LandzDown Forum

i got the programe but as kas was installing this is what happened
找不到网页
正在查找的网页可能已被删除、重命名或暂时不可用。

--------------------------------------------------------------------------------

请尝试执行下列操作：

如果是在“地址”栏中键入了网页地址，请检查其拼写是否正确。

打开 www.kaspersky.com 主页，然后查找与所需信息相关的链接。
单击后退按钮尝试其他链接。
HTTP 错误 404 - 找不到文件
Internet 信息服务


--------------------------------------------------------------------------------

技术信息（用于支持人员）

详细信息：
Microsoft 支持
then it went into all sort of shapes and things, a bit like wingdings  lol
 

No -- hold on

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3731 (20090101)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=517f11b33b58f14eaa9b0522cdd3d0d7
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-01-02 04:17:50
# local_time=2009-01-02 04:17:50 (+0000, GMT Standard Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 3
# scanned=369132
# found=1
# scan_time=9907
C:\Documents and Settings\All Users\Application Data\Microsoft\ipdll.dll   Win32/Agent.OPM trojan   4CBBDABAD428B0BFE3E6793D16944378

Hi, Nash.  I found one reference on the file reported by Eset as being created by a rogue but the site is not familiar to me so I want to do some more checking.

Please go to Jotti: http://virusscan.jotti.org/
Upload the filepath shown below into the "File to upload & scan" box at the upper left:

C:\Documents and Settings\All Users\Application Data\Microsoft\ipdll.dll

Please upload the same file at VirusTotal:  http://www.virustotal.com/
In the "Upload a file", browse to the file path above and upload the file.

Please provide the results from both Jotti and VirusTotal.

 

MD5: 4cbbdabad428b0bfe3e6793d16944378
First received: 12.24.2008 03:08:28 (CET)
Date: 12.26.2008 23:15:28 (CET) [>6D]
Results: 4/38
Permalink: analisis/5b3a0e2e69bdd09883155ac1e615c9a2

Hi Corrine, my son is playing on the PC and he says it is running faster, the log from mbam will be put on tomorrow as it takes about 6 hrs to go thro the sysytem lol, web pages are still not being shown, i get about 2 - 3 pages then told not coonected, but I think it is that file you found so hopefully it will go this time.
Nash

Hi Corrine, I am on DSL, here is the combi file:

ComboFix 08-12-31.01 - norman 2009-01-03  0:18:26.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2047.1516 [GMT 0:00]
Running from: c:\documents and settings\norman\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\norman\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Webroot Desktop Firewall *disabled*

FILE ::
c:\documents and settings\All Users\Application Data\Microsoft\ipdll.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\ipdll.dll

.
(((((((((((((((((((((((((   Files Created from 2008-12-03 to 2009-01-03  )))))))))))))))))))))))))))))))
.

2009-01-02 01:26 . 2009-01-02 01:30   <DIR>   d--------   c:\program files\EsetOnlineScanner
2009-01-01 17:40 . 2009-01-01 17:39   410,984   --a------   c:\windows\system32\deploytk.dll
2009-01-01 17:40 . 2009-01-01 17:39   73,728   --a------   c:\windows\system32\javacpl.cpl
2008-12-31 19:22 . 2008-12-31 19:22   <DIR>   d--------   c:\program files\Webroot
2008-12-31 19:20 . 2008-12-31 19:20   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Webroot
2008-12-31 19:06 . 2008-12-31 19:06   0   --a------   c:\windows\system32\^3
2008-12-31 16:05 . 2008-12-31 16:05   <DIR>   d--------   c:\documents and settings\norman\Application Data\RealNetworks
2008-12-31 16:05 . 2008-12-31 16:05   <DIR>   d--------   c:\documents and settings\All Users\Application Data\RealNetworks
2008-12-31 14:34 . 2008-12-31 14:34   <DIR>   d--------   c:\documents and settings\norman\Application Data\InstallShield
2008-12-30 13:54 . 2008-12-30 13:54   <DIR>   d--------   c:\documents and settings\norman\Application Data\Malwarebytes
2008-12-27 23:13 . 2008-12-30 19:15   <DIR>   d--------   C:\UBCD4Win
2008-12-27 14:41 . 2008-12-27 14:41   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2008-12-27 14:41 . 2008-12-27 14:41   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-27 14:41 . 2008-12-03 19:54   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-27 14:41 . 2008-12-03 19:54   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2008-12-25 20:39 . 2009-01-02 15:00   <DIR>   d--------   c:\program files\Norton Security Scan
2008-12-25 20:39 . 2008-12-25 20:39   <DIR>   d--------   c:\program files\Common Files\Symantec Shared
2008-12-25 14:08 . 2008-12-25 14:08   <DIR>   d--------   c:\windows\WinRescue
2008-12-25 13:23 . 2008-12-25 13:23   47   --a------   C:\rsqXPdir.ini
2008-12-25 13:17 . 2008-12-25 13:17   <DIR>   d--------   c:\program files\backup
2008-12-25 13:15 . 2008-12-25 14:08   <DIR>   d--------   c:\program files\WinRescueXP
2008-12-25 13:03 . 2008-12-25 13:03   <DIR>   d--------   c:\program files\ParticleG
2008-12-25 12:03 . 2008-12-25 12:03   <DIR>   d--------   c:\program files\Dean Software
2008-12-25 12:02 . 2008-12-25 12:02   <DIR>   d--------   c:\program files\OSCheck
2008-12-24 21:48 . 2008-12-24 21:49   <DIR>   d--------   c:\program files\active ports
2008-12-24 18:54 . 2008-12-24 19:03   <DIR>   d--------   c:\program files\Ontrack
2008-12-22 13:34 . 2008-12-22 15:00   <DIR>   d--------   c:\program files\Hide IP
2008-12-22 01:43 . 2008-12-22 01:43   <DIR>   d--------   c:\program files\Avira
2008-12-22 01:43 . 2008-12-22 01:43   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Avira
2008-12-22 01:11 . 2002-07-09 17:46   726,528   --a------   C:\SETUP.EX~
2008-12-21 12:34 . 2008-12-21 12:34   <DIR>   d--------   c:\program files\Nokia
2008-12-21 12:34 . 2008-12-21 12:34   <DIR>   d--------   c:\documents and settings\norman\Application Data\PC Suite
2008-12-21 12:34 . 2007-02-22 10:15   90,624   --a------   c:\windows\system32\nmwcdcls.dll
2008-12-21 12:33 . 2008-12-21 12:33   <DIR>   d--------   c:\program files\PC Connectivity Solution
2008-12-21 12:33 . 2008-12-21 12:33   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Installations
2008-12-21 12:31 . 2008-12-21 12:31   <DIR>   d--------   c:\program files\Vodafone
2008-12-20 16:47 . 2008-12-21 12:24   <DIR>   d--------   c:\documents and settings\norman\Application Data\Roxio
2008-12-20 16:47 . 2008-12-20 16:47   <DIR>   d--------   c:\documents and settings\LocalService\Application Data\Roxio
2008-12-20 16:47 . 2008-12-31 02:08   54,156   --ah-----   c:\windows\QTFont.qfn
2008-12-20 16:47 . 2008-12-20 16:47   1,409   --a------   c:\windows\QTFont.for
2008-12-20 16:38 . 2008-12-20 16:38   <DIR>   d--------   c:\documents and settings\norman\Application Data\Research In Motion
2008-12-20 16:38 . 2008-12-31 17:13   256   --a------   c:\windows\system32\pool.bin
2008-12-20 16:31 . 2008-12-20 16:31   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Sonic
2008-12-20 16:31 . 2008-12-20 16:31   <DIR>   d--------   c:\documents and settings\All Users\Application Data\InstallShield
2008-12-20 16:26 . 2008-12-20 16:28   <DIR>   d--------   c:\program files\Roxio
2008-12-20 16:26 . 2008-12-20 16:26   <DIR>   d--------   c:\program files\Common Files\Sonic Shared
2008-12-20 16:26 . 2008-12-20 16:26   <DIR>   d--------   c:\program files\Common Files\Roxio Shared
2008-12-20 16:26 . 2008-12-21 12:24   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Roxio
2008-12-20 16:17 . 2007-01-18 10:24   26,496   -ra------   c:\windows\system32\drivers\RimSerial.sys
2008-12-20 16:13 . 2008-12-20 16:13   <DIR>   d--------   c:\program files\Research In Motion
2008-12-20 16:13 . 2008-12-20 16:14   <DIR>   d--------   c:\program files\Common Files\Research In Motion
2008-12-20 16:05 . 2008-12-20 16:05   <DIR>   d--hs----   c:\windows\ftpcache
2008-12-20 12:39 . 2008-12-20 12:39   <DIR>   d--------   c:\windows\LastGood(2)
2008-12-20 12:30 . 2008-12-20 12:30   <DIR>   d--------   c:\documents and settings\norman\Application Data\s_5849_NTN8fHx8NTN8fHwxMjQyMzg0MzM5fA_
2008-12-11 20:37 . 2008-12-11 20:37   42,320   --a------   c:\windows\system32\xfcodec.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 00:01   ---------   d-----w   c:\documents and settings\norman\Application Data\Xfire
2009-01-02 20:40   201,816   ----a-w   c:\windows\system32\PnkBstrB.exe
2009-01-02 20:40   137,992   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
2009-01-02 17:04   ---------   d-----w   c:\documents and settings\All Users\Application Data\Google Updater
2009-01-02 16:51   ---------   d-----w   c:\program files\Image-Line
2009-01-02 16:37   737,280   -c--a-w   c:\windows\iun6002.exe
2009-01-02 00:54   ---------   d-----w   c:\program files\Java
2009-01-01 13:01   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-01-01 13:00   ---------   d-----w   c:\program files\3GP Player
2009-01-01 12:58   ---------   d-----w   c:\program files\Veetle
2008-12-31 18:46   ---------   d-----w   c:\program files\PPStream
2008-12-30 23:36   ---------   d-----w   c:\program files\Spybot - Search & Destroy
2008-12-28 23:58   ---------   d---a-w   c:\documents and settings\All Users\Application Data\TEMP
2008-12-28 22:19   ---------   d-----w   c:\program files\SpywareBlaster
2008-12-27 14:08   ---------   d-----w   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-27 13:06   14,336   ----a-w   c:\windows\system32\svchost.exe
2008-12-25 21:24   ---------   d-----w   c:\program files\Tiscali Broadband
2008-12-23 20:09   ---------   d-----w   c:\documents and settings\All Users\Application Data\avg8
2008-12-21 10:47   ---------   d-----w   c:\program files\Xfire
2008-12-20 22:22   ---------   d-----w   c:\program files\IncrediMail
2008-12-10 19:32   ---------   d-----w   c:\program files\NCH Swift Sound
2008-12-10 19:32   ---------   d-----w   c:\documents and settings\norman\Application Data\NCH Swift Sound
2008-12-10 16:58   ---------   d-----w   c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-08 01:48   ---------   d-----w   c:\program files\Microsoft Games
2008-12-08 01:45   ---------   d-----w   c:\program files\Electronic Arts
2008-12-08 01:40   ---------   d-----w   c:\program files\Steam
2008-12-06 15:27   ---------   d-----w   c:\program files\Google
2008-12-01 20:51   ---------   d-----w   c:\program files\FLV Player
2008-11-22 14:30   ---------   d-----w   c:\documents and settings\norman\Application Data\ppstream
2008-11-22 12:31   ---------   d-----w   c:\program files\PCTV4Me
2008-11-15 15:10   48,396   ----a-w   c:\windows\UninstVeetleTVPlayer.exe
2008-11-03 19:36   ---------   d-----w   c:\program files\Ahead
2008-11-03 19:26   ---------   d-----w   c:\documents and settings\All Users\Application Data\DVD Shrink
2008-10-23 12:36   286,720   ----a-w   c:\windows\system32\gdi32.dll
2008-10-19 10:27   6,688   ----a-w   c:\windows\movexe.exe
2008-10-16 20:38   826,368   ----a-w   c:\windows\system32\wininet.dll
2008-10-16 14:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 14:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 14:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 14:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 14:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 14:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 14:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 14:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 14:06   268,648   ----a-w   c:\windows\system32\mucltui.dll
2008-10-16 14:06   208,744   ----a-w   c:\windows\system32\muweb.dll
2008-10-03 10:02   247,326   ----a-w   c:\windows\system32\strmdll.dll
2008-05-24 21:45   22,328   ----a-w   c:\documents and settings\norman\Application Data\PnkBstrK.sys
2007-05-15 17:38   82   ----a-w   c:\documents and settings\All Users\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat
2003-12-18 10:33   20,102   ----a-w   c:\program files\Readme.txt
2003-09-03 06:46   10,960   -c--a-w   c:\program files\EULA.txt
2002-10-09 12:06   286,720   -c--a-w   c:\windows\inf\i386\rtscan.dll
2002-10-09 12:06   172,032   -c--a-w   c:\windows\inf\i386\viceo.dll
2002-10-09 08:11   61,440   -c--a-w   c:\windows\inf\i386\onetUSD.dll
2002-08-23 13:06   13,824   -c--a-w   c:\windows\inf\i386\Usbscan.sys
2002-08-23 12:58   36,864   -c--a-w   c:\windows\inf\i386\Vizmicro.dll
2006-09-02 00:09   56   -csha-r   c:\windows\system32\78F605413A.sys
2006-09-02 00:09   1,682   -csha-w   c:\windows\system32\KGyGaAvL.sys
2008-09-11 14:23   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091120080912\index.dat
2007-04-03 15:51   9,173,280   --sha-w   c:\windows\system32\drivers\fidbox.dat
2007-04-03 15:51   103,712   --sha-w   c:\windows\system32\drivers\fidbox2.dat
.

(((((((((((((((((((((((((((((   snapshot@2009-01-01_14.45.31.18   )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-11-19 14:02:18   86,016   ------w   c:\windows\system32\DM.DLL
- 2003-11-19 16:36:26   24,681   -c--a-w   c:\windows\system32\java.exe
+ 2009-01-01 17:39:24   144,792   ----a-w   c:\windows\system32\java.exe
- 2003-11-19 16:36:30   28,779   -c--a-w   c:\windows\system32\javaw.exe
+ 2009-01-01 17:39:24   144,792   ----a-w   c:\windows\system32\javaw.exe
+ 2009-01-01 17:39:24   148,888   ----a-w   c:\windows\system32\javaws.exe
+ 2007-07-27 14:49:02   196,683   ----a-w   c:\windows\system32\lnod32apiA.dll
+ 2007-07-27 14:49:02   225,355   ----a-w   c:\windows\system32\lnod32apiW.dll
+ 2005-12-05 19:25:22   139,264   ----a-w   c:\windows\system32\lnod32umc.dll
+ 2005-12-05 12:37:10   106,496   ----a-w   c:\windows\system32\lnod32upd.dll
+ 2008-02-11 09:39:26   253,952   ----a-w   c:\windows\system32\OnlineScannerDLLA.dll
+ 2008-02-11 09:39:18   237,568   ----a-w   c:\windows\system32\OnlineScannerDLLW.dll
+ 2008-02-08 13:53:46   110,592   ----a-w   c:\windows\system32\OnlineScannerLang.dll
+ 2008-02-05 08:48:04   77,824   ----a-w   c:\windows\system32\OnlineScannerUninstaller.exe
+ 2009-01-02 19:40:06   16,384   ----atw   c:\windows\temp\Perflib_Perfdata_720.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FLMK08KB"="c:\program files\Muiltmedia keyboard utility\2.2D\MMKEYBD.EXE" [2006-09-23 207360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-01 185896]
"nwiz"="nwiz.exe" [2007-04-19 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-09-01 962661]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= IR41_32.DLL
"VIDC.MJPG"= pvmjpg20.dll
"VIDC.ACDV"= ACDV.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msvideo7"= STV680tg.dll
"VIDC.XFR1"= xfcodec.dll
"vidc.pivc"= pivideo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0lsdelete

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"FLMOFFICE4DMOUSE"=c:\program files\Trust\MI-2510T Optical Combi Tilt Mouse\moffice.exe
"nwiz"=nwiz.exe /install
"WinampAgent"=c:\program files\Winamp\winampa.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Excursion9.5\\mIRC.ExCurSioN.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\steamapps\\rhysinator\\condition zero\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\rhysinator\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\rhysinator\\half-life 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\rhysinator\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\PhotoJoy\\Bin\\PjApp.exe"=
"c:\\Program Files\\PhotoJoy\\Bin\\PjImp.exe"=
"c:\\Program Files\\PhotoJoy\\Bin\\PhotoJoy.exe"=
"c:\\Program Files\\Steam\\steamapps\\rhysinator\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"135:TCP"= 135:TCP:DCOM(135)

R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [2007-11-03 13312]
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [2008-07-31 103304]
R2 PQfsmonNT ABE675CA-49DF-11d3-93F6-00104B64D07B;PowerQuest File System Monitor PQfsmonNT ABE675CA-49DF-11d3-93F6-00104B64D07B;\??\c:\program files\PowerQuest\DataKeeper 5.0\PqFsmonNt.sys [2002-07-12 49096]
R2 ptssvc;ptssvc;c:\program files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe [2006-12-21 45056]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2007-02-16 2368]
R2 WDFNet;Webroot Desktop Firewall network service;c:\program files\Webroot\Webroot Desktop Firewall\wdfsvc.exe [2008-07-31 353672]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2007-11-03 8832]
S2 ColdFusion Management Repository;ColdFusion Management Repository Server;"c:\cfusion\jrun\bin\jrun.exe" -jrundir "c:\cfusion\jrun" -nt "ColdFusion Management Repository" "cfam" []
S3 A_USBETHMP;USB PowerPacket Network Adapter;c:\windows\system32\Drivers\usbethmp.sys [2006-11-24 14342]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\Drivers\Brfilt.sys [2006-09-05 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\Drivers\BrSerWdm.sys [2006-09-05 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\Drivers\BrUsbMdm.sys [2006-09-05 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\Drivers\BrUsbScn.sys [2006-09-05 10368]
S3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.SYS [2006-12-24 31899]
S3 iMSPCLOj;iMSPCLOj;\??\c:\docume~1\norman\LOCALS~1\Temp\iMSPCLOj.sys []
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\PLCNDIS5.SYS [2006-11-24 17018]
S3 s3chipid;s3chipid;\??\c:\docume~1\norman\LOCALS~1\Temp\s3chipid.sys []
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2007-04-28 428160]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1505667c-8af9-11dc-ad2e-4d6564696130}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d117648-064c-11dd-add9-4d6564696130}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94df3b7a-7294-11dc-ad0c-4d6564696130}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be040102-9de9-11dc-ad48-4d6564696130}]
\Shell\AutoRun\command - E:\Laguna.exe

*Newly Created Service* - PNKBSTRB

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-01-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2008-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-01-02 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-12-30 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2008-04-14 00:12]

2009-01-02 c:\windows\Tasks\Norton Security Scan for norman.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = 61.166.68.71:80
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 00:22:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\wdfproc.dll

- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\wdfproc.dll
.
Completion time: 2009-01-03  0:24:29
ComboFix-quarantined-files.txt  2009-01-03 00:24:26
ComboFix2.txt  2009-01-02 00:12:10
ComboFix3.txt  2009-01-01 23:44:34
ComboFix4.txt  2009-01-01 14:48:49

Pre-Run: 50,807,185,408 bytes free
Post-Run: 50,788,605,952 bytes free

301   --- E O F ---   2008-12-25 21:27:36

Sorry Corrine, it was Mbam that stopped working not Combofix, its all these late nights  lol,  will run Mbam again and print results out for you, but last one found 3 trojans 2 were vundo in sys restore and one in Qoo  something, but that was in Quarintine.
Will run again and hope it not stop again.
Nash