Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde? Not Sure Maybe Something Else Help!


  • This topic is locked This topic is locked
11 replies to this topic

#1 mrpman

mrpman

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 07 June 2008 - 11:23 PM

Hello, & and thanks in advance. I am not sure if I have Virtumonde or not but it does no seem to go away. It does something to my internet explorere and changes the internet explorer security settings to allow all cookies, then I get popups. My IE stopped working at first but after running bhoscanner, at least IE is working again, but trojan or whatever is still there. Please any help would be appriciated, this thing is driving me nuts!! :thumbsup:

Here is my DSS Main.txt

Deckard's System Scanner v20071014.68
Run by Anthony on 2008-06-08 00:08:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Anthony.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-08 00:12:39
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\McAfee\MSC\mcpromgr.exe
C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\WINDOWS\RTHDCPL.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\ups.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\honestech\MY-IPTV Anywhere Server\UPnPAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Documents and Settings\Anthony\Desktop\dss.exe
C:\Program Files\McAfee\VirusScan\mcvsshld.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Hijackthis\Anthony.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: (no name) - {109557FD-C1C4-47E5-B46F-11B2B48443B2} - C:\WINDOWS\system32\jkkJabAR.dll (file missing)
O2 - BHO: (no name) - {1FA9D7B8-C667-4115-A225-B8D38D6006C9} - (no file)
O2 - BHO: {49cf429b-8a4e-9d89-a3a4-84b9e62503d2} - {2d30526e-9b48-4a3a-98d9-e4a8b924fc94} - C:\WINDOWS\system32\sjyfeiym.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {A3DA4828-6A96-458B-8A49-795B88205ED3} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B6E95516-27C0-443D-9BA9-ABD8C12BAE16} - (no file)
O2 - BHO: (no name) - {E07127FC-33CA-4EFC-A98A-E3BEF62BF0AC} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 SE\Ulead DVD MovieFactory 5\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [SageTV] "C:\Program Files\SageTV\SageTV\SageTV.exe" -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
O4 - Global Startup: HP OfficeJet Series 500 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: scheduleTV.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://turbotax.com (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/7.../OGAControl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182403293250
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} () - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://172.18.201.5/WinWebPush.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\
O20 - Winlogon Notify: cbXnOgFV - C:\WINDOWS\system32\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\Program Files\WinTV\HCWTVServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


--
End of file - 16546 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - C:\WINDOWS\NOTEPAD.EXE "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2401>
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2401>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path ManagerŪ (32-bit)>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
R3 MovRVDrv32 - c:\windows\system32\drivers\movrvdrv32.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SndTDriverV32 - c:\windows\system32\drivers\sndtdriverv32.sys <Not Verified; Windows ® 2000/XP; Windows ® 2000/XP Driver>

S3 UltraMonMirror - c:\windows\system32\drivers\ultramonmirror.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>

S3 HauppaugeTVServer - c:\progra~1\wintv\hcwtvs~1.exe <Not Verified; Hauppauge Computer Works; Hauppauge TV Server>
S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 TVersityMediaServer - "c:\program files\tversity\media server\mediaserver.exe"


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: USB PVR-TV Device
Device ID: USB\VID_EB1A&PID_2861&MI_00\6&37CA75E8&0&0000
Manufacturer: eMPIA Technology
Name: USB PVR-TV Device
PNP Device ID: USB\VID_EB1A&PID_2861&MI_00\6&37CA75E8&0&0000
Service: USB28xxBGA


-- Scheduled Tasks -------------------------------------------------------------

2008-06-01 01:00:25 356 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-05-20 02:45:01 274 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-05-15 01:28:59 354 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-04-20 02:30:21 396 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-06-07 13:14:27 728767 --ahs---- C:\WINDOWS\system32\kjPonUvw.ini2
2008-06-06 22:56:03 0 d-------- C:\Documents and Settings\Anthony\Application Data\Malwarebytes
2008-06-06 22:55:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 22:55:53 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 21:21:41 0 d-------- C:\Program Files\Enigma Software Group
2008-06-06 20:39:43 108544 --a------ C:\WINDOWS\system32\sjyfeiym.dll
2008-06-06 20:39:37 100864 -----n--- C:\WINDOWS\system32\btnyavpg.dll
2008-06-06 20:38:54 347136 -----n--- C:\WINDOWS\system32\wvUnoPjk.dll
2008-06-05 22:32:03 0 d-------- C:\Program Files\Lavasoft
2008-06-05 22:32:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-05 22:31:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-05 22:17:29 0 d-------- C:\Program Files\Nsasoft
2008-06-05 21:49:53 133120 --a------ C:\WINDOWS\system32\iqadxwye.dll
2008-06-05 21:49:51 117248 -----n--- C:\WINDOWS\system32\oqocgtvb.dll
2008-06-05 21:44:31 126976 --a------ C:\WINDOWS\system32\kdjaqewu.dll
2008-06-05 21:43:50 736347 --ahs---- C:\WINDOWS\system32\RAbaJkkj.ini2
2008-06-05 20:53:13 133120 --a------ C:\WINDOWS\system32\yfmfxrgg.dll
2008-06-05 20:50:14 126976 --a------ C:\WINDOWS\system32\bxripwdo.dll
2008-06-04 22:39:54 132608 --a------ C:\WINDOWS\system32\crdmnbko.dll
2008-06-04 22:33:54 126976 --a------ C:\WINDOWS\system32\ydhrukdc.dll
2008-05-31 17:04:08 733915 --ahs---- C:\WINDOWS\system32\AJQWxyxx.ini2
2008-05-31 12:54:14 10856 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-31 12:52:01 0 d-------- C:\Documents and Settings\Anthony\Application Data\NCH Software
2008-05-29 00:35:44 0 d-------- C:\Program Files\SanDisk
2008-05-27 22:56:36 0 d-------- C:\Converted
2008-05-27 22:54:10 513152 --a------ C:\WINDOWS\system32\SndTDriverV32.sys <Not Verified; Windows ® 2000/XP; Windows ® 2000/XP Driver>
2008-05-27 22:54:10 513152 --a------ C:\WINDOWS\system32\drivers\SndTDriverV32.sys <Not Verified; Windows ® 2000/XP; Windows ® 2000/XP Driver>
2008-05-27 22:54:09 0 d-------- C:\Program Files\SoundTaxi
2008-05-26 00:46:05 58368 -----n--- C:\WINDOWS\system32\cbXnOgFV.dll
2008-05-25 00:21:26 0 d-------- C:\Program Files\Azureus
2008-05-23 23:25:38 0 d-------- C:\Documents and Settings\Anthony\Application Data\WinRAR
2008-05-20 20:45:14 4 --a------ C:\WINDOWS\system32\24527E
2008-05-20 20:44:30 8413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path ManagerŪ (32-bit)>
2008-05-20 20:44:30 0 d-------- C:\Program Files\Common Files\Real
2008-05-20 20:44:08 0 d-------- C:\Documents and Settings\Anthony\Application Data\Real
2008-05-20 20:43:59 0 d-------- C:\Program Files\Real
2008-05-20 20:43:13 0 d-------- C:\Program Files\Rhapsody
2008-05-12 20:39:33 0 d-------- C:\Documents and Settings\NetworkService\My Documents


-- Find3M Report ---------------------------------------------------------------

2008-06-06 20:22:29 0 d-------- C:\Program Files\RegVac Registry Cleaner
2008-06-05 22:31:29 0 d-------- C:\Program Files\Common Files
2008-06-04 00:59:56 0 d-------- C:\Program Files\WinTV
2008-06-02 20:43:46 0 d-------- C:\Documents and Settings\Anthony\Application Data\Azureus
2008-06-01 22:24:40 0 d-------- C:\Program Files\NCH Swift Sound
2008-05-31 15:45:09 0 d-------- C:\Documents and Settings\Anthony\Application Data\AdobeUM
2008-05-31 12:56:32 0 d-------- C:\Documents and Settings\Anthony\Application Data\Aventail
2008-05-31 12:52:01 0 d-------- C:\Program Files\NCH Software
2008-05-30 23:08:32 74176 --a------ C:\Documents and Settings\Anthony\Application Data\GDIPFONTCACHEV1.DAT
2008-05-29 00:35:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-06 22:26:44 201728 --a------ C:\WINDOWS\system32\im_screensaver.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-05-01 20:23:57 0 d-------- C:\Program Files\Capturex
2008-05-01 20:11:10 0 d-------- C:\Program Files\MultiMedia Navigator
2008-04-30 20:17:27 0 d-------- C:\Documents and Settings\Anthony\Application Data\Autodesk
2008-04-30 19:42:02 0 d-------- C:\Program Files\AutoCAD 2002
2008-04-30 19:40:07 0 d-------- C:\Program Files\WexTech
2008-04-30 19:40:07 0 d-------- C:\Program Files\Common Files\Wextech Shared
2008-04-30 19:40:07 0 d-------- C:\Program Files\Common Files\LHSPF
2008-04-30 19:39:57 0 d-------- C:\Program Files\Volo View Express
2008-04-30 19:39:37 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-23 13:29:20 0 d-------- C:\Program Files\McAfee
2008-04-20 14:07:03 0 d-------- C:\Program Files\EsetOnlineScanner
2008-04-20 02:52:52 0 d-------- C:\Documents and Settings\Anthony\Application Data\Uniblue
2008-04-20 02:28:34 0 d-------- C:\Program Files\PeerGuardian2
2008-04-13 23:10:23 0 d-------- C:\Documents and Settings\Anthony\Application Data\Media Player Classic
2008-04-13 22:49:22 0 d-------- C:\Program Files\Essentials Codec Pack
2008-03-08 14:38:19 8 --a------ C:\WINDOWS\system32\nvModes.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{109557FD-C1C4-47E5-B46F-11B2B48443B2}]
C:\WINDOWS\system32\jkkJabAR.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FA9D7B8-C667-4115-A225-B8D38D6006C9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d30526e-9b48-4a3a-98d9-e4a8b924fc94}]
06/06/2008 08:39 PM 108544 --a------ C:\WINDOWS\system32\sjyfeiym.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3DA4828-6A96-458B-8A49-795B88205ED3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6E95516-27C0-443D-9BA9-ABD8C12BAE16}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E07127FC-33CA-4EFC-A98A-E3BEF62BF0AC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [10/31/2006 12:44 AM]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [11/16/2006 09:05 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [09/11/2006 04:40 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/20/2006 06:34 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM]
"AtariBanner"="C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" [05/22/2001 06:17 PM]
"Ulead Quick-Drop"="C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 SE\Ulead DVD MovieFactory 5\Quick-Drop.exe" [06/06/2006 11:47 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" []
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [01/23/2007 11:12 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/14/2007 10:00 AM]
"RTHDCPL"="RTHDCPL.EXE" [07/05/2007 04:08 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/04/2007 06:14 PM]
"nwiz"="nwiz.exe" [10/04/2007 06:14 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/04/2007 06:14 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/2007 05:05 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [04/08/2007 12:44 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/23/2006 06:05 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [09/11/2006 04:40 AM]
"SageTV"="C:\Program Files\SageTV\SageTV\SageTV.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [5/15/2003 2:19:50 AM]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [6/19/2007 11:02:50 PM]
AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe [1/12/2008 2:36:05 PM]
Bluetooth.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [8/24/2005 2:06:54 PM]
HP OfficeJet Series 500 Startup.lnk - C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe [7/25/2007 10:38:04 PM]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [3/25/2008 12:15:30 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
scheduleTV.lnk - C:\Program Files\honestech\MY-IPTV Anywhere Server\scheduleTV.exe [11/25/2007 4:08:44 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoActiveDesktop"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXnOgFV]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"TVersityMediaServer"=2 (0x2)
"SoundMovieServer"=3 (0x3)
"SonicStage Back-End Service"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e492797d-51e5-11dc-84bf-001a4d440aa6}]
AutoRun\command- K:\.\MigWiz\migsetup.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8738 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-08 00:14:02 ------------



Here is my Hijackthis.txt

Logfile of HijackThis v1.99.1
Scan saved at 12:12:47 AM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\snmp.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\honestech\MY-IPTV Anywhere Server\UPnPAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Documents and Settings\Anthony\Desktop\dss.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\HIJACK~1\Anthony.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: (no name) - {109557FD-C1C4-47E5-B46F-11B2B48443B2} - C:\WINDOWS\system32\jkkJabAR.dll (file missing)
O2 - BHO: (no name) - {1FA9D7B8-C667-4115-A225-B8D38D6006C9} - (no file)
O2 - BHO: {49cf429b-8a4e-9d89-a3a4-84b9e62503d2} - {2d30526e-9b48-4a3a-98d9-e4a8b924fc94} - C:\WINDOWS\system32\sjyfeiym.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {A3DA4828-6A96-458B-8A49-795B88205ED3} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B6E95516-27C0-443D-9BA9-ABD8C12BAE16} - (no file)
O2 - BHO: (no name) - {E07127FC-33CA-4EFC-A98A-E3BEF62BF0AC} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 SE\Ulead DVD MovieFactory 5\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [SageTV] "C:\Program Files\SageTV\SageTV\SageTV.exe" -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP OfficeJet Series 500 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: scheduleTV.lnk = C:\Program Files\honestech\MY-IPTV Anywhere Server\scheduleTV.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182403293250
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://172.18.201.5/WinWebPush.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
O20 - Winlogon Notify: cbXnOgFV - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 08 June 2008 - 06:07 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.

Post that in your next reply with a fresh HijackThis log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 mrpman

mrpman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 09 June 2008 - 07:10 PM

am not sure what happened to my reply I did the other day, but here it goes again.

First, I would like to thank you for your reply, Charles.

I realized I had spybot running during the combofix, but I allowed all of the registry changes. Let me know if you think I should re-run without spybot.


Here is my combofix log

ComboFix 08-06-08.5 - Anthony 2008-06-08 23:12:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1420 [GMT -4:00]
Running from: C:\Documents and Settings\Anthony\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM13093b21.xml
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AJQWxyxx.ini
C:\WINDOWS\system32\AJQWxyxx.ini2
C:\WINDOWS\system32\btnyavpg.dll
C:\WINDOWS\system32\bxripwdo.dll
C:\WINDOWS\system32\cbXnOgFV.dll
C:\WINDOWS\system32\crdmnbko.dll
C:\WINDOWS\system32\iqadxwye.dll
C:\WINDOWS\system32\kdjaqewu.dll
C:\WINDOWS\system32\kjPonUvw.ini
C:\WINDOWS\system32\kjPonUvw.ini2
C:\WINDOWS\system32\oqocgtvb.dll
C:\WINDOWS\system32\RAbaJkkj.ini
C:\WINDOWS\system32\RAbaJkkj.ini2
C:\WINDOWS\system32\ruoyxoel.ini
C:\WINDOWS\system32\sjyfeiym.dll
C:\WINDOWS\system32\wvUnoPjk.dll
C:\WINDOWS\system32\xamdlwru.ini
C:\WINDOWS\system32\xwqsmtax.ini
C:\WINDOWS\system32\ydhrukdc.dll
C:\WINDOWS\system32\yfmfxrgg.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.

2008-06-08 23:19 . 54,156 C:\WINDOWS\QTFont.qfn
2008-06-08 23:19 . 1,409 C:\WINDOWS\QTFont.for
2008-06-08 01:32 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-08 01:31 . 2008-06-08 01:31 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-07 23:22 . 2008-06-07 23:22 <DIR> d-------- C:\Deckard
2008-06-06 22:56 . 2008-06-06 22:56 <DIR> d-------- C:\Documents and Settings\Anthony\Application Data\Malwarebytes
2008-06-06 22:55 . 2008-06-07 03:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 22:55 . 2008-06-06 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 22:55 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 22:55 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 21:21 . 2008-06-06 21:21 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-06-05 22:32 . 2008-06-05 22:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-05 22:32 . 2008-06-05 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-05 22:31 . 2008-06-05 22:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-05 22:17 . 2008-06-05 22:17 <DIR> d-------- C:\Program Files\Nsasoft
2008-05-31 12:54 . 2008-06-01 22:27 10,856 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-31 12:52 . 2008-05-31 12:52 <DIR> d-------- C:\Documents and Settings\Anthony\Application Data\NCH Software
2008-05-29 00:35 . 2008-05-29 00:35 <DIR> d-------- C:\Program Files\SanDisk
2008-05-29 00:35 . 2008-02-03 10:53 15,760 --a------ C:\WINDOWS\system32\iviaspi.sys
2008-05-27 22:56 . 2008-05-27 22:56 <DIR> d-------- C:\Converted
2008-05-27 22:54 . 2008-05-27 22:55 <DIR> d-------- C:\Program Files\SoundTaxi
2008-05-27 22:54 . 2006-12-13 19:02 513,152 --a------ C:\WINDOWS\system32\SndTDriverV32.sys
2008-05-27 22:54 . 2006-12-13 19:02 513,152 --a------ C:\WINDOWS\system32\drivers\SndTDriverV32.sys
2008-05-27 22:54 . 2006-12-13 19:02 3,992 --a------ C:\WINDOWS\system32\SndTDriverV32.inf
2008-05-25 00:21 . 2008-05-27 22:37 <DIR> d-------- C:\Program Files\Azureus
2008-05-20 20:49 . 2008-05-31 17:27 38 --a------ C:\WINDOWS\AviSplitter.INI
2008-05-20 20:45 . 2008-05-31 16:35 870,128 --a------ C:\WINDOWS\system32\mcs.rma
2008-05-20 20:45 . 2008-05-31 16:35 4 --a------ C:\WINDOWS\system32\24527E
2008-05-20 20:44 . 2008-05-20 20:44 <DIR> d-------- C:\Program Files\Common Files\Real
2008-05-20 20:44 . 2008-05-20 20:44 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2008-05-20 20:43 . 2008-05-20 20:45 <DIR> d-------- C:\Program Files\Rhapsody
2008-05-20 20:43 . 2008-05-20 20:43 <DIR> d-------- C:\Program Files\Real
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 03:21 35,289,120 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-09 03:16 414,548 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-08 05:32 --------- d-----w C:\Program Files\Java
2008-06-07 17:14 2,077,696 ----a-w C:\WINDOWS\Internet Logs\xDB55.tmp
2008-06-07 17:14 190,976 ----a-w C:\WINDOWS\Internet Logs\xDB54.tmp
2008-06-07 00:22 --------- d-----w C:\Program Files\RegVac Registry Cleaner
2008-06-06 01:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-05 04:30 2,860,544 ----a-w C:\WINDOWS\Internet Logs\xDB52.tmp
2008-06-05 04:30 2,067,456 ----a-w C:\WINDOWS\Internet Logs\xDB53.tmp
2008-06-05 04:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-04 04:59 --------- d-----w C:\Program Files\WinTV
2008-06-03 00:43 --------- d-----w C:\Documents and Settings\Anthony\Application Data\Azureus
2008-06-02 02:24 --------- d-----w C:\Program Files\NCH Swift Sound
2008-06-02 02:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-05-31 19:45 --------- d-----w C:\Documents and Settings\Anthony\Application Data\AdobeUM
2008-05-31 16:56 --------- d-----w C:\Documents and Settings\Anthony\Application Data\Aventail
2008-05-31 16:52 --------- d-----w C:\Program Files\NCH Software
2008-05-31 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Software
2008-05-31 03:08 74,176 ----a-w C:\Documents and Settings\Anthony\Application Data\GDIPFONTCACHEV1.DAT
2008-05-29 09:59 2,046,464 ----a-w C:\WINDOWS\Internet Logs\xDB51.tmp
2008-05-29 09:59 1,902,592 ----a-w C:\WINDOWS\Internet Logs\xDB50.tmp
2008-05-29 04:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-27 03:18 110,080 ----a-w C:\WINDOWS\Internet Logs\xDB4F.tmp
2008-05-26 08:28 149,504 ----a-w C:\WINDOWS\Internet Logs\xDB4E.tmp
2008-05-25 10:00 955,392 ----a-w C:\WINDOWS\Internet Logs\xDB4D.tmp
2008-05-22 07:08 201,216 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp
2008-05-22 07:08 2,034,688 ----a-w C:\WINDOWS\Internet Logs\xDB4C.tmp
2008-05-20 07:17 2,032,128 ----a-w C:\WINDOWS\Internet Logs\xDB4A.tmp
2008-05-20 07:17 132,608 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp
2008-05-19 05:35 2,031,616 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp
2008-05-19 05:35 144,896 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp
2008-05-18 10:26 2,031,104 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp
2008-05-18 10:26 146,944 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp
2008-05-17 09:22 480,256 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp
2008-05-17 09:22 2,030,592 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp
2008-05-12 06:05 977,920 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
2008-05-12 06:05 2,028,032 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp
2008-05-04 09:23 233,984 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
2008-05-04 09:23 2,020,864 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
2008-05-02 02:58 247,808 ----a-w C:\WINDOWS\Internet Logs\xDB3D.tmp
2008-05-02 02:58 2,020,352 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp
2008-05-02 00:23 --------- d-----w C:\Program Files\Capturex
2008-05-02 00:11 --------- d-----w C:\Program Files\MultiMedia Navigator
2008-05-01 00:17 --------- d-----w C:\Documents and Settings\Anthony\Application Data\Autodesk
2008-04-30 23:42 --------- d-----w C:\Program Files\AutoCAD 2002
2008-04-30 23:40 --------- d-----w C:\Program Files\WexTech
2008-04-30 23:40 --------- d-----w C:\Program Files\Common Files\Wextech Shared
2008-04-30 23:40 --------- d-----w C:\Program Files\Common Files\LHSPF
2008-04-30 23:39 --------- d-----w C:\Program Files\Volo View Express
2008-04-30 23:39 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-04-30 05:46 751,616 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
2008-04-30 05:46 2,018,816 ----a-w C:\WINDOWS\Internet Logs\xDB3C.tmp
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-28 15:19 --------- d-----w C:\Documents and Settings\Joseph\Application Data\Ulead Systems
2008-04-28 15:16 8,422,227 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-04-28 13:13 515,584 ----a-w C:\WINDOWS\Internet Logs\xDB39.tmp
2008-04-28 13:13 2,017,792 ----a-w C:\WINDOWS\Internet Logs\xDB3A.tmp
2008-04-25 04:09 417,280 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
2008-04-25 04:09 2,017,280 ----a-w C:\WINDOWS\Internet Logs\xDB38.tmp
2008-04-23 17:29 --------- d-----w C:\Program Files\McAfee
2008-04-21 05:08 2,082,304 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
2008-04-21 05:08 2,015,744 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
2008-04-20 18:07 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-04-20 06:52 --------- d-----w C:\Documents and Settings\Anthony\Application Data\Uniblue
2008-04-20 06:28 --------- d-----w C:\Program Files\PeerGuardian2
2008-04-20 00:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-04-19 09:55 108,032 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp
2008-04-18 07:20 498,688 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp
2008-04-18 07:20 2,008,064 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp
2008-04-14 03:10 --------- d-----w C:\Documents and Settings\Anthony\Application Data\Media Player Classic
2008-04-14 02:49 --------- d-----w C:\Program Files\Essentials Codec Pack
2008-04-12 09:22 147,456 ----a-w C:\WINDOWS\Internet Logs\xDB31.tmp
2008-04-10 07:00 328,192 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp
2008-04-07 12:40 531,456 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
2008-04-07 12:40 1,997,312 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
2008-03-25 06:21 133,632 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2008-03-25 06:21 1,987,072 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp
2008-03-24 12:36 372,736 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2008-03-24 12:36 1,969,664 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2008-03-22 10:28 261,120 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2008-03-20 07:47 317,440 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2008-03-17 06:04 451,584 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2008-03-17 06:04 1,958,400 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2008-03-13 04:34 94,208 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2008-03-12 12:51 266,752 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2008-03-12 12:51 1,954,816 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2008-03-10 06:06 267,776 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2008-03-10 06:06 1,950,208 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2008-03-09 08:18 889,344 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-03-09 08:18 1,937,920 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2007-10-09 02:36 87,608 ----a-w C:\Documents and Settings\Anthony\Application Data\inst.exe
2007-10-09 02:36 47,360 ----a-w C:\Documents and Settings\Anthony\Application Data\pcouffin.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sha-w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{109557FD-C1C4-47E5-B46F-11B2B48443B2}]
C:\WINDOWS\system32\jkkJabAR.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FA9D7B8-C667-4115-A225-B8D38D6006C9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d30526e-9b48-4a3a-98d9-e4a8b924fc94}]
C:\WINDOWS\system32\sjyfeiym.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3DA4828-6A96-458B-8A49-795B88205ED3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6E95516-27C0-443D-9BA9-ABD8C12BAE16}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E07127FC-33CA-4EFC-A98A-E3BEF62BF0AC}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 04:40 218032]
"SageTV"="C:\Program Files\SageTV\SageTV\SageTV.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-31 00:44 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-11-16 21:05 1953792]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-11 04:40 218032]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 18:34 86960]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"AtariBanner"="C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" [2001-05-22 18:17 49152]
"Ulead Quick-Drop"="C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 SE\Ulead DVD MovieFactory 5\Quick-Drop.exe" [2006-06-06 11:47 118784]
"PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [ ]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2007-01-23 11:12 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00 267064]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05 919016]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [2007-04-08 12:44 303104]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"combofix"="C:\WINDOWS\system32\CF24299.exe" [2004-08-04 00:56 388608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 00:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 02:19:50 217193]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2007-06-19 23:02:50 209005]
AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe [2008-01-12 14:36:05 106551]
Bluetooth.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [2005-08-24 14:06:54 577597]
HP OfficeJet Series 500 Startup.lnk - C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe [2007-07-25 22:38:04 1175552]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2008-03-25 00:15:30 57344]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
scheduleTV.lnk - C:\Program Files\honestech\MY-IPTV Anywhere Server\scheduleTV.exe [2007-11-25 04:08:44 98304]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXnOgFV]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.avis"= ff_acm.acm
"msvideo3"= STVqx3tg.dll
"vidc.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"TVersityMediaServer"=2 (0x2)
"SoundMovieServer"=3 (0x3)
"SonicStage Back-End Service"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP2\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP2\\RpcSandraSrv.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 MLPTDR_C;MLPTDR_C;C:\WINDOWS\system32\MLPTDR_C.sys [2002-09-03 19:31]
R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\WINDOWS\system32\drivers\hcw18bda.sys [2007-07-23 23:26]
R3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2008-02-21 09:23]
R3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-12-13 19:02]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-08-03 00:13]
S3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~1\WinTV\HCWTVS~1.EXE [2007-02-20 16:11]
S3 STVqx3;Intel Play QX3 Microscope;C:\WINDOWS\system32\drivers\STVqx3.sys [2001-04-12 15:04]
S3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 05:28:59 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-06-01 05:00:25 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-05-20 06:45:01 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-20 06:30:21 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 23:20:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ups.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\honestech\MY-IPTV Anywhere Server\UPnPAgent.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\hpovdx05.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
.
**************************************************************************
.
Completion time: 2008-06-08 23:27:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-09 03:27:51

Pre-Run: 189,000,110,080 bytes free
Post-Run: 188,699,770,880 bytes free

337 --- E O F --- 2008-05-28 02:45:17









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:51 PM, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\honestech\MY-IPTV Anywhere Server\scheduleTV.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\honestech\MY-IPTV Anywhere Server\UPnPAgent.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Documents and Settings\Anthony\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: (no name) - {109557FD-C1C4-47E5-B46F-11B2B48443B2} - C:\WINDOWS\system32\jkkJabAR.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 SE\Ulead DVD MovieFactory 5\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [SageTV] "C:\Program Files\SageTV\SageTV\SageTV.exe" -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP OfficeJet Series 500 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: scheduleTV.lnk = C:\Program Files\honestech\MY-IPTV Anywhere Server\scheduleTV.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182403293250
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://172.18.201.5/WinWebPush.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
O16 - DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} (Java Plug-in 1.4.2_13) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
O20 - Winlogon Notify: cbXnOgFV - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13613 bytes

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 10 June 2008 - 02:02 PM

Before we begin, please visit the page below, scroll down to the part which says "How to install and use the Windows XP Recovery Console," and follow those instructions:

How to download and use ComboFix

Then please run another scan with Combofix and post back the new log, along with a HijackThis log
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 mrpman

mrpman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 10 June 2008 - 08:16 PM

OK, I installed the windows recovery console so here are my new logs





ComboFix 08-06-08.5 - Anthony 2008-06-10 21:04:27.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1415 [GMT -4:00]
Running from: C:\Documents and Settings\Anthony\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Anthony\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Anthony\Application Data\inst.exe
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\temp.dmf

.
((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.

2008-06-10 20:55 . 2008-06-10 20:55 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-08 01:32 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-08 01:31 . 2008-06-08 01:31 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-07 23:22 . 2008-06-07 23:22 <DIR> d-------- C:\Deckard
2008-06-06 22:56 . 2008-06-06 22:56 <DIR> d-------- C:\Documents and Settings\Anthony\Application Data\Malwarebytes
2008-06-06 22:55 . 2008-06-07 03:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 22:55 . 2008-06-06 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 22:55 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 22:55 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 21:21 . 2008-06-06 21:21 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-06-05 22:32 . 2008-06-05 22:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-05 22:32 . 2008-06-05 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-05 22:31 . 2008-06-05 22:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-05 22:17 . 2008-06-05 22:17 <DIR> d-------- C:\Program Files\Nsasoft
2008-05-31 12:54 . 2008-06-09 22:46 10,856 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-31 12:52 . 2008-05-31 12:52 <DIR> d-------- C:\Documents and Settings\Anthony\Application Data\NCH Software
2008-05-29 00:35 . 2008-05-29 00:35 <DIR> d-------- C:\Program Files\SanDisk
2008-05-29 00:35 . 2008-02-03 10:53 15,760 --a------ C:\WINDOWS\system32\iviaspi.sys
2008-05-27 22:56 . 2008-05-27 22:56 <DIR> d-------- C:\Converted
2008-05-27 22:54 . 2008-05-27 22:55 <DIR> d-------- C:\Program Files\SoundTaxi
2008-05-27 22:54 . 2006-12-13 19:02 513,152 --a------ C:\WINDOWS\system32\SndTDriverV32.sys
2008-05-27 22:54 . 2006-12-13 19:02 513,152 --a------ C:\WINDOWS\system32\drivers\SndTDriverV32.sys
2008-05-27 22:54 . 2006-12-13 19:02 3,992 --a------ C:\WINDOWS\system32\SndTDriverV32.inf
2008-05-25 00:21 . 2008-05-27 22:37 <DIR> d-------- C:\Program Files\Azureus
2008-05-20 20:49 . 2008-05-31 17:27 38 --a------ C:\WINDOWS\AviSplitter.INI
2008-05-20 20:45 . 2008-05-31 16:35 870,128 --a------ C:\WINDOWS\system32\mcs.rma
2008-05-20 20:45 . 2008-05-31 16:35 4 --a------ C:\WINDOWS\system32\24527E
2008-05-20 20:44 . 2008-05-20 20:44 <DIR> d-------- C:\Program Files\Common Files\Real
2008-05-20 20:44 . 2008-05-20 20:44 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2008-05-20 20:43 . 2008-05-20 20:45 <DIR> d-------- C:\Program Files\Rhapsody
2008-05-20 20:43 . 2008-05-20 20:43 <DIR> d-------- C:\Program Files\Real
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 01:07 35,479,584 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-10 06:30 650,752 ----a-w C:\WINDOWS\Internet Logs\xDB56.tmp
2008-06-10 06:30 416,252 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-10 06:30 2,087,936 ----a-w C:\WINDOWS\Internet Logs\xDB57.tmp
2008-06-10 02:35 --------- d-----w C:\Program Files\WinTV
2008-06-08 05:32 --------- d-----w C:\Program Files\Java
2008-06-07 17:14 2,077,696 ----a-w C:\WINDOWS\Internet Logs\xDB55.tmp
2008-06-07 17:14 190,976 ----a-w C:\WINDOWS\Internet Logs\xDB54.tmp
2008-06-07 00:22 --------- d-----w C:\Program Files\RegVac Registry Cleaner
2008-06-06 01:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-05 04:30 2,860,544 ----a-w C:\WINDOWS\Internet Logs\xDB52.tmp
2008-06-05 04:30 2,067,456 ----a-w C:\WINDOWS\Internet Logs\xDB53.tmp
2008-06-05 04:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-03 00:43 --------- d-----w C:\Documents and Settings\Anthony\Application Data\Azureus
2008-06-02 02:24 --------- d-----w C:\Program Files\NCH Swift Sound
2008-06-02 02:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-05-31 19:45 --------- d-----w C:\Documents and Settings\Anthony\Application Data\AdobeUM
2008-05-31 16:56 --------- d-----w C:\Documents and Settings\Anthony\Application Data\Aventail
2008-05-31 16:52 --------- d-----w C:\Program Files\NCH Software
2008-05-31 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Software
2008-05-31 03:08 74,176 ----a-w C:\Documents and Settings\Anthony\Application Data\GDIPFONTCACHEV1.DAT
2008-05-29 09:59 2,046,464 ----a-w C:\WINDOWS\Internet Logs\xDB51.tmp
2008-05-29 09:59 1,902,592 ----a-w C:\WINDOWS\Internet Logs\xDB50.tmp
2008-05-29 04:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-27 03:18 110,080 ----a-w C:\WINDOWS\Internet Logs\xDB4F.tmp
2008-05-26 08:28 149,504 ----a-w C:\WINDOWS\Internet Logs\xDB4E.tmp
2008-05-25 10:00 955,392 ----a-w C:\WINDOWS\Internet Logs\xDB4D.tmp
2008-05-22 07:08 201,216 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp
2008-05-22 07:08 2,034,688 ----a-w C:\WINDOWS\Internet Logs\xDB4C.tmp
2008-05-20 07:17 2,032,128 ----a-w C:\WINDOWS\Internet Logs\xDB4A.tmp
2008-05-20 07:17 132,608 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp
2008-05-19 05:35 2,031,616 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp
2008-05-19 05:35 144,896 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp
2008-05-18 10:26 2,031,104 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp
2008-05-18 10:26 146,944 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp
2008-05-17 09:22 480,256 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp
2008-05-17 09:22 2,030,592 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp
2008-05-12 06:05 977,920 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
2008-05-12 06:05 2,028,032 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp
2008-05-07 02:26 201,728 ----a-w C:\WINDOWS\system32\im_screensaver.scr
2008-05-04 09:23 233,984 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
2008-05-04 09:23 2,020,864 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
2008-05-02 02:58 247,808 ----a-w C:\WINDOWS\Internet Logs\xDB3D.tmp
2008-05-02 02:58 2,020,352 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp
2008-05-02 00:23 --------- d-----w C:\Program Files\Capturex
2008-05-02 00:11 --------- d-----w C:\Program Files\MultiMedia Navigator
2008-05-01 00:17 --------- d-----w C:\Documents and Settings\Anthony\Application Data\Autodesk
2008-04-30 23:42 --------- d-----w C:\Program Files\AutoCAD 2002
2008-04-30 23:40 --------- d-----w C:\Program Files\WexTech
2008-04-30 23:40 --------- d-----w C:\Program Files\Common Files\Wextech Shared
2008-04-30 23:40 --------- d-----w C:\Program Files\Common Files\LHSPF
2008-04-30 23:39 --------- d-----w C:\Program Files\Volo View Express
2008-04-30 23:39 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-04-30 05:46 751,616 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
2008-04-30 05:46 2,018,816 ----a-w C:\WINDOWS\Internet Logs\xDB3C.tmp
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-28 15:19 --------- d-----w C:\Documents and Settings\Joseph\Application Data\Ulead Systems
2008-04-28 15:16 8,422,227 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-04-28 13:13 515,584 ----a-w C:\WINDOWS\Internet Logs\xDB39.tmp
2008-04-28 13:13 2,017,792 ----a-w C:\WINDOWS\Internet Logs\xDB3A.tmp
2008-04-25 04:09 417,280 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
2008-04-25 04:09 2,017,280 ----a-w C:\WINDOWS\Internet Logs\xDB38.tmp
2008-04-23 17:29 --------- d-----w C:\Program Files\McAfee
2008-04-21 05:08 2,082,304 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
2008-04-21 05:08 2,015,744 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
2008-04-20 18:07 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-04-20 06:52 --------- d-----w C:\Documents and Settings\Anthony\Application Data\Uniblue
2008-04-20 06:28 --------- d-----w C:\Program Files\PeerGuardian2
2008-04-20 00:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-04-19 09:55 108,032 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp
2008-04-18 07:20 498,688 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp
2008-04-18 07:20 2,008,064 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp
2008-04-14 03:10 --------- d-----w C:\Documents and Settings\Anthony\Application Data\Media Player Classic
2008-04-14 02:49 --------- d-----w C:\Program Files\Essentials Codec Pack
2008-04-12 09:22 147,456 ----a-w C:\WINDOWS\Internet Logs\xDB31.tmp
2008-04-10 07:00 328,192 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp
2008-04-07 12:40 531,456 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
2008-04-07 12:40 1,997,312 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 06:21 133,632 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2008-03-25 06:21 1,987,072 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp
2008-03-24 12:36 372,736 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2008-03-24 12:36 1,969,664 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2008-03-22 10:28 261,120 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2008-03-20 07:47 317,440 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 06:04 451,584 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2008-03-17 06:04 1,958,400 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2008-03-13 04:34 94,208 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2008-03-12 12:51 266,752 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2008-03-12 12:51 1,954,816 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2007-10-09 02:36 47,360 ----a-w C:\Documents and Settings\Anthony\Application Data\pcouffin.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sha-w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-08_23.27.29.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-09 03:18:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-11 00:48:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-09 03:10:55 64,346 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-09 03:23:02 64,346 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-09 03:10:55 407,560 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-09 03:23:03 407,560 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-11 00:49:49 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{109557FD-C1C4-47E5-B46F-11B2B48443B2}]
C:\WINDOWS\system32\jkkJabAR.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 04:40 218032]
"SageTV"="C:\Program Files\SageTV\SageTV\SageTV.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-31 00:44 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-11-16 21:05 1953792]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-11 04:40 218032]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 18:34 86960]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"AtariBanner"="C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" [2001-05-22 18:17 49152]
"Ulead Quick-Drop"="C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 SE\Ulead DVD MovieFactory 5\Quick-Drop.exe" [2006-06-06 11:47 118784]
"PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [ ]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2007-01-23 11:12 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00 267064]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05 919016]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [2007-04-08 12:44 303104]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 00:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 02:19:50 217193]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2007-06-19 23:02:50 209005]
AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe [2008-01-12 14:36:05 106551]
Bluetooth.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [2005-08-24 14:06:54 577597]
HP OfficeJet Series 500 Startup.lnk - C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe [2007-07-25 22:38:04 1175552]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2008-03-25 00:15:30 57344]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
scheduleTV.lnk - C:\Program Files\honestech\MY-IPTV Anywhere Server\scheduleTV.exe [2007-11-25 04:08:44 98304]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXnOgFV]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.avis"= ff_acm.acm
"msvideo3"= STVqx3tg.dll
"vidc.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"TVersityMediaServer"=2 (0x2)
"SoundMovieServer"=3 (0x3)
"SonicStage Back-End Service"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP2\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP2\\RpcSandraSrv.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 MLPTDR_C;MLPTDR_C;C:\WINDOWS\system32\MLPTDR_C.sys [2002-09-03 19:31]
R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\WINDOWS\system32\drivers\hcw18bda.sys [2007-07-23 23:26]
R3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2008-02-21 09:23]
R3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-12-13 19:02]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-08-03 00:13]
S3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~1\WinTV\HCWTVS~1.EXE [2007-02-20 16:11]
S3 STVqx3;Intel Play QX3 Microscope;C:\WINDOWS\system32\drivers\STVqx3.sys [2001-04-12 15:04]
S3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 05:28:59 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-06-01 05:00:25 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-06-09 06:45:01 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-20 06:30:21 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 21:07:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-10 21:08:55
ComboFix-quarantined-files.txt 2008-06-11 01:08:51
ComboFix2.txt 2008-06-09 03:27:57

Pre-Run: 188,151,099,392 bytes free
Post-Run: 188,127,817,728 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

287 --- E O F --- 2008-05-28 02:45:17





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:44 PM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\honestech\MY-IPTV Anywhere Server\scheduleTV.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\honestech\MY-IPTV Anywhere Server\UPnPAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Anthony\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: (no name) - {109557FD-C1C4-47E5-B46F-11B2B48443B2} - C:\WINDOWS\system32\jkkJabAR.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 SE\Ulead DVD MovieFactory 5\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [SageTV] "C:\Program Files\SageTV\SageTV\SageTV.exe" -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP OfficeJet Series 500 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: scheduleTV.lnk = C:\Program Files\honestech\MY-IPTV Anywhere Server\scheduleTV.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182403293250
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://172.18.201.5/WinWebPush.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
O16 - DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} (Java Plug-in 1.4.2_13) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
O20 - Winlogon Notify: cbXnOgFV - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13332 bytes

Edited by mrpman, 10 June 2008 - 08:17 PM.


#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 13 June 2008 - 04:59 AM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply with a new Combofix log and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 mrpman

mrpman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 14 June 2008 - 11:24 AM

Charles,

Thanks for your help so far, I left you a donation. I will run additional tools and post more logs. You guys are great, keep up the good work.

Thanks

#8 mrpman

mrpman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 14 June 2008 - 11:56 AM

OK, ran mbam and combofix here are results


Malwarebytes' Anti-Malware 1.17
Database version: 855

12:44:33 PM 6/14/2008
mbam-log-6-14-2008 (12-44-33).txt

Scan type: Quick Scan
Objects scanned: 50064
Time elapsed: 14 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






ComboFix 08-06-08.5 - Anthony 2008-06-14 12:46:54.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1178 [GMT -4:00]
Running from: C:\Documents and Settings\Anthony\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.

2008-06-10 20:55 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 20:55 . 2008-04-14 07:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 01:32 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-08 01:31 . 2008-06-08 01:31 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-07 23:22 . 2008-06-07 23:22 <DIR> d-------- C:\Deckard
2008-06-06 22:56 . 2008-06-06 22:56 <DIR> d-------- C:\Documents and Settings\Anthony\Application Data\Malwarebytes
2008-06-06 22:55 . 2008-06-14 12:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 22:55 . 2008-06-06 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 22:55 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 22:55 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 21:21 . 2008-06-06 21:21 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-06-05 22:32 . 2008-06-05 22:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-05 22:32 . 2008-06-05 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-05 22:31 . 2008-06-05 22:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-05 22:17 . 2008-06-05 22:17 <DIR> d-------- C:\Program Files\Nsasoft
2008-05-31 12:54 . 2008-06-09 22:46 10,856 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-31 12:52 . 2008-05-31 12:52 <DIR> d-------- C:\Documents and Settings\Anthony\Application Data\NCH Software
2008-05-29 00:35 . 2008-05-29 00:35 <DIR> d-------- C:\Program Files\SanDisk
2008-05-29 00:35 . 2008-02-03 10:53 15,760 --a------ C:\WINDOWS\system32\iviaspi.sys
2008-05-27 22:56 . 2008-05-27 22:56 <DIR> d-------- C:\Converted
2008-05-27 22:54 . 2008-05-27 22:55 <DIR> d-------- C:\Program Files\SoundTaxi
2008-05-27 22:54 . 2006-12-13 19:02 513,152 --a------ C:\WINDOWS\system32\SndTDriverV32.sys
2008-05-27 22:54 . 2006-12-13 19:02 513,152 --a------ C:\WINDOWS\system32\drivers\SndTDriverV32.sys
2008-05-27 22:54 . 2006-12-13 19:02 3,992 --a------ C:\WINDOWS\system32\SndTDriverV32.inf
2008-05-25 00:21 . 2008-05-27 22:37 <DIR> d-------- C:\Program Files\Azureus
2008-05-20 20:49 . 2008-06-12 23:31 38 --a------ C:\WINDOWS\AviSplitter.INI
2008-05-20 20:45 . 2008-06-12 23:22 870,128 --a------ C:\WINDOWS\system32\mcs.rma
2008-05-20 20:45 . 2008-06-12 23:22 4 --a------ C:\WINDOWS\system32\24527E
2008-05-20 20:44 . 2008-05-20 20:44 <DIR> d-------- C:\Program Files\Common Files\Real
2008-05-20 20:44 . 2008-05-20 20:44 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2008-05-20 20:43 . 2008-05-20 20:45 <DIR> d-------- C:\Program Files\Rhapsody
2008-05-20 20:43 . 2008-05-20 20:43 <DIR> d-------- C:\Program Files\Real
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 16:51 36,403,232 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-13 09:12 427,316 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-12 04:21 313,344 ----a-w C:\WINDOWS\Internet Logs\xDB58.tmp
2008-06-12 04:21 2,092,032 ----a-w C:\WINDOWS\Internet Logs\xDB59.tmp
2008-06-10 06:30 650,752 ----a-w C:\WINDOWS\Internet Logs\xDB56.tmp
2008-06-10 06:30 2,087,936 ----a-w C:\WINDOWS\Internet Logs\xDB57.tmp
2008-06-10 02:35 --------- d-----w C:\Program Files\WinTV
2008-06-08 05:32 --------- d-----w C:\Program Files\Java
2008-06-07 17:14 2,077,696 ----a-w C:\WINDOWS\Internet Logs\xDB55.tmp
2008-06-07 17:14 190,976 ----a-w C:\WINDOWS\Internet Logs\xDB54.tmp
2008-06-07 00:22 --------- d-----w C:\Program Files\RegVac Registry Cleaner
2008-06-06 01:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-05 04:30 2,860,544 ----a-w C:\WINDOWS\Internet Logs\xDB52.tmp
2008-06-05 04:30 2,067,456 ----a-w C:\WINDOWS\Internet Logs\xDB53.tmp
2008-06-05 04:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-03 00:43 --------- d-----w C:\Documents and Settings\Anthony\Application Data\Azureus
2008-06-02 02:24 --------- d-----w C:\Program Files\NCH Swift Sound
2008-06-02 02:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-05-31 19:45 --------- d-----w C:\Documents and Settings\Anthony\Application Data\AdobeUM
2008-05-31 16:56 --------- d-----w C:\Documents and Settings\Anthony\Application Data\Aventail
2008-05-31 16:52 --------- d-----w C:\Program Files\NCH Software
2008-05-31 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Software
2008-05-31 03:08 74,176 ----a-w C:\Documents and Settings\Anthony\Application Data\GDIPFONTCACHEV1.DAT
2008-05-29 09:59 2,046,464 ----a-w C:\WINDOWS\Internet Logs\xDB51.tmp
2008-05-29 09:59 1,902,592 ----a-w C:\WINDOWS\Internet Logs\xDB50.tmp
2008-05-29 04:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-27 03:18 110,080 ----a-w C:\WINDOWS\Internet Logs\xDB4F.tmp
2008-05-26 08:28 149,504 ----a-w C:\WINDOWS\Internet Logs\xDB4E.tmp
2008-05-25 10:00 955,392 ----a-w C:\WINDOWS\Internet Logs\xDB4D.tmp
2008-05-22 07:08 201,216 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp
2008-05-22 07:08 2,034,688 ----a-w C:\WINDOWS\Internet Logs\xDB4C.tmp
2008-05-20 07:17 2,032,128 ----a-w C:\WINDOWS\Internet Logs\xDB4A.tmp
2008-05-20 07:17 132,608 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp
2008-05-19 05:35 2,031,616 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp
2008-05-19 05:35 144,896 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp
2008-05-18 10:26 2,031,104 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp
2008-05-18 10:26 146,944 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp
2008-05-17 09:22 480,256 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp
2008-05-17 09:22 2,030,592 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp
2008-05-12 06:05 977,920 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
2008-05-12 06:05 2,028,032 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 02:26 201,728 ----a-w C:\WINDOWS\system32\im_screensaver.scr
2008-05-04 09:23 233,984 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
2008-05-04 09:23 2,020,864 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
2008-05-02 02:58 247,808 ----a-w C:\WINDOWS\Internet Logs\xDB3D.tmp
2008-05-02 02:58 2,020,352 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp
2008-05-02 00:23 --------- d-----w C:\Program Files\Capturex
2008-05-02 00:11 --------- d-----w C:\Program Files\MultiMedia Navigator
2008-05-01 00:17 --------- d-----w C:\Documents and Settings\Anthony\Application Data\Autodesk
2008-04-30 23:42 --------- d-----w C:\Program Files\AutoCAD 2002
2008-04-30 23:40 --------- d-----w C:\Program Files\WexTech
2008-04-30 23:40 --------- d-----w C:\Program Files\Common Files\Wextech Shared
2008-04-30 23:40 --------- d-----w C:\Program Files\Common Files\LHSPF
2008-04-30 23:39 --------- d-----w C:\Program Files\Volo View Express
2008-04-30 23:39 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-04-30 05:46 751,616 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
2008-04-30 05:46 2,018,816 ----a-w C:\WINDOWS\Internet Logs\xDB3C.tmp
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-28 15:19 --------- d-----w C:\Documents and Settings\Joseph\Application Data\Ulead Systems
2008-04-28 15:16 8,422,227 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-04-28 13:13 515,584 ----a-w C:\WINDOWS\Internet Logs\xDB39.tmp
2008-04-28 13:13 2,017,792 ----a-w C:\WINDOWS\Internet Logs\xDB3A.tmp
2008-04-25 04:09 417,280 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
2008-04-25 04:09 2,017,280 ----a-w C:\WINDOWS\Internet Logs\xDB38.tmp
2008-04-23 17:29 --------- d-----w C:\Program Files\McAfee
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-21 05:08 2,082,304 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
2008-04-21 05:08 2,015,744 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
2008-04-20 18:07 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-04-20 06:52 --------- d-----w C:\Documents and Settings\Anthony\Application Data\Uniblue
2008-04-20 06:28 --------- d-----w C:\Program Files\PeerGuardian2
2008-04-20 00:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-04-19 09:55 108,032 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp
2008-04-18 07:20 498,688 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp
2008-04-18 07:20 2,008,064 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp
2008-04-14 03:10 --------- d-----w C:\Documents and Settings\Anthony\Application Data\Media Player Classic
2008-04-14 02:49 --------- d-----w C:\Program Files\Essentials Codec Pack
2008-04-12 09:22 147,456 ----a-w C:\WINDOWS\Internet Logs\xDB31.tmp
2008-04-10 07:00 328,192 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp
2008-04-07 12:40 531,456 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
2008-04-07 12:40 1,997,312 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 06:21 133,632 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2008-03-25 06:21 1,987,072 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp
2008-03-24 12:36 372,736 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2008-03-24 12:36 1,969,664 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2008-03-22 10:28 261,120 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2008-03-20 07:47 317,440 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 06:04 451,584 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2008-03-17 06:04 1,958,400 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2007-10-09 02:36 47,360 ----a-w C:\Documents and Settings\Anthony\Application Data\pcouffin.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sha-w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-08_23.27.29.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-07-03 03:03:56 20,080 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2008-06-13 02:15:51 22,928 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
- 2007-07-03 03:03:55 371,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2008-06-13 02:15:40 374,152 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
- 2007-07-03 03:03:56 64,088 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-06-13 02:16:01 66,936 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2007-07-03 03:03:56 223,800 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-06-13 02:15:52 226,656 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
- 2008-06-09 03:18:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-14 16:11:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 13:06:21 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 13:06:21 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 22:36:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 13:06:29 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 13:06:31 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
+ 2003-07-15 02:57:34 38,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\AUTHZAX.DLL
+ 2003-07-15 02:53:06 94,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\AW.DLL
+ 2003-08-16 10:26:42 132,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\BRTVIEW.DLL
+ 2003-08-16 10:27:06 173,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\CMAX20.DLL
+ 2003-08-16 10:26:32 65,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\CODEEDIT.DLL
+ 2003-08-16 10:27:38 309,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\DATAGATH.DLL
+ 2003-08-16 10:26:32 83,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\DBSHARE.DLL
+ 2003-08-16 10:29:12 668,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\DBWIZ.DLL
+ 2003-07-15 02:56:54 14,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\DSITF.DLL
+ 2003-07-15 02:57:14 98,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\DSSM.EXE
+ 2003-08-16 10:26:20 49,720 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\EDITOR.EXE
+ 2003-08-16 10:26:46 148,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\EDITORS.DLL
+ 2003-08-16 10:27:08 178,304 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\ELEMENTS.DLL
+ 2003-08-16 10:26:46 110,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\ELEMUTIL.DLL
+ 2007-07-03 03:03:55 371,296 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\FORMSPIA.DLL
+ 2003-08-16 10:30:34 1,142,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\GANTT.DLL
+ 2003-08-16 10:27:36 307,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\HVAC.DLL
+ 2003-08-16 10:28:38 533,632 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\IMCOMMON.DLL
+ 2003-08-16 10:26:58 143,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\IMUTIL.DLL
+ 2003-08-16 10:27:04 175,736 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\IMWDD.DLL
+ 2003-08-16 10:26:08 21,624 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\IMWIZ.DLL
+ 2003-08-16 10:27:14 208,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\IXUTIL.DLL
+ 2003-08-16 10:28:06 339,000 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\LGND.DLL
+ 2003-08-16 10:28:04 348,792 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\LOGVIEW.DLL
+ 2003-08-16 10:26:54 159,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\MPXINT.DLL
+ 2003-07-15 02:57:14 124,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\MSB1CORE.DLL
+ 2003-07-15 03:12:22 47,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\MSB1XTOR.DLL
+ 2003-07-15 02:51:44 87,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\MSENCODE.DLL
+ 2003-07-15 02:52:52 17,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\MSMH.DLL
+ 2003-07-15 02:57:16 120,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\MSOAUTH.DLL
+ 2003-07-15 02:52:52 27,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\MSODCW.DLL
+ 2003-07-15 02:52:56 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\MSOHTMED.EXE
+ 2003-07-11 06:15:48 1,292,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\MSONSEXT.DLL
+ 2003-07-15 06:18:52 376,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\MSORUN.DLL
+ 2003-07-15 02:52:54 28,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\MSOSTYLE.DLL
+ 2003-08-16 10:26:36 93,304 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\MSOUTLS.DLL
+ 2003-07-15 02:46:16 42,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\MSOXEV.DLL
+ 2003-07-15 02:45:12 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\MSOXMLED.EXE
+ 2003-07-15 02:45:12 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\MSOXMLMF.DLL
+ 2003-07-15 02:52:58 41,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\MSSH.DLL
+ 2007-07-03 03:03:56 20,080 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\MSTAGPIA.DLL
+ 2003-07-15 02:56:52 13,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\NPOFFICE.DLL
+ 2007-07-03 03:03:56 223,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\OFFICE.DLL
+ 2003-08-16 10:26:18 48,184 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\ORGWIZ.EXE
+ 2003-08-16 10:27:40 333,952 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\ORMELEMS.DLL
+ 2003-08-16 10:27:38 326,776 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\PDSBASE.DLL
+ 2003-08-16 10:29:36 850,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\PE.DLL
+ 2003-08-16 10:26:24 56,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\PROJIMPT.EXE
+ 2003-08-16 10:27:02 156,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\PROJMODL.DLL
+ 2003-08-16 10:26:24 56,440 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\PROPMGR.DLL
+ 2003-08-16 10:29:06 754,232 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\PROPRPT.DLL
+ 2003-05-09 01:54:00 77,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\REFEDIT.DLL
+ 2003-07-15 02:57:08 40,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\REFIEBAR.DLL
+ 2003-08-16 10:27:04 163,960 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\REPORT.DLL
+ 2003-08-16 10:28:34 434,304 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\SAVASWEB.DLL
+ 2003-08-16 10:27:38 313,912 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\SAVWBHF.DLL
+ 2003-08-16 10:27:34 266,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\SAVWBRAS.DLL
+ 2003-08-16 10:27:34 263,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\SAVWBVML.DLL
+ 2003-07-15 02:57:18 349,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\SELFCERT.EXE
+ 2003-07-15 02:57:08 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\SEQCHK10.DLL
+ 2003-08-16 10:31:34 2,641,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\SG.DLL
+ 2003-08-16 10:27:10 191,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\SHAPNUM.DLL
+ 2003-08-16 10:27:04 162,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\SMIGRATE.DLL
+ 2003-08-16 10:27:06 181,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\SQLSHARE.DLL
+ 2003-08-16 10:26:40 92,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\STYLEMGR.DLL
+ 2003-08-16 10:26:26 61,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\SUMINFO.DLL
+ 2003-08-16 10:26:20 47,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\TLIMPT.EXE
+ 2003-08-16 10:28:08 373,304 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\UMLVB.DLL
+ 2003-08-16 10:28:04 341,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\UMLVC60.DLL
+ 2003-08-16 10:26:36 93,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\VAOSOLX.DLL
+ 2007-07-03 03:03:56 64,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\VBIDEPIA.DLL
+ 2003-08-16 10:26:54 126,592 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\VERBWIND.DLL
+ 2003-08-16 10:26:38 86,080 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\VIEWMODL.DLL
+ 2003-08-16 10:27:14 242,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\VISCOLOR.DLL
+ 2003-08-16 10:26:50 148,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\VISDLGU.DLL
+ 2003-08-16 10:31:34 2,271,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\VISFILT.DLL
+ 2003-08-16 10:27:36 308,856 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\VISGRF.DLL
+ 2003-08-16 10:26:34 91,200 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\VISPRX32.DLL
+ 2003-08-16 10:29:34 785,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\VISSHE.DLL
+ 2003-08-16 10:29:04 583,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\VISSUPP.DLL
+ 2003-08-16 10:28:10 413,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\VISUTILS.DLL
+ 2003-08-16 10:30:04 998,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\VISWEB.DLL
+ 2003-08-16 10:26:22 53,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\VISXDATA.DLL
+ 2003-08-16 10:28:36 524,344 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.3216\XFUNC.DLL
+ 2002-12-01 02:02:28 122,935 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040151900063D11C8EF10054038389C\11.0.8173\MSBSC60.DLL
- 2008-04-10 07:00:34 12,288 ----a-r C:\WINDOWS\Installer\{91510409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-13 02:16:10 12,288 ----a-r C:\WINDOWS\Installer\{91510409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-04-10 07:00:34 135,168 ----a-r C:\WINDOWS\Installer\{91510409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-13 02:16:10 135,168 ----a-r C:\WINDOWS\Installer\{91510409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-04-10 07:00:34 4,096 ----a-r C:\WINDOWS\Installer\{91510409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-13 02:16:11 4,096 ----a-r C:\WINDOWS\Installer\{91510409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-04-10 07:00:34 176,128 ----a-r C:\WINDOWS\Installer\{91510409-6000-11D3-8CFE-0150048383C9}\visicon.exe
+ 2008-06-13 02:16:10 176,128 ----a-r C:\WINDOWS\Installer\{91510409-6000-11D3-8CFE-0150048383C9}\visicon.exe
- 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-03-01 13:06:20 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:28 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-03-01 13:06:21 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 13:06:21 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:28 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:28 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-02-29 08:55:23 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 13:06:21 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-03-01 13:06:22 383,488 -c--a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 -c--a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 -c--a-w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 -c--a-w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 13:06:24 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 13:06:25 267,776 -c--a-w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:28 267,776 -c--a-w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-02-22 10:00:51 13,824 -c--a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 -c--a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-02-29 08:55:46 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:40:18 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-03-01 13:06:25 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-03-01 13:06:26 459,264 -c--a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 -c--a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 13:06:26 52,224 -c--a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 -c--a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 22:36:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-24 02:16:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-03-01 13:06:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-03-01 13:06:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 13:06:29 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-03-01 13:06:29 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 13:06:29 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-03-01 13:06:29 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:28 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 13:06:30 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 13:06:30 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:29 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 13:06:31 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:29 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2005-03-17 18:39:58 1,146,320 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2007-06-06 14:53:34 1,195,888 ----a-w C:\WINDOWS\system32\FM20.DLL
- 2003-08-18 18:26:32 25,872 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
+ 2007-03-22 23:17:04 35,440 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-24 02:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-06-09 03:10:55 64,346 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-09 03:23:02 64,346 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-09 03:10:55 407,560 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-09 03:23:03 407,560 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-06-14 16:12:47 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_59c.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{109557FD-C1C4-47E5-B46F-11B2B48443B2}]
C:\WINDOWS\system32\jkkJabAR.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 04:40 218032]
"SageTV"="C:\Program Files\SageTV\SageTV\SageTV.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-31 00:44 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-11-16 21:05 1953792]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-11 04:40 218032]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 18:34 86960]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"AtariBanner"="C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" [2001-05-22 18:17 49152]
"Ulead Quick-Drop"="C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 SE\Ulead DVD MovieFactory 5\Quick-Drop.exe" [2006-06-06 11:47 118784]
"PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [ ]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2007-01-23 11:12 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00 267064]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05 919016]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [2007-04-08 12:44 303104]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 00:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 02:19:50 217193]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2007-06-19 23:02:50 209005]
AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe [2008-01-12 14:36:05 106551]
Bluetooth.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [2005-08-24 14:06:54 577597]
HP OfficeJet Series 500 Startup.lnk - C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe [2007-07-25 22:38:04 1175552]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2008-03-25 00:15:30 57344]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
scheduleTV.lnk - C:\Program Files\honestech\MY-IPTV Anywhere Server\scheduleTV.exe [2007-11-25 04:08:44 98304]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXnOgFV]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.avis"= ff_acm.acm
"msvideo3"= STVqx3tg.dll
"vidc.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"TVersityMediaServer"=2 (0x2)
"SoundMovieServer"=3 (0x3)
"SonicStage Back-End Service"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP2\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP2\\RpcSandraSrv.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 MLPTDR_C;MLPTDR_C;C:\WINDOWS\system32\MLPTDR_C.sys [2002-09-03 19:31]
R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\WINDOWS\system32\drivers\hcw18bda.sys [2007-07-23 23:26]
R3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2008-02-21 09:23]
R3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-12-13 19:02]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-08-03 00:13]
S3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~1\WinTV\HCWTVS~1.EXE [2007-02-20 16:11]
S3 STVqx3;Intel Play QX3 Microscope;C:\WINDOWS\system32\drivers\STVqx3.sys [2001-04-12 15:04]
S3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 05:28:59 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-06-01 05:00:25 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-06-09 06:45:01 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-20 06:30:21 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 12:50:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-14 12:52:05
ComboFix-quarantined-files.txt 2008-06-14 16:52:00
ComboFix2.txt 2008-06-11 01:08:56
ComboFix3.txt 2008-06-09 03:27:57

Pre-Run: 187,749,429,248 bytes free
Post-Run: 187,791,986,688 bytes free

537 --- E O F --- 2008-06-13 02:16:26

#9 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 15 June 2008 - 03:09 PM

Thank you for the kind donation :thumbsup:
How do things seem to be running for you now; the logs are coming back clear?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#10 mrpman

mrpman
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 16 June 2008 - 06:59 PM

Everything seems to be working ok, I am just not sure when to stop scanning. Do you recomend any particular programs like spybot or adaware? I want to make sure I reduce the risk of this happening again.

#11 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 17 June 2008 - 01:38 AM

I have a list of free software that I suggest people install:
Ad-Aware 2007
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.
Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.
SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.
Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

Set your system to not show all files.
Navigate to Start | My Computer | Tools | Folder Options.
Select the View tab. Under the "Hidden Files and Folders" heading, select "Do not show hidden files and folders".
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.
Either enable 'Automatic Updates' under Start | Control Panel | Automatic Updates, or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

Please also read Tony Klein's excellent article: How I got Infected in the First Place.
Thanks and happy computing,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#12 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 16 July 2008 - 04:29 PM

Since this issue appears to be resolved, this topic is now closed.
If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.
This applies only to the original topic starter. Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users