Member Panel

brownsfan711

I know there is spyware on my laptop but cannot find it i am running xp home w/ sp2 please help!
thanks in advance!

hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:13 PM, on 12/1/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\enrixhjx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [8c0a17d8] rundll32.exe "C:\WINDOWS\system32\ktpfyyux.dll",b
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKUS\S-1-5-21-861567501-1202660629-1708537768-1006\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe (User '?')
O4 - HKUS\S-1-5-21-861567501-1202660629-1708537768-1006\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray (User '?')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by137fd.bay137.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1185158713334
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - cmd.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\enrixhjx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7296 bytes

Pancake

Download SDFix and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum.

=========================================
This will help to identify any malware on your system.
Please download Combofix from HERE or HERE
Save ComboFix to the desktop.
1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

brownsfan711

new logs:

new hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:14 PM, on 12/1/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\nircmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9CF8DE6B-62FB-4C79-DA5C-39E6008E0BC3} - C:\WINDOWS\system32\skfu.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [8c0a17d8] rundll32.exe "C:\WINDOWS\system32\ktpfyyux.dll",b
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKUS\S-1-5-21-861567501-1202660629-1708537768-1006\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe (User '?')
O4 - HKUS\S-1-5-21-861567501-1202660629-1708537768-1006\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray (User '?')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by137fd.bay137.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1185158713334
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7731 bytes

brownsfan711

((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))) ))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9CF8DE6B-62FB-4C79-DA5C-39E6008E0BC3}]
C:\WINDOWS\system32\skfu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mss ysmgr.exe" []
"Tunebite"="C:\Program Files\RapidSolution\Tunebite\Tunebite.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-08-01 14:43]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-08-01 14:43]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"AtiPTA"="atiptaxx.exe" [2002-07-11 23:08 C:\WINDOWS\system32\atiptaxx.exe]
"CARPService"="carpserv.exe" [2002-10-17 11:54 C:\WINDOWS\system32\carpserv.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" []
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]
"8c0a17d8"="C:\WINDOWS\system32\ktpfyyux.dll" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 19:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dl l 2001-12-20 21:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dl l

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 12:41:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 21:42:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-12-01 21:45:31 - machine was rebooted
.
--- E O F ---

brownsfan711

SDFix: Version 1.116

Run by Administrator on 2007-12-01 at 19:20

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing SharedAccess Service

Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 20:00:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:9a,eb,b2,f6,89,00,3c,b0,5f,d8,e8,7d,ee ,6d,e0,26,47,a9,01,65,79,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001]
"a0"=hex:20,01,00,00,13,f3,99,95,b8,45,72,f8,cf,b3 ,55,3f,25,5c,d5,b3,95,..
"khjeh"=hex:a8,37,6d,0e,48,6c,a8,42,62,5a,9c,60,27 ,0c,62,41,d8,24,b9,94,44,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf40]
"khjeh"=hex:9b,a1,ab,c1,72,5a,00,96,bf,26,25,01,36 ,5a,4b,92,18,e8,8f,ae,dd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:9a,eb,b2,f6,89,00,3c,b0,5f,d8,e8,7d,ee ,6d,e0,26,47,a9,01,65,79,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,13,f3,99,95,b8,45,72,f8,cf,b3 ,55,3f,25,5c,d5,b3,95,..
"khjeh"=hex:a8,37,6d,0e,48,6c,a8,42,62,5a,9c,60,27 ,0c,62,41,d8,24,b9,94,44,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf40]
"khjeh"=hex:9b,a1,ab,c1,72,5a,00,96,bf,26,25,01,36 ,5a,4b,92,18,e8,8f,ae,dd,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Reinstall\p\5\x2018|\xff\xff\xff\xff]
"DisplayName"="\x52a0\37\1"
"DeviceDesc"="\x52a0\37\1"
"ProviderName"="\x6a26\23\x945\x7c91\x94e\x7c91\xa fac"
"MFG"="\x5944\23\xec84\x7792\xec91\x7792"
"ReinstallString"="2002, 6.13.10.6129"
"DeviceInstanceIds"=str(7):""
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3799

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"C:\\Program Files\\webui_v0.310_beta_2\\utorrent-1.6.1-beta-build-483.exe"="C:\\Program Files\\webui_v0.310_beta_2\\utorrent-1.6.1-beta-build-483.exe:*:Enabled:æTorrent"
"C:\\WINDOWS\\system32\\enrixhjx.exe"="C:\\WINDOWS \\system32\\enr"
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

Files with Hidden Attributes:

Fri 30 Nov 2007 20,812 ..SH. --- "C:\WINDOWS\system32\jakcrqer.dllbox"
Fri 30 Nov 2007 457,964 ..SH. --- "C:\WINDOWS\system32\jmoqr.bak2"
Mon 26 Nov 2007 456,631 ..SH. --- "C:\WINDOWS\system32\jmoqr.bak1"
Sun 18 Feb 2007 848 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 3 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 26 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\ico1.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\ico2.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\ico3.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\ico4.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\ico5.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\ico8D.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\ico8E.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\ico8F.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\ico90.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\ico91.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\ico9C.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\ico9D.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\ico9E.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\ico9F.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\icoA0.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\icoA1.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\icoA2.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\icoA3.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\icoA4.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\icoA5.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\icoA6.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\icoA7.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\icoA8.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\icoA9.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\icoAA.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\icoAB.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\icoAC.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\icoAD.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\icoAE.tmp"
Fri 30 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Browns Fan\Local Settings\Temp\icoAF.tmp"
Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll"
Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e 70c80a1e476f1abf49afecb1\BIT3.tmp"

Finished!

brownsfan711

combofix log:

ComboFix 07-12-02.5 - Browns Fan 2007-12-01 21:09:01.2 - NTFSx86

Running from: C:\Documents and Settings\Browns Fan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Browns Fan\Favorites\Online Security Guide.lnk
C:\Program Files\Common Files\Yazzle1848OinAdmin.exe
C:\Program Files\Common Files\Yazzle1848OinUninstaller.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\ssembl~1
C:\WINDOWS\system32\avlmdmml.dll
C:\WINDOWS\system32\bnaurqnb.dll
C:\WINDOWS\system32\byxxw.dll
C:\WINDOWS\system32\cspnqsip.dll
C:\WINDOWS\system32\eelrvqxv.dll
C:\WINDOWS\system32\fksnsylu.dll
C:\WINDOWS\system32\hymvalif.dll
C:\WINDOWS\system32\jakcrqer.dllbox
C:\WINDOWS\system32\jbaryilb.dll
C:\WINDOWS\system32\jmoqr.bak1
C:\WINDOWS\system32\jmoqr.bak2
C:\WINDOWS\system32\jmoqr.ini
C:\WINDOWS\system32\kcfxvpci.dll
C:\WINDOWS\system32\kwgptkjb.dll
C:\WINDOWS\system32\mbltgwkl.dll
C:\WINDOWS\system32\opnkkkk.dll
C:\WINDOWS\system32\oxivwylf.dll
C:\WINDOWS\system32\qkwtssog.dll
C:\WINDOWS\system32\rqomj.dll
C:\WINDOWS\system32\sgkyclan.dll
C:\WINDOWS\system32\vnlkwqkd.dll
C:\WINDOWS\system32\wapiicomsv32.exe
C:\WINDOWS\system32\wxxyb.bak1
C:\WINDOWS\system32\wxxyb.bak2
C:\WINDOWS\system32\wxxyb.ini
C:\WINDOWS\system32\ystem3~1
.
---- Previous Run -------
.
C:\Program Files\Common Files\Yazzle1848OinAdmin.exe
C:\Program Files\Common Files\Yazzle1848OinUninstaller.exe
C:\WINDOWS\system32\wxxyb.bak1
C:\WINDOWS\system32\wxxyb.bak2
C:\WINDOWS\system32\wxxyb.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.

2007-12-01 21:14 . 2007-12-01 21:14 144,480 --a------ C:\WINDOWS\system32\xjhtotmt.dll.vir
2007-12-01 19:18 . 2007-12-01 19:18 <DIR> d-------- C:\WINDOWS\SDFIX
2007-12-01 19:12 . 2007-12-01 19:12 122,331 --a------ C:\41517-please-help.html
2007-12-01 13:49 . 2007-12-01 13:49 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-01 13:49 . 2007-12-01 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-01 13:46 . 2007-12-01 13:46 <DIR> d-------- C:\Program Files\Malware Removal Tool
2007-11-30 17:23 . 2007-11-30 17:24 144,480 --a------ C:\WINDOWS\system32\xjhtotmt.dll
2007-11-30 17:18 . 2007-12-01 19:00 793,742 --ahs---- C:\WINDOWS\system32\xuyyfptk.ini
2007-11-30 17:17 . 2007-11-30 17:18 85,056 --a------ C:\WINDOWS\system32\ktpfyyux.dll.vzr
2007-11-30 17:11 . 2007-11-30 17:11 71,232 --a------ C:\WINDOWS\system32\enrixhjx.exe.vzr
2007-11-29 17:45 . 2007-11-30 19:23 1,784 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-29 17:43 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-29 17:43 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-29 17:43 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-29 17:43 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-29 17:43 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-28 15:40 . 2007-11-28 15:47 <DIR> d-------- C:\Program Files\ToneThis 3.0
2007-11-27 17:48 . 2007-11-27 17:50 <DIR> d-------- C:\Program Files\QPST
2007-11-26 12:53 . 2007-11-26 12:53 <DIR> d-------- C:\Program Files\PixiePack Codec Pack
2007-11-26 12:41 . 2007-11-26 18:47 <DIR> d-------- C:\Documents and Settings\Browns Fan\Application Data\Tunebite
2007-11-26 12:41 . 2007-11-16 10:30 26,912 --a------ C:\WINDOWS\system32\drivers\tbhsd.sys
2007-11-26 12:39 . 2007-11-26 12:39 <DIR> d-------- C:\Program Files\RapidSolution
2007-11-26 12:39 . 2007-11-26 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution
2007-11-25 14:10 . 2007-11-25 14:10 <DIR> d-------- C:\Program Files\Samsung
2007-11-25 14:10 . 2005-08-17 08:46 93,872 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2007-11-25 14:10 . 2005-08-17 08:47 73,696 --a------ C:\WINDOWS\system32\drivers\sscdserd.sys
2007-11-25 14:10 . 2005-08-17 08:45 58,352 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2007-11-25 14:10 . 2005-08-17 08:46 8,272 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2007-11-25 14:10 . 2005-08-17 08:47 6,176 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2007-11-25 14:10 . 2005-08-17 08:47 6,176 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2007-11-25 14:10 . 2005-08-17 08:44 5,840 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2007-11-25 14:10 . 2005-08-17 08:44 5,840 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2007-11-25 14:09 . 2007-11-26 14:03 18,616,320 --a------ C:\WINDOWS\MEDB.mdb
2007-11-22 17:24 . 2007-11-25 14:28 <DIR> d-------- C:\Program Files\MagicISO
2007-11-21 08:51 . 2007-11-21 08:51 <DIR> d-------- C:\Program Files\CyberLink
2007-11-21 08:38 . 2007-11-21 08:41 <DIR> d-------- C:\Program Files\PowerDVD Ultra Deluxe v7 3
2007-11-21 08:32 . 2007-11-21 08:32 <DIR> d-------- C:\Program Files\Softick
2007-11-19 06:24 . 2007-10-17 06:24 2,526,800 --a------ C:\WINDOWS\Install_B4Playing.exe
2007-11-19 06:24 . 2007-10-17 06:22 842,148 --a------ C:\WINDOWS\B4Playing Bonus Guide.pdf
2007-11-19 06:24 . 2007-11-18 08:32 112 --a------ C:\WINDOWS\B4Playing, the Smart Casino & Poker Players' Tool.url
2007-11-14 21:23 . 2007-11-14 21:23 250 --a------ C:\WINDOWS\gmer.ini
2007-11-14 20:44 . 2007-11-30 18:38 <DIR> d-------- C:\VundoFix Backups
2007-11-10 16:13 . 2007-11-10 16:13 7,825 --a------ C:\info.exe
2007-11-09 11:02 . 2007-11-09 11:05 <DIR> d-------- C:\Program Files\RAR Password Cracker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-02 02:40 2,306,336 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-02 02:38 31,916 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-02 00:55 5,085,237 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-01 18:38 --------- d-----w C:\Documents and Settings\Browns Fan\Application Data\uTorrent
2007-11-27 22:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-26 18:56 --------- d-----w C:\Documents and Settings\Browns Fan\Application Data\LimeWire
2007-11-26 18:54 --------- d-----w C:\Program Files\LimeWire
2007-11-21 13:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-11-14 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-14 21:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-12 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-02 20:27 --------- d-----w C:\Program Files\Folder Guard Pro
2007-11-02 12:50 --------- d-----w C:\Documents and Settings\Browns Fan\Application Data\U3
2007-10-30 04:36 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-10-30 04:36 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-10-26 04:39 --------- d-----w C:\Documents and Settings\Browns Fan\Application Data\dvdcss
2007-10-25 01:18 --------- d-----w C:\Program Files\SureThing CD Labeler 5
2007-10-25 01:17 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-10-25 00:07 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-10-20 14:28 --------- d--h--r C:\Documents and Settings\Browns Fan\Application Data\yahoo!
2007-10-20 14:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-18 06:29 --------- d-----w C:\Program Files\Yahoo!
2007-10-18 06:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-10-13 20:54 --------- d-----w C:\Documents and Settings\Browns Fan\Application Data\Ahead
2007-10-13 19:18 --------- d-----w C:\Program Files\DVD Shrink
2007-10-13 05:39 --------- d-----w C:\Program Files\Microsoft Works
2007-10-13 05:34 --------- d-----w C:\Program Files\Microsoft.NET
2007-10-13 05:22 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-10-13 05:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2007-10-13 03:54 --------- d-----w C:\Documents and Settings\Browns Fan\Application Data\Autodesk
2007-10-10 16:52 --------- d-----w C:\Program Files\MSXML 6.0
2007-10-05 06:27 --------- d-----w C:\Program Files\Serials 2000 7.1 Plus
2007-10-02 02:14 --------- d-----w C:\Program Files\Motorola Phone Tools
2007-10-02 02:05 --------- d-----w C:\Program Files\Avanquest update
2007-10-02 02:05 --------- d-----w C:\Documents and Settings\Browns Fan\Application Data\InstallShield
2007-10-02 00:24 --------- d-----w C:\Program Files\Acez CD Ripper
2007-10-02 00:08 --------- d-----w C:\Program Files\Maketorrent 2
2007-07-29 14:51 87,507 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_29_10_46_20_small.dmp.zip
2007-07-05 13:36 17,107,040 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_05_06_25_01_full.dmp. zip
2007-07-05 13:35 89,393 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_05_06_16_30_small.dmp.zip
2007-07-05 13:35 17,207,848 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_05_06_16_21_full.dmp. zip
2007-06-03 19:49 101,367 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_06_03_13_04_36_small.dmp.zip
2007-06-02 23:40 20,536,214 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_06_02_19_35_40_full.dmp. zip
2007-05-27 20:36 24,192 ----a-w C:\Documents and Settings\Browns Fan\usbsermptxp.sys
2007-05-27 20:36 22,768 ----a-w C:\Documents and Settings\Browns Fan\usbsermpt.sys
2007-03-26 23:38 92,064 ----a-w C:\Documents and Settings\Brock & Michelle\mqdmmdm.sys
2007-03-26 23:38 9,232 ----a-w C:\Documents and Settings\Brock & Michelle\mqdmmdfl.sys
2007-03-26 23:38 79,328 ----a-w C:\Documents and Settings\Brock & Michelle\mqdmserd.sys
2007-03-26 23:38 66,656 ----a-w C:\Documents and Settings\Brock & Michelle\mqdmbus.sys
2007-03-26 23:38 6,208 ----a-w C:\Documents and Settings\Brock & Michelle\mqdmcmnt.sys
2007-03-26 23:38 5,936 ----a-w C:\Documents and Settings\Brock & Michelle\mqdmwhnt.sys
2007-03-26 23:38 4,048 ----a-w C:\Documents and Settings\Brock & Michelle\mqdmcr.sys
2007-03-26 23:38 25,600 ----a-w C:\Documents and Settings\Brock & Michelle\usbsermptxp.sys
2007-03-26 23:38 22,768 ----a-w C:\Documents and Settings\Brock & Michelle\usbsermpt.sys
2007-06-02 23:55 1,135 --sha-w C:\WINDOWS\Microsoft.NET\Framework\ntp2.ini2
2007-02-19 04:15 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

Member Panel

Sponsors and Ads

Live Tag Cloud