-04-14 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2008-04-14 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-03-21 14:06 . 2008-04-14 12:00 162155 --sha-r- c:\windows\system32\hzsjzy.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-31 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-15 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-15 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-15 150040]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-11-19 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-08-27 471040]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-25 2220032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"StrgSync.exe"="c:\program files\StorageSync\StrgSync.exe" [2005-10-08 3032576]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Conversion to PDF with ScanSnap Organizer.lnk - c:\program files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2009-8-20 24576]
FOGTray.exe.lnk - c:\windows\Installer\{51250BB7-F5E5-4A3C-B322-A9D2899C18BD}\_C25BE279FDDD602A651DDD.exe [2009-7-16 10134]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2009-8-20 1159168]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Photo Story 3 for Windows\\PhotoStory3.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3194:TCP"= 3194:TCP:xheaomi

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 1:19 PM 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 1:19 PM 20840]
R2 Fog Service;FOG Service;c:\program files\FOG\FOGService.exe [9/11/2008 9:39 AM 24576]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [7/16/2009 5:45 PM 112128]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [7/16/2009 5:36 PM 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [7/16/2009 4:02 PM 244368]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [7/16/2009 5:42 PM 110080]
R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [7/16/2009 5:46 PM 148056]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [7/16/2009 5:46 PM 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [7/16/2009 5:46 PM 277440]
S0 cerc6;cerc6; [x]
S2 gupdate1ca2a3f39db6ece;Google Update Service (gupdate1ca2a3f39db6ece);c:\program files\Google\Update\GoogleUpdate.exe [8/31/2009 9:30 AM 133104]
S2 xvbkkkkpt;Boot Monitor;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 8:00 AM 14336]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [7/16/2009 6:10 PM 66056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xvbkkkkpt

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-31 13:29]

2009-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-31 13:30]

2009-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-31 13:30]

2009-08-31 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-08-31 13:17]

2009-09-20 c:\windows\Tasks\User_Feed_Synchronization-{EB5C220C-E74F-4BD5-B518-93817EF361CF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} - file:///C:/Documents%20and%20Settings/DYS%20Administrator/My%20Documents/Downloads/SimpleShare_NASFinder/NASFinder-050809/html/nafcom.cab
FF - ProfilePath - c:\documents and settings\DYS Administrator\Application Data\Mozilla\Firefox\Profiles\wo568rxg.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-20 17:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\DYSADM~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xvbkkkkpt]
"ServiceDll"="c:\windows\system32\hzsjzy.dll"
.
Completion time: 2009-09-20 17:52
ComboFix-quarantined-files.txt 2009-09-20 21:52

Pre-Run: 63,547,052,032 bytes free
Post-Run: 63,644,405,760 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

228 --- E O F --- 2009-08-16 17:53
  • 0

#10
Perplexus

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Oops cross posted...I'll have a look at it and respond soon :)
  • 0

Advertisements


#11
Perplexus

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
After this fix, let me know how your machine is running.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\WINDOWS\System32\hzsjzy.dll

Driver::
xvbkkkkpt

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#12
Lorelle

Lorelle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
New Combo fix log....and I can get to websites I that I could not prior :)

ComboFix 09-09-20.04 - DYS Administrator 09/21/2009 13:23.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2000.1309 [GMT -4:00]
Running from: c:\documents and settings\DYS Administrator\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\DYS Administrator\Desktop\CFScript.txt

FILE ::
"c:\windows\System32\hzsjzy.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\hzsjzy.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XVBKKKKPT
-------\Service_xvbkkkkpt


((((((((((((((((((((((((( Files Created from 2009-08-21 to 2009-09-21 )))))))))))))))))))))))))))))))
.

2009-09-20 21:07 . 2009-09-20 21:07 -------- d-----w- c:\program files\Trend Micro
2009-09-14 21:27 . 2009-09-14 21:27 -------- d-----w- c:\program files\StorageSync
2009-09-14 21:20 . 2009-09-14 21:20 -------- d-----w- C:\Win98 Driver
2009-09-14 19:10 . 2009-09-20 20:32 -------- d-----w- c:\windows\system32\NtmsData
2009-09-09 00:31 . 2009-09-09 00:31 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\AVG8
2009-09-02 12:41 . 2009-09-02 12:41 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\U3
2009-08-31 16:54 . 2009-03-19 20:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-31 16:54 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-08-31 16:54 . 2009-08-31 16:54 -------- d-----w- c:\program files\iPod
2009-08-31 16:54 . 2009-08-31 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-31 16:54 . 2009-08-31 16:54 -------- d-----w- c:\program files\iTunes
2009-08-31 16:54 . 2009-08-31 16:54 -------- d-----w- c:\program files\Bonjour
2009-08-31 16:54 . 2009-07-09 16:16 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-31 16:54 . 2009-07-09 16:16 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-31 16:54 . 2009-08-31 16:54 -------- d-----w- c:\program files\Common Files\Apple
2009-08-31 13:47 . 2009-08-31 13:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-08-31 13:30 . 2009-08-31 13:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-08-31 13:30 . 2009-08-31 13:30 -------- d-----w- c:\documents and settings\DYS Administrator\Local Settings\Application Data\Google
2009-08-31 13:29 . 2009-08-31 13:30 -------- d-----w- c:\program files\Google
2009-08-31 13:29 . 2009-08-31 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-31 13:17 . 2009-08-31 13:19 -------- d-----w- c:\windows\system32\Adobe
2009-08-28 20:58 . 2009-08-28 20:58 -------- d-----w- c:\windows\Sun
2009-08-28 12:37 . 2009-08-28 12:37 -------- d-----w- c:\program files\Photo Story 3 for Windows
2009-08-28 12:30 . 2009-08-28 12:30 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-27 13:15 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-26 19:26 . 2009-07-25 09:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-26 19:26 . 2009-09-03 00:45 -------- d-----w- c:\program files\Java
2009-08-24 15:37 . 2008-04-14 04:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-08-24 15:37 . 2008-04-14 04:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-08-23 23:50 . 2009-08-23 23:50 -------- d-----w- c:\program files\Common Files\Skype
2009-08-23 23:22 . 2009-08-23 23:22 -------- d-----w- c:\documents and settings\DYS Administrator\Local Settings\Application Data\WMTools Downloaded Files
2009-08-23 18:13 . 2009-08-23 18:13 -------- d-----w- c:\program files\FLV Player

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 16:49 . 2009-07-16 21:58 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-31 16:54 . 2009-08-17 21:25 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\Apple Computer
2009-08-29 13:26 . 2009-08-17 21:24 -------- d-----w- c:\program files\QuickTime
2009-08-28 19:06 . 2009-08-18 15:02 180057 ----a-w- c:\windows\hpwins14.dat
2009-08-26 00:48 . 2009-08-20 20:06 -------- d-----w- c:\program files\AVS4YOU
2009-08-26 00:48 . 2009-08-20 20:07 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-08-25 19:08 . 2009-07-30 19:57 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\Skype
2009-08-25 12:11 . 2009-07-30 19:58 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\skypePM
2009-08-23 23:50 . 2009-07-16 22:00 -------- d-----r- c:\program files\Skype
2009-08-23 23:50 . 2009-07-16 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-22 01:40 . 2009-08-22 01:40 -------- d-----w- c:\documents and settings\DYS Staff\Application Data\PFU
2009-08-20 20:09 . 2009-08-20 20:09 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\AVS4YOU
2009-08-20 20:09 . 2009-08-20 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-08-20 17:30 . 2009-07-16 22:15 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-20 17:29 . 2009-08-20 17:29 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\Fujitsu
2009-08-20 17:24 . 2009-08-20 17:19 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\PFU
2009-08-20 17:19 . 2009-08-20 17:14 -------- d-----w- c:\program files\Common Files\PFU
2009-08-20 17:19 . 2009-07-16 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-20 17:13 . 2009-08-20 17:13 -------- d-----w- c:\program files\PFU
2009-08-20 17:13 . 2009-08-20 17:13 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\InstallShield
2009-08-20 17:09 . 2009-08-20 17:09 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\Leadertech
2009-08-18 15:12 . 2009-08-18 15:12 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-08-18 15:11 . 2009-08-18 15:11 -------- d-----w- c:\program files\Common Files\HP
2009-08-18 15:11 . 2009-08-18 15:11 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-08-18 15:11 . 2009-08-18 15:11 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-18 15:10 . 2009-08-18 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-08-18 15:06 . 2009-08-18 15:06 -------- d-----w- c:\program files\HP
2009-08-18 14:07 . 2009-08-18 14:01 -------- d-----w- c:\program files\Common Files\eSellerate
2009-08-18 14:02 . 2009-08-18 14:02 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\Memeo
2009-08-18 14:01 . 2009-08-18 14:01 -------- d-----w- c:\program files\Western Digital
2009-08-18 14:01 . 2009-08-18 14:01 -------- d-----w- c:\program files\Western Digital Corporation
2009-08-17 21:24 . 2009-08-17 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-17 21:23 . 2009-08-17 21:23 -------- d-----w- c:\program files\Apple Software Update
2009-08-17 21:23 . 2009-08-17 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-07 12:47 . 2009-08-07 12:47 -------- d-----w- c:\documents and settings\DYS Staff\Application Data\Skype
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 16:15 . 2009-07-31 16:15 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\Talkback
2009-07-30 21:16 . 2009-07-30 21:16 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\SecondLife
2009-07-30 19:58 . 2009-07-30 19:58 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-30 18:14 . 2009-07-30 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-07-30 18:14 . 2009-07-30 18:11 -------- d-----w- c:\program files\TechSmith
2009-07-30 18:13 . 2009-07-30 18:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-30 18:11 . 2009-07-30 18:11 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-07-30 14:29 . 2009-07-30 14:29 -------- d-----w- c:\documents and settings\DYS Administrator\Application Data\Thunderbird
2009-07-30 14:28 . 2009-07-30 14:28 46056 ----a-w- c:\documents and settings\DYS Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-27 23:04 . 2009-07-27 23:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-27 22:09 . 2009-07-27 22:09 -------- d-----w- c:\documents and settings\DYS Staff\Application Data\Thunderbird
2009-07-27 18:36 . 2009-07-27 18:36 46056 ----a-w- c:\documents and settings\DYS Staff\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-21 06:52 . 2009-07-21 06:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-21 06:52 . 2009-07-21 06:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 15:03 . 2009-07-16 20:27 46056 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 15:03 . 2009-07-16 20:13 46056 ----a-w- c:\documents and settings\DYS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-16 21:58 . 2009-07-16 21:58 0 ----a-w- c:\windows\nsreg.dat
2009-07-15 15:44 . 2009-07-15 15:44 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-03 17:09 . 2008-04-14 12:00 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2008-04-14 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2008-04-14 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2008-04-14 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2008-04-14 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2008-04-14 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.

((((((((((((((((((((((((((((( [email protected]_21.50.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-21 17:27 . 2009-09-21 17:27 16384 c:\windows\Temp\Perflib_Perfdata_750.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-31 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-15 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-15 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-15 150040]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-11-19 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-08-27 471040]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-25 2220032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"StrgSync.exe"="c:\program files\StorageSync\StrgSync.exe" [2005-10-08 3032576]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Conversion to PDF with ScanSnap Organizer.lnk - c:\program files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2009-8-20 24576]
FOGTray.exe.lnk - c:\windows\Installer\{51250BB7-F5E5-4A3C-B322-A9D2899C18BD}\_C25BE279FDDD602A651DDD.exe [2009-7-16 10134]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2009-8-20 1159168]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Photo Story 3 for Windows\\PhotoStory3.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3194:TCP"= 3194:TCP:xheaomi

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 1:19 PM 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 1:19 PM 20840]
R2 Fog Service;FOG Service;c:\program files\FOG\FOGService.exe [9/11/2008 9:39 AM 24576]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [7/16/2009 5:45 PM 112128]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [7/16/2009 5:36 PM 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [7/16/2009 4:02 PM 244368]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [7/16/2009 5:42 PM 110080]
R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [7/16/2009 5:46 PM 148056]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [7/16/2009 5:46 PM 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [7/16/2009 5:46 PM 277440]
S0 cerc6;cerc6; [x]
S2 gupdate1ca2a3f39db6ece;Google Update Service (gupdate1ca2a3f39db6ece);c:\program files\Google\Update\GoogleUpdate.exe [8/31/2009 9:30 AM 133104]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [7/16/2009 6:10 PM 66056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-31 13:29]

2009-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-31 13:30]

2009-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-31 13:30]

2009-09-21 c:\windows\Tasks\User_Feed_Synchronization-{EB5C220C-E74F-4BD5-B518-93817EF361CF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} - file:///C:/Documents%20and%20Settings/DYS%20Administrator/My%20Documents/Downloads/SimpleShare_NASFinder/NASFinder-050809/html/nafcom.cab
FF - ProfilePath - c:\documents and settings\DYS Administrator\Application Data\Mozilla\Firefox\Profiles\wo568rxg.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-21 13:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1744)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\IDT\DellXPM09B_6124v037\WDM\stacsv.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\FOG\FOGTray.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Completion time: 2009-09-21 13:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-21 17:30
ComboFix2.txt 2009-09-20 21:52

Pre-Run: 63,673,507,840 bytes free
Post-Run: 63,641,128,960 bytes free

253 --- E O F --- 2009-08-16 17:53
  • 0

#13
Perplexus

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Things are looking much better! Let's get a couple more scans to check for orphans :)

------------------
Step 1:
------------------

Posted Image Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

------------------
Step 2:
------------------

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


------------------
Step 3:
------------------

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

------------------
Step 4:
------------------

Please post back with the following:
  • How your machine is running
  • MBAM log
  • KasReport.txt

  • 0

#14
Lorelle

Lorelle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I can;t totally check my system out as I am going to bed and have a busy day tomorrow but will run it through the paces tomorrow.

The MBAM log

Malwarebytes' Anti-Malware 1.41
Database version: 2837
Windows 5.1.2600 Service Pack 3

9/21/2009 2:38:03 PM
mbam-log-2009-09-21 (14-38-03).txt

Scan type: Quick Scan
Objects scanned: 112695
Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665 (Trojan.Conficker.H) -> Quarantined and deleted successfully.

Files Infected:
F:\autorun.inf (Trojan.Conficker.H) -> Quarantined and deleted successfully.
F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx (Trojan.Conficker.H) -> Quarantined and deleted successfully.




The Kasreport

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, September 21, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, September 21, 2009 23:18:41
Records in database: 2867282
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
Z:\

Scan statistics:
Objects scanned: 53128
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 01:09:25


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\_hzsjzy_.dll.zip Infected: Net-Worm.Win32.Kido.ih 1

Selected area has been scanned.







thank you for your help so far...
  • 0

#15
Lorelle

Lorelle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Now how do I check my external drives knowing that the viruses may propogate on them. I do not want to reinfect my computer....please advise....thank you!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP