Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Infestation


  • This topic is locked This topic is locked
11 replies to this topic

#1 LizardKing64

LizardKing64

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa, FL
  • Local time:09:58 PM

Posted 16 August 2008 - 06:42 PM

Hi everyone,
I've been having some problems on a computer that was recently given to me. The symptoms are that whenever I type in certain things while I'm using the internet, I get popups that match keywords like "spyware." I'm using Firefox 3, but these popups are from IE. My brother had the computer before me and my cousin used to use it for marathon Myspace sessions. Neither one of them took very good care of it. The first things I did to try to rid myself of this problem was to run Spybot, Adaware, and NOD32. All of these found bad stuff, but after removal the problem persisted. Adaware finds a rootkit called "win32.rootkit.agent" in a file called "smbalii" in my drivers folder. Everytime I run it and says that it is unable to remove it until system restart. Well it comes back with every scan.

So I followed the steps described in this forum that I should do before running a HJT scan and then ran HJT. The scan follows this message. If anyone can help me with this, I'd be really grateful. My computer recently bit the dust after 6 years of loyal service and I'm left with this infested computer as my only means of communication. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:52 PM, on 8/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1128036475\ee\aolsoftware.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\program files\common files\aol\1128036475\ee\services\antiSpywareApp\ver2_0_31_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1128036475\ee\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C97B5AAA-D0EF-43F4-A75F-2273A053EB58} - C:\WINDOWS\system32\pmkjh.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.download.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/ka...can_unicode.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThereInstallHelper.dll
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://c:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://c:\Program Files\There\ThereClient\ThereLauncher.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://helpdesk.acomp.usf.edu/rnt/rnl/java/RntX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: opnmllm - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10872 bytes
Best Regards,
Jeff


"Bart: I was so bored I cut the pony tail off the guy in front of us.
[holds pony tail to his head]

Bart: Look at me, I'm a grad student. I'm 30 years old and I made $600 last year.

Marge: Bart, don't make fun of grad students. They've just made a terrible life choice."

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:58 AM

Posted 19 August 2008 - 03:51 PM

Hello Jeff and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Restart your computer.

4. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, and you're notified a more current version is available, please download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 LizardKing64

LizardKing64
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa, FL
  • Local time:09:58 PM

Posted 19 August 2008 - 08:21 PM

Hi Thunder,
Thanks for helping me out. I ran Malwarebytes and it found 5 infected files. 2 of these had to be removed on reboot. So I restarted and it seems that the bad files are actually gone this time. Last time I ran this and Adaware, neither could delete them. This seems to have stopped my popup problem as well. So should I still run Combofix?

Here is the Malwarebytes log and a fresh HJT one. Thanks again for your help!

===============

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:30 PM, on 8/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\AOL\1128036475\ee\aolsoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\program files\common files\aol\1128036475\ee\services\antiSpywareApp\ver2_0_31_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1128036475\ee\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\common files\aol\1128036475\ee\anotify.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Rmn plugin - {D21D9540-6415-4288-BDD0-4453088D9D38} - pns32.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.download.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/ka...can_unicode.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThereInstallHelper.dll
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://c:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://c:\Program Files\There\ThereClient\ThereLauncher.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://helpdesk.acomp.usf.edu/rnt/rnl/java/RntX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: opnmllm - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 12225 bytes

====================

Malwarebytes' Anti-Malware 1.25
Database version: 1066
Windows 5.1.2600 Service Pack 3

9:49:58 PM 8/18/2008
mbam-log-08-18-2008 (21-49-42).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 218073
Time elapsed: 3 hour(s), 29 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c97b5aaa-d0ef-43f4-a75f-2273a053eb58} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c97b5aaa-d0ef-43f4-a75f-2273a053eb58} (Trojan.Vundo) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\smbalii.sys (Rootkit.Agent.H) -> No action taken.
C:\WINDOWS\system32\fs7\cilcstat01.exe (Trojan.Downloader) -> No action taken.
Best Regards,
Jeff


"Bart: I was so bored I cut the pony tail off the guy in front of us.
[holds pony tail to his head]

Bart: Look at me, I'm a grad student. I'm 30 years old and I made $600 last year.

Marge: Bart, don't make fun of grad students. They've just made a terrible life choice."

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:58 AM

Posted 20 August 2008 - 02:36 AM

Hello Jeff,

Whenever you are faced with a rootkit, joined by a bunch of other malware,
I'd feel safer if ComboFix was run, and that log comes out clean. :thumbsup:

If preferred, you can proceed this way as well :
Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following, if still present :O2 - BHO: Rmn plugin - {D21D9540-6415-4288-BDD0-4453088D9D38} - pns32.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O20 - Winlogon Notify: opnmllm - C:\WINDOWS\

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Reboot your system and run another Kaspersky online scan to check if nothing is found anymore.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 LizardKing64

LizardKing64
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa, FL
  • Local time:09:58 PM

Posted 20 August 2008 - 08:10 PM

Hi Thunder,
I ran Combofix. Everything seemed to run smoothly, but when my system restarted all of my startup programs like Spybot and ESET started up too, despite the warning in the box that no programs should run. Then as it was preparing my log file I kept getting these messages that said "Registry editing has been restricted by the system administrator." I just pressed OK about 20 times and the Combofix finished. I don't know if this was bad or what. But here is the log. Thanks again!


ComboFix 08-08-19.06 - Shazbot 2008-08-20 20:17:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.230 [GMT -4:00]
Running from: C:\Documents and Settings\Shazbot\Desktop\AV Arsenal\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\crosof~1.net
C:\Program Files\Common Files\crosof~1.net\??crosoft.NET\
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\temp\tn3
C:\WINDOWS\IA
C:\WINDOWS\racle~1
C:\WINDOWS\system32\agbuptjj.ini
C:\WINDOWS\system32\alayyuhx.ini
C:\WINDOWS\system32\alog.txt
C:\WINDOWS\system32\altijvwg.ini
C:\WINDOWS\system32\ayfanjhu.ini
C:\WINDOWS\system32\bbatdxig.ini
C:\WINDOWS\system32\cache329
C:\WINDOWS\system32\cache329\B_329_0_1_504100.htm
C:\WINDOWS\system32\cache329\B_329_0_1_504100.swf
C:\WINDOWS\system32\cache329\B_329_0_1_528400.htm
C:\WINDOWS\system32\cache329\B_329_0_1_528400.swf
C:\WINDOWS\system32\cache329\B_329_0_1_532400.htm
C:\WINDOWS\system32\cache329\B_329_0_1_532400.swf
C:\WINDOWS\system32\cache329\B_329_0_1_534700.htm
C:\WINDOWS\system32\cache329\B_329_0_1_534700.swf
C:\WINDOWS\system32\cache329\B_329_0_1_537300.swf
C:\WINDOWS\system32\cache329\B_329_0_1_563400.gif
C:\WINDOWS\system32\cache329\B_329_0_1_577000.htm
C:\WINDOWS\system32\cache329\B_329_0_1_577000.swf
C:\WINDOWS\system32\cache329\B_329_0_1_595700.gif
C:\WINDOWS\system32\cache329\B_329_0_1_599300.gif
C:\WINDOWS\system32\cache329\B_329_0_1_600200.gif
C:\WINDOWS\system32\cache329\B_329_0_1_600600.gif
C:\WINDOWS\system32\cache329\B_329_0_1_606300.htm
C:\WINDOWS\system32\cache329\B_329_0_1_606300.swf
C:\WINDOWS\system32\cache329\B_329_0_1_621600.swf
C:\WINDOWS\system32\cache329\B_329_0_2_528200.htm
C:\WINDOWS\system32\cache329\B_329_0_2_528200.swf
C:\WINDOWS\system32\cache329\B_329_0_2_535400.htm
C:\WINDOWS\system32\cache329\B_329_0_2_535400.swf
C:\WINDOWS\system32\cache329\B_329_0_2_628000.gif
C:\WINDOWS\system32\cache329\B_329_0_2_628500.htm
C:\WINDOWS\system32\cache329\B_329_0_2_628500.swf
C:\WINDOWS\system32\cache329\B_329_0_2_628700.htm
C:\WINDOWS\system32\cache329\B_329_0_2_628700.swf
C:\WINDOWS\system32\cache329\B_329_0_2_669600.htm
C:\WINDOWS\system32\cache329\B_329_0_2_669600.swf
C:\WINDOWS\system32\cache329\B_329_0_2_674300.swf
C:\WINDOWS\system32\cache329\B_329_2_1_504100.htm
C:\WINDOWS\system32\cache329\B_329_2_1_504100.swf
C:\WINDOWS\system32\cache329\B_329_2_1_528400.htm
C:\WINDOWS\system32\cache329\B_329_2_1_528400.swf
C:\WINDOWS\system32\cache329\B_329_2_1_532400.htm
C:\WINDOWS\system32\cache329\B_329_2_1_532400.swf
C:\WINDOWS\system32\cache329\B_329_2_1_534700.htm
C:\WINDOWS\system32\cache329\B_329_2_1_534700.swf
C:\WINDOWS\system32\cache329\B_329_2_1_537300.swf
C:\WINDOWS\system32\cache329\B_329_2_1_563400.gif
C:\WINDOWS\system32\cache329\B_329_2_1_577000.htm
C:\WINDOWS\system32\cache329\B_329_2_1_577000.swf
C:\WINDOWS\system32\cache329\B_329_2_1_595700.gif
C:\WINDOWS\system32\cache329\B_329_2_1_599300.gif
C:\WINDOWS\system32\cache329\B_329_2_1_600200.gif
C:\WINDOWS\system32\cache329\B_329_2_1_606300.htm
C:\WINDOWS\system32\cache329\B_329_2_1_606300.swf
C:\WINDOWS\system32\cache329\B_329_2_1_621600.swf
C:\WINDOWS\system32\cache329\B_329_2_2_528200.htm
C:\WINDOWS\system32\cache329\B_329_2_2_528200.swf
C:\WINDOWS\system32\cache329\B_329_2_2_535400.htm
C:\WINDOWS\system32\cache329\B_329_2_2_535400.swf
C:\WINDOWS\system32\cache329\B_329_2_2_628000.gif
C:\WINDOWS\system32\cache329\B_329_2_2_628500.htm
C:\WINDOWS\system32\cache329\B_329_2_2_628500.swf
C:\WINDOWS\system32\cache329\B_329_2_2_628700.htm
C:\WINDOWS\system32\cache329\B_329_2_2_628700.swf
C:\WINDOWS\system32\cache329\B_329_2_2_668500.swf
C:\WINDOWS\system32\cache329\B_329_2_2_669600.htm
C:\WINDOWS\system32\cache329\B_329_2_2_669600.swf
C:\WINDOWS\system32\cache329\B_329_2_2_674300.swf
C:\WINDOWS\system32\cache329\B_329_2_3_628500.htm
C:\WINDOWS\system32\cache329\B_329_2_3_628500.swf
C:\WINDOWS\system32\cache329\B_329_2_3_628700.htm
C:\WINDOWS\system32\cache329\B_329_2_3_628700.swf
C:\WINDOWS\system32\cache329\B_329_3_1_504100.htm
C:\WINDOWS\system32\cache329\B_329_3_1_504100.swf
C:\WINDOWS\system32\cache329\B_329_3_1_528400.htm
C:\WINDOWS\system32\cache329\B_329_3_1_528400.swf
C:\WINDOWS\system32\cache329\B_329_3_1_532400.htm
C:\WINDOWS\system32\cache329\B_329_3_1_532400.swf
C:\WINDOWS\system32\cache329\B_329_3_1_534700.htm
C:\WINDOWS\system32\cache329\B_329_3_1_534700.swf
C:\WINDOWS\system32\cache329\B_329_3_1_537300.swf
C:\WINDOWS\system32\cache329\B_329_3_1_563400.gif
C:\WINDOWS\system32\cache329\B_329_3_1_577000.htm
C:\WINDOWS\system32\cache329\B_329_3_1_577000.swf
C:\WINDOWS\system32\cache329\B_329_3_1_595700.gif
C:\WINDOWS\system32\cache329\B_329_3_1_599300.gif
C:\WINDOWS\system32\cache329\B_329_3_1_600200.gif
C:\WINDOWS\system32\cache329\B_329_3_1_600600.gif
C:\WINDOWS\system32\cache329\B_329_3_1_606300.htm
C:\WINDOWS\system32\cache329\B_329_3_1_606300.swf
C:\WINDOWS\system32\cache329\B_329_3_1_621600.swf
C:\WINDOWS\system32\cache329\B_329_3_2_528200.htm
C:\WINDOWS\system32\cache329\B_329_3_2_528200.swf
C:\WINDOWS\system32\cache329\B_329_3_2_535400.htm
C:\WINDOWS\system32\cache329\B_329_3_2_535400.swf
C:\WINDOWS\system32\cache329\B_329_3_2_628000.gif
C:\WINDOWS\system32\cache329\B_329_3_2_628500.htm
C:\WINDOWS\system32\cache329\B_329_3_2_628500.swf
C:\WINDOWS\system32\cache329\B_329_3_2_628700.htm
C:\WINDOWS\system32\cache329\B_329_3_2_628700.swf
C:\WINDOWS\system32\cache329\B_329_3_2_669600.htm
C:\WINDOWS\system32\cache329\B_329_3_2_669600.swf
C:\WINDOWS\system32\cache329\B_329_3_2_674300.htm
C:\WINDOWS\system32\cache329\B_329_3_2_674300.swf
C:\WINDOWS\system32\cache329\B_329_4_1_565300.htm
C:\WINDOWS\system32\cache329\B_329_4_1_565300.swf
C:\WINDOWS\system32\cache329\B_329_4_1_576700.gif
C:\WINDOWS\system32\cache329\B_329_4_1_576700.htm
C:\WINDOWS\system32\cache329\B_329_4_1_584300.htm
C:\WINDOWS\system32\cache329\B_329_4_1_584300.swf
C:\WINDOWS\system32\cache329\B_329_4_1_634900.htm
C:\WINDOWS\system32\cache329\B_329_4_1_634900.swf
C:\WINDOWS\system32\cache329\B_329_4_1_675600.htm
C:\WINDOWS\system32\cache329\B_329_4_1_683100.gif
C:\WINDOWS\system32\cache329\B_329_4_1_683100.htm
C:\WINDOWS\system32\cache329\B_329_4_2_511500.gif
C:\WINDOWS\system32\cache329\B_329_4_2_511500.htm
C:\WINDOWS\system32\cache329\B_329_4_2_530700.gif
C:\WINDOWS\system32\cache329\B_329_4_2_530700.htm
C:\WINDOWS\system32\cache329\B_329_4_2_533700.htm
C:\WINDOWS\system32\cache329\B_329_4_2_533700.jpg
C:\WINDOWS\system32\cache329\B_329_4_2_601300.htm
C:\WINDOWS\system32\cache329\B_329_4_2_601300.jpg
C:\WINDOWS\system32\cache329\B_329_4_2_635600.htm
C:\WINDOWS\system32\cache329\B_329_4_2_635600.jpg
C:\WINDOWS\system32\cache329\B_329_4_2_635700.htm
C:\WINDOWS\system32\cache329\B_329_4_2_635700.jpg
C:\WINDOWS\system32\cache329\B_329_4_3_641500.htm
C:\WINDOWS\system32\cache329\B_329_4_3_641500.swf
C:\WINDOWS\system32\cache329\B_329_4_3_644100.htm
C:\WINDOWS\system32\cache329\B_329_4_3_644100.swf
C:\WINDOWS\system32\cache329\B_329_4_3_644200.htm
C:\WINDOWS\system32\cache329\B_329_4_3_644200.swf
C:\WINDOWS\system32\cache329\B_329_4_3_645400.htm
C:\WINDOWS\system32\cache329\B_329_4_3_645400.swf
C:\WINDOWS\system32\cache329\B_538500.htm
C:\WINDOWS\system32\cache329\B_544700.htm
C:\WINDOWS\system32\cache329\B_565700.htm
C:\WINDOWS\system32\cache329\B_582900.htm
C:\WINDOWS\system32\cache329\B_677100.htm
C:\WINDOWS\system32\cache329\B_677300.htm
C:\WINDOWS\system32\cache329\B_677500.htm
C:\WINDOWS\system32\cache329\B_677700.htm
C:\WINDOWS\system32\cache329\B_677900.htm
C:\WINDOWS\system32\cache329\B_686800.htm
C:\WINDOWS\system32\cache329\B_686900.htm
C:\WINDOWS\system32\cache329\t_B_329_0_1_561000.htm
C:\WINDOWS\system32\cache329\t_B_329_2_1_561000.htm
C:\WINDOWS\system32\cache329\t_B_329_3_1_561000.htm
C:\WINDOWS\system32\cache329\t_B_329_4_2_533400.htm
C:\WINDOWS\system32\cache329\t_B_329_4_2_678900.htm
C:\WINDOWS\system32\cache329\t_B_538500.htm
C:\WINDOWS\system32\cache329\t_B_544700.htm
C:\WINDOWS\system32\cache329\t_B_565700.htm
C:\WINDOWS\system32\cache329\t_B_582900.htm
C:\WINDOWS\system32\cache329\t_B_607000.htm
C:\WINDOWS\system32\cache329\t_B_677100.htm
C:\WINDOWS\system32\cache329\t_B_677300.htm
C:\WINDOWS\system32\cache329\t_B_677500.htm
C:\WINDOWS\system32\cache329\t_B_677700.htm
C:\WINDOWS\system32\cache329\t_B_677900.htm
C:\WINDOWS\system32\cache329\t_B_686800.htm
C:\WINDOWS\system32\cache329\t_B_686900.htm
C:\WINDOWS\system32\cookie1.dat
C:\WINDOWS\system32\criqjoob.ini
C:\WINDOWS\system32\cs.dat
C:\WINDOWS\system32\ctltmsmp.ini
C:\WINDOWS\system32\diqdaeri.ini
C:\WINDOWS\system32\epbajppi.ini
C:\WINDOWS\system32\eqxojafw.ini
C:\WINDOWS\system32\fvpdwfdu.ini
C:\WINDOWS\system32\gkdrlrxs.ini
C:\WINDOWS\system32\grgsevkt.ini
C:\WINDOWS\system32\gyjlpych.ini
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hmdatukk.ini
C:\WINDOWS\system32\ianviias.ini
C:\WINDOWS\system32\ioqrxcma.ini
C:\WINDOWS\system32\jnhctbhk.ini
C:\WINDOWS\system32\juleoilq.ini
C:\WINDOWS\system32\kngtudsf.ini
C:\WINDOWS\system32\lawenvsk.ini
C:\WINDOWS\system32\lrnunxmc.ini
C:\WINDOWS\system32\ltenhray.ini
C:\WINDOWS\system32\manyyksi.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mxnllvwc.ini
C:\WINDOWS\system32\naiylgya.ini
C:\WINDOWS\system32\nkapljlg.ini
C:\WINDOWS\system32\nkktgsfc.ini
C:\WINDOWS\system32\nsfybwie.ini
C:\WINDOWS\system32\oslubqoy.ini
C:\WINDOWS\system32\ps1.dat
C:\WINDOWS\system32\pwxbbfwx.ini
C:\WINDOWS\system32\qypomwbl.ini
C:\WINDOWS\system32\rc.dat
C:\WINDOWS\system32\slbbkfnv.ini
C:\WINDOWS\system32\sqyypims.ini
C:\WINDOWS\system32\svcakild.ini
C:\WINDOWS\system32\ttpmkofk.ini
C:\WINDOWS\system32\uwjreudw.ini
C:\WINDOWS\system32\vkvgiqfl.ini
C:\WINDOWS\system32\ybljptuq.ini
C:\WINDOWS\system32\yopqginr.ini
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 )))))))))))))))))))))))))))))))
.

2008-08-20 10:52 . 2008-08-20 10:52 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-08-19 23:41 . 2008-08-19 23:41 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-08-19 23:38 . 2008-08-20 18:40 <DIR> d-------- C:\Program Files\McAfee
2008-08-19 23:07 . 2008-08-19 23:07 1 --a------ C:\WINDOWS\system32\tb.dr
2008-08-19 21:44 . 2008-08-19 21:44 <DIR> d-------- C:\Documents and Settings\Shazbot\Application Data\Thunderbird
2008-08-19 21:43 . 2008-08-20 10:52 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-08-19 00:15 . 2008-08-19 00:15 <DIR> d-------- C:\Documents and Settings\Shazbot\Application Data\IEPro
2008-08-19 00:14 . 2008-08-19 00:15 <DIR> d-------- C:\Program Files\IEPro
2008-08-18 13:49 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-17 23:51 . 2008-08-17 23:51 <DIR> d-------- C:\Program Files\Opera
2008-08-17 23:42 . 2008-08-17 23:42 57,212 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-08-17 23:36 . 2008-08-17 23:37 <DIR> d-------- C:\Program Files\Safari
2008-08-17 23:35 . 2008-08-17 23:36 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-17 23:35 . 2008-08-17 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-17 15:43 . 2008-08-17 15:51 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-17 15:42 . 2008-08-17 15:44 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-16 13:53 . 2008-08-18 18:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 13:53 . 2008-08-16 13:53 <DIR> d-------- C:\Documents and Settings\Shazbot\Application Data\Malwarebytes
2008-08-16 13:53 . 2008-08-16 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-16 13:53 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-16 13:53 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-16 12:50 . 2008-08-20 18:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-08-16 12:50 . 2008-08-19 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-16 01:21 . 2008-08-16 01:21 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-16 01:21 . 2008-08-16 01:21 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-16 01:21 . 2008-08-16 01:21 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-16 00:47 . 2008-04-13 20:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-08-16 00:46 . 2008-04-13 20:11 184,832 --------- C:\WINDOWS\system32\eapp3hst.dll
2008-08-16 00:45 . 2008-04-13 20:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-08-16 00:45 . 2008-04-13 20:11 132,096 --------- C:\WINDOWS\system32\dot3svc.dll
2008-08-16 00:45 . 2008-04-13 20:11 57,856 --------- C:\WINDOWS\system32\dot3cfg.dll
2008-08-16 00:45 . 2008-04-13 20:11 56,320 --------- C:\WINDOWS\system32\dot3msm.dll
2008-08-16 00:45 . 2008-04-13 20:11 48,640 --------- C:\WINDOWS\system32\dhcpqec.dll
2008-08-16 00:45 . 2008-04-13 20:11 39,936 --------- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-16 00:45 . 2008-04-13 20:11 39,936 --------- C:\WINDOWS\system32\dimsroam.dll
2008-08-16 00:45 . 2008-04-13 20:11 26,112 --------- C:\WINDOWS\system32\dot3api.dll
2008-08-16 00:45 . 2008-04-13 20:11 19,456 --------- C:\WINDOWS\system32\dimsntfy.dll
2008-08-16 00:45 . 2008-04-13 20:11 12,800 --------- C:\WINDOWS\system32\credssp.dll
2008-08-16 00:45 . 2008-04-13 20:11 9,216 --------- C:\WINDOWS\system32\dot3dlg.dll
2008-08-16 00:44 . 2008-04-13 20:11 233,472 --------- C:\WINDOWS\system32\azroles.dll
2008-08-16 00:44 . 2008-04-13 20:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-08-16 00:44 . 2004-07-17 14:36 64,352 --------- C:\WINDOWS\system32\drivers\ativmc20.cod
2008-08-16 00:44 . 2008-04-13 20:11 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-08-15 22:01 . 2008-08-15 22:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-15 19:03 . 2008-08-15 19:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-15 19:03 . 2008-08-15 19:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-15 13:04 . 2008-08-15 13:04 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-15 12:59 . 2008-08-15 12:59 <DIR> d-------- C:\Program Files\DNA
2008-08-15 12:59 . 2008-08-20 20:26 <DIR> d-------- C:\Documents and Settings\Shazbot\Application Data\DNA
2008-08-15 03:02 . 2008-08-19 14:04 60,416 --a------ C:\WINDOWS\inform.dat
2008-08-15 03:02 . 2008-08-19 14:04 45,568 --a------ C:\WINDOWS\system32\pns32.dll
2008-08-15 02:47 . 2008-08-15 02:47 <DIR> d-------- C:\Program Files\Windows Defender
2008-08-15 02:27 . 2008-06-23 12:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-15 02:27 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-15 02:27 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-15 02:27 . 2008-06-23 12:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-15 02:27 . 2008-06-23 12:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-15 02:27 . 2008-06-23 12:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-15 02:27 . 2008-06-23 12:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-15 02:27 . 2008-06-23 12:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-15 02:27 . 2008-06-23 05:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-15 02:13 . 2008-08-15 02:13 <DIR> d-------- C:\Documents and Settings\Shazbot\Application Data\ESET
2008-08-15 02:08 . 2008-08-15 02:08 <DIR> d-------- C:\Program Files\ESET
2008-08-15 02:08 . 2008-08-15 02:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-15 01:01 . 2008-04-11 15:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-15 01:01 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-15 01:01 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-15 00:55 . 2008-08-15 00:55 268 --ah----- C:\sqmdata05.sqm
2008-08-15 00:55 . 2008-08-15 00:55 244 --ah----- C:\sqmnoopt05.sqm
2008-08-12 21:54 . 2008-08-12 21:54 268 --ah----- C:\sqmdata04.sqm
2008-08-12 21:54 . 2008-08-12 21:54 244 --ah----- C:\sqmnoopt04.sqm
2008-08-12 21:48 . 2006-08-29 13:52 476,416 -ra------ C:\WINDOWS\system32\drivers\MRVW245.sys
2008-08-12 15:33 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 22:42 --------- d-----w C:\Documents and Settings\Shazbot\Application Data\AdobeUM
2008-08-20 16:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-20 06:17 --------- d-----w C:\Documents and Settings\Shazbot\Application Data\BitTorrent
2008-08-18 17:49 --------- d-----w C:\Program Files\Java
2008-08-18 03:38 --------- d-----w C:\Documents and Settings\Shazbot\Application Data\Apple Computer
2008-08-18 02:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-18 01:53 --------- d-----w C:\Program Files\Google
2008-08-18 01:52 --------- d-----w C:\Program Files\Easy Internet signup
2008-08-16 05:36 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd6781.sys
2008-08-15 17:07 --------- d-----w C:\Program Files\Lavasoft
2008-08-15 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-15 16:59 --------- d-----w C:\Program Files\BitTorrent
2008-08-15 06:40 --------- d-----w C:\Program Files\McAfee.com
2008-08-15 06:05 --------- d-----w C:\Program Files\AIM6
2008-08-15 06:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-15 06:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-08-15 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-08-15 05:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 0 (0x0)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MI-SC4"= MI-SC4.acm
"VIDC.VCR2"= ATIVCR2.DLL
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.VCR1"= ATIVCR1.DLL
"VIDC.YV12"= ATIYUV12.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dynex Wireless Networking Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dynex Wireless Networking Utility.lnk
backup=C:\WINDOWS\pss\Dynex Wireless Networking Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 12:15 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2008-07-17 19:43 587568 C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager]
--a------ 2007-06-14 16:48 1282048 C:\WINDOWS\system32\wltray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 20:52 50736 C:\Program Files\Common Files\AOL\1128036475\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 18:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-04-01 16:16 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-24 03:24 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-08-31 18:40 22879528 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2004-05-11 06:33 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-02-11 00:57 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-08-19 20:34 3084288 C:\Program Files\Yahoo!\Messenger\YPager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2005-09-21 15:32 2807808 C:\WINDOWS\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-09-21 10:24 86016 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WANMiniportService"=2 (0x2)
"StarWindService"=2 (0x2)
"ose"=3 (0x3)
"mcupdmgr.exe"=3 (0x3)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"AOLService"=2 (0x2)
"AOL ACS"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\America Online 9.0b\\waol.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1128036475\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1128036475\\ee\\aim6.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\kav\\kav7\\setup.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-07-23 18:52]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
S1 smbalii;smbalii;C:\WINDOWS\system32\drivers\smbalii.sys []
S3 dwusbdnt;dwusbdnt;C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys [2002-05-24 11:52]
S3 NdisWDM;Dynex Wireless G USB Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ndiswdm.sys [2007-08-31 16:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84b4489b-6b2b-11dd-a83f-00038a000015}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL chess.exe e
\Shell\Open\command - M:\chess.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7af6cc2-6901-11dc-a7fb-00038a000015}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9988775D-4368-4857-871A-D01D66CA3A71}]
rundll32 pns32.dll,InitO
.
Contents of the 'Scheduled Tasks' folder

2008-08-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-21 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-08-18 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-01-28 12:43]
.
- - - - ORPHANS REMOVED - - - -

BHO-{D21D9540-6415-4288-BDD0-4453088D9D38} - (no file)
Notify-AtiExtEvent - (no file)
Notify-opnmllm - (no file)
MSConfigStartUp-DIGStream - C:\Program Files\DIGStream\digstream.exe
MSConfigStartUp-Game Service - C:\PROGRA~1\ubi.com\Core\GS4.exe
MSConfigStartUp-MDDiskProtect - C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
MSConfigStartUp-P2P Networking - C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
MSConfigStartUp-SearchUpgrader - C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Shazbot\Application Data\Mozilla\Firefox\Profiles\svhobr3y.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 20:33:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDRSRVC]
"ImagePath"="system32\drivers\PCDRSRVC.pkms"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\61883]
"ImagePath"="System32\DRIVERS\61883.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aawservice]
"ImagePath"="\"C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]
"ImagePath"="System32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]
"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFS2K]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AgereSoftModem]
"ImagePath"="System32\DRIVERS\AGRSM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AnyDVD]
"ImagePath"="System32\Drivers\AnyDVD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AOL ACS]
"ImagePath"="C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AOLService]
"ImagePath"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Arp1394]
"ImagePath"="System32\DRIVERS\arp1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_1.1.4322]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aspi32]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="System32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ATI Remote Wonder II]
"ImagePath"="system32\drivers\ATIRWVD.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atierecord]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]
"ImagePath"="System32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]
"ImagePath"="System32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Avc]
"ImagePath"="System32\DRIVERS\avc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BCMLogon]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bonjour Service]
"ImagePath"="\"C:\Program Files\Bonjour\mDNSResponder.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\C:\ComboFix\catchme.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CCDECODE]
"ImagePath"="System32\DRIVERS\CCDECODE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="System32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
"ImagePath"="C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CX23880]
"ImagePath"="system32\drivers\cx88vid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CX88ENC]
"ImagePath"="system32\drivers\cx88enc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CXAVXBAR]
"ImagePath"="system32\drivers\cxavxbar.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CXTUNE]
"ImagePath"="system32\drivers\CX88TUNE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcCam]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
"ImagePath"="System32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dtscsi]
"ImagePath"="\SystemRoot\System32\Drivers\dtscsi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DW]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dwusbdnt]
"ImagePath"="System32\DRIVERS\dwusbdnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eamon]
"ImagePath"="system32\DRIVERS\eamon.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\easdrv]
"ImagePath"="system32\DRIVERS\easdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ehSched]
"ImagePath"="C:\WINDOWS\ehome\ehSched.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EhttpSrv]
"ImagePath"="\"C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ekrn]
"ImagePath"="\"C:\Program Files\ESET\ESET Smart Security\ekrn.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ElbyCDIO]
"ImagePath"="System32\Drivers\ElbyCDIO.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\epfw]
"ImagePath"="system32\DRIVERS\epfw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Epfwndis]
"ImagePath"="system32\DRIVERS\Epfwndis.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\epfwtdi]
"ImagePath"="system32\DRIVERS\epfwtdi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="C:\WINDOWS\System32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ExpresFC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="System32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FLEXnet Licensing Service]
"ImagePath"="\"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
"ImagePath"="System32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fsdk-wrap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="System32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GEARAspiWDM]
"ImagePath"="SYSTEM32\DRIVERS\GEARAspiWDM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="System32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="System32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidIr]
"ImagePath"="System32\DRIVERS\hidir.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="System32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="System32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ialm]
"ImagePath"="System32\DRIVERS\ialmnt5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
"ImagePath"="\"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="System32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RtkHDAud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="System32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="System32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ip6fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="System32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="System32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="System32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iPod Service]
"ImagePath"="\"C:\Program Files\iPod\bin\iPodService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="System32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IrBus]
"ImagePath"="System32\DRIVERS\IrBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="System32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="System32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iviaspi]
"ImagePath"="system32\drivers\iviaspi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="System32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="System32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lpxnds]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McAfee SiteAdvisor Service]
"ImagePath"="\"C:\Program Files\McAfee\SiteAdvisor\McSACore.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\System32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="System32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="System32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRVW245]
"ImagePath"="system32\DRIVERS\MRVW245.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="System32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="System32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="C:\WINDOWS\System32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDV]
"ImagePath"="System32\DRIVERS\msdv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="System32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
"ImagePath"="System32\DRIVERS\NABTSFEC.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
"ImagePath"="System32\DRIVERS\NdisIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="System32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="System32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="System32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWDM]
"ImagePath"="system32\DRIVERS\ndiswdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="System32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="System32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIC1394]
"ImagePath"="System32\DRIVERS\nic1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NPPTNT2]
"ImagePath"="\??\C:\WINDOWS\system32\npptNT2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\System32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="System32\DRIVERS\nv4_mini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="System32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="System32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohci1394]
"ImagePath"="System32\DRIVERS\ohci1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ose]
"ImagePath"="\"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Outlook]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="System32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDRSRVC]
"ImagePath"="system32\drivers\PCDRSRVC.pkms"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="System32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="System32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pfc]
"ImagePath"="system32\drivers\pfc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="System32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
"ImagePath"="System32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ps2]
"ImagePath"="System32\DRIVERS\PS2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="System32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="System32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PxHelp20]
"ImagePath"="System32\DRIVERS\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="System32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="System32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="System32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="System32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="System32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="C:\WINDOWS\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="System32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\System32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\System32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtl8139]
"ImagePath"="System32\DRIVERS\R8139n51.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="System32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP]
"ImagePath"="System32\DRIVERS\SLIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\smbalii]
"ImagePath"="System32\drivers\smbalii.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sptd]
"ImagePath"="System32\Drivers\sptd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="C:\WINDOWS\System32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="System32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\StarWindService]
"ImagePath"="C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip]
"ImagePath"="System32\DRIVERS\StreamIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="System32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="C:\WINDOWS\System32\dllhost.exe /Processid:{5A533BBE-BA4B-4037-8300-00ED5CF1360B}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="System32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="System32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="C:\WINDOWS\System32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UMWdf]
"ImagePath"="C:\WINDOWS\system32\wdfmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="System32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usb]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="System32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="System32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="System32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="System32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="System32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="System32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="System32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="System32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usnjsvc]
"ImagePath"="\"C:\Program Files\MSN Messenger\usnsvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usprserv]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vaxscsi]
"ImagePath"="\SystemRoot\System32\Drivers\vaxscsi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]
"ImagePath"="System32\DRIVERS\viaide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Viewpoint Manager Service]
"ImagePath"="\"C:\Program Files\Viewpoint\Common\ViewpointService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="System32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wanatw]
"ImagePath"="System32\DRIVERS\wanatw4.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WANMiniportService]
"ImagePath"="\"C:\WINDOWS\wanmpsvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinDefend]
"ImagePath"="\"C:\Program Files\Windows Defender\MsMpEng.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wltrysvc]
"ImagePath"="%SystemRoot%\System32\wltrysvc.exe %SystemRoot%\System32\bcmwltry.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmBEnum]
"ImagePath"="system32\drivers\WmBEnum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="C:\WINDOWS\system32\MsPMSNSv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmFilter]
"ImagePath"="system32\drivers\WmFilter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="C:\WINDOWS\System32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmVirHid]
"ImagePath"="system32\drivers\WmVirHid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmXlCore]
"ImagePath"="system32\drivers\WmXlCore.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WSTCODEC]
"ImagePath"="System32\DRIVERS\WSTCODEC.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="C:\WINDOWS\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1EA99943-8486-4A8F-AD38-24A1372F0E60}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{527C8D21-6016-4EDB-9F07-371357083988}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{9D751870-EFF8-4FC4-97A6-47F5D7985551}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B864B997-78EE-4BDF-A242-4E358A047437}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE212637-2AEA-4727-A382-252747138E1B}]
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\wltrysvc.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\eHome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\1128036475\ee\services\antiSpywareApp\ver2_0_31_1\AOLSP Scheduler.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-08-20 21:03:57 - machine was rebooted [Shazbot]
ComboFix-quarantined-files.txt 2008-08-21 01:03:48

Pre-Run: 51,293,835,264 bytes free
Post-Run: 51,612,434,432 bytes free

1125 --- E O F --- 2008-08-20 11:45:25
Best Regards,
Jeff


"Bart: I was so bored I cut the pony tail off the guy in front of us.
[holds pony tail to his head]

Bart: Look at me, I'm a grad student. I'm 30 years old and I made $600 last year.

Marge: Bart, don't make fun of grad students. They've just made a terrible life choice."

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:58 AM

Posted 22 August 2008 - 07:37 AM

Hello Jeff,

I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer during HijackThis Cleanup
Then, Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

Next, open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:File::
C:\WINDOWS\inform.dat
C:\WINDOWS\system32\pns32.dll
Driver::
smbalii
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9988775D-4368-4857-871A-D01D66CA3A71}]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog.

Are you still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 LizardKing64

LizardKing64
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa, FL
  • Local time:09:58 PM

Posted 22 August 2008 - 08:31 PM

Thunder,
The link for ResetTeatimer.bat that you sent me doesn't seem to be working. I clicked it and a new site popped up with a bunch of technical lingo that makes no sense to me. Should I go ahead and run the combofix portion of your instructions without that program? All the other links that I've found for that program have acted the same way.

I'm currently not having any more popup trouble, but I'll do whatever you suggest to make sure that the system is completely free of malware. Thanks again.
Best Regards,
Jeff


"Bart: I was so bored I cut the pony tail off the guy in front of us.
[holds pony tail to his head]

Bart: Look at me, I'm a grad student. I'm 30 years old and I made $600 last year.

Marge: Bart, don't make fun of grad students. They've just made a terrible life choice."

#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:58 AM

Posted 23 August 2008 - 02:25 AM

Hello Jeff,

Yes you can run the CFScript :)

The ResetTeatimer.bat seems to give the content of the bat file now :thumbsup:
Click the link, copy the entire content of the page,
open Notepad and paste the content in it:
Save this as ResetTeatimer.bat Choose to save as "all files" and place it on your Desktop.
It should look like this: Posted Image
Doubleclick on it to run it.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#9 LizardKing64

LizardKing64
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa, FL
  • Local time:09:58 PM

Posted 23 August 2008 - 12:00 PM

OK everything seems to have gone well. The problems are still gone and ComboFix ran without a hitch this time. Here are the two log files for ComboFix and HJT. Am I clean yet?? Thanks!

ComboFix 08-08-21.02 - Shazbot 2008-08-23 12:25:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.154 [GMT -4:00]
Running from: C:\Documents and Settings\Shazbot\Desktop\AV Arsenal\ComboFix.exe
Command switches used :: C:\Documents and Settings\Shazbot\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\inform.dat
C:\WINDOWS\system32\pns32.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\inform.dat
C:\WINDOWS\system32\pns32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SMBALII
-------\Service_smbalii


((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))
.

2008-08-22 22:24 . 2008-08-22 22:24 <DIR> d-------- C:\Documents and Settings\Shazbot\Application Data\ActiveState
2008-08-22 22:22 . 2008-08-22 22:22 <DIR> d-------- C:\Program Files\ActiveState Komodo Edit 4
2008-08-22 22:13 . 2008-08-22 22:13 <DIR> d-------- C:\Python25
2008-08-21 19:51 . 2008-08-21 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-08-20 23:33 . 2008-04-13 14:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-08-20 23:33 . 2008-04-13 14:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-08-20 23:32 . 2006-12-05 19:37 109,344 --a------ C:\WINDOWS\VX3000.dll
2008-08-20 23:31 . 2006-12-05 19:39 1,964,064 --a------ C:\WINDOWS\system32\drivers\VX3000.sys
2008-08-20 23:31 . 2006-12-05 19:38 707,360 --a------ C:\WINDOWS\vVX3000.exe
2008-08-20 23:31 . 2006-12-05 19:38 473,888 --a------ C:\WINDOWS\vVX3000.dll
2008-08-20 23:31 . 2006-12-05 19:38 199,456 --a------ C:\WINDOWS\system32\LCCoin13.dll
2008-08-20 23:31 . 2006-12-05 19:37 183,072 --a------ C:\WINDOWS\system32\cVX3000.dll
2008-08-20 23:31 . 2005-12-22 15:05 15,498 --a------ C:\WINDOWS\VX3000.ini
2008-08-20 23:31 . 2004-02-27 21:36 13,023 --a------ C:\WINDOWS\VX3000.src
2008-08-20 23:30 . 2008-08-20 23:31 <DIR> d-------- C:\Program Files\Microsoft LifeCam
2008-08-20 23:14 . 2008-08-20 23:14 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2008-08-20 23:08 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-08-20 23:08 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-08-20 23:08 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-08-20 23:08 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-08-20 23:08 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-08-20 23:08 . 2006-09-28 16:03 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-08-20 10:52 . 2008-08-21 18:39 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-08-19 23:41 . 2008-08-19 23:41 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-08-19 23:38 . 2008-08-20 18:40 <DIR> d-------- C:\Program Files\McAfee
2008-08-19 23:07 . 2008-08-19 23:07 1 --a------ C:\WINDOWS\system32\tb.dr
2008-08-19 21:44 . 2008-08-19 21:44 <DIR> d-------- C:\Documents and Settings\Shazbot\Application Data\Thunderbird
2008-08-19 21:43 . 2008-08-23 12:16 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-08-19 00:15 . 2008-08-19 00:15 <DIR> d-------- C:\Documents and Settings\Shazbot\Application Data\IEPro
2008-08-19 00:14 . 2008-08-19 00:15 <DIR> d-------- C:\Program Files\IEPro
2008-08-18 13:49 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-17 23:51 . 2008-08-17 23:51 <DIR> d-------- C:\Program Files\Opera
2008-08-17 23:42 . 2008-08-17 23:42 57,212 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-08-17 23:36 . 2008-08-17 23:37 <DIR> d-------- C:\Program Files\Safari
2008-08-17 23:35 . 2008-08-17 23:36 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-17 23:35 . 2008-08-17 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-17 15:43 . 2008-08-17 15:51 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-17 15:42 . 2008-08-17 15:44 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-16 13:53 . 2008-08-18 18:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 13:53 . 2008-08-16 13:53 <DIR> d-------- C:\Documents and Settings\Shazbot\Application Data\Malwarebytes
2008-08-16 13:53 . 2008-08-16 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-16 13:53 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-16 13:53 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-16 12:50 . 2008-08-20 18:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-08-16 12:50 . 2008-08-19 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-16 01:21 . 2008-08-16 01:21 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-16 01:21 . 2008-08-16 01:21 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-16 01:21 . 2008-08-16 01:21 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-16 00:47 . 2008-04-13 20:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-08-16 00:46 . 2008-04-13 20:11 184,832 --------- C:\WINDOWS\system32\eapp3hst.dll
2008-08-16 00:45 . 2008-04-13 20:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-08-16 00:45 . 2008-04-13 20:11 132,096 --------- C:\WINDOWS\system32\dot3svc.dll
2008-08-16 00:45 . 2008-04-13 20:11 57,856 --------- C:\WINDOWS\system32\dot3cfg.dll
2008-08-16 00:45 . 2008-04-13 20:11 56,320 --------- C:\WINDOWS\system32\dot3msm.dll
2008-08-16 00:45 . 2008-04-13 20:11 48,640 --------- C:\WINDOWS\system32\dhcpqec.dll
2008-08-16 00:45 . 2008-04-13 20:11 39,936 --------- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-16 00:45 . 2008-04-13 20:11 39,936 --------- C:\WINDOWS\system32\dimsroam.dll
2008-08-16 00:45 . 2008-04-13 20:11 26,112 --------- C:\WINDOWS\system32\dot3api.dll
2008-08-16 00:45 . 2008-04-13 20:11 19,456 --------- C:\WINDOWS\system32\dimsntfy.dll
2008-08-16 00:45 . 2008-04-13 20:11 12,800 --------- C:\WINDOWS\system32\credssp.dll
2008-08-16 00:45 . 2008-04-13 20:11 9,216 --------- C:\WINDOWS\system32\dot3dlg.dll
2008-08-16 00:44 . 2008-04-13 20:11 233,472 --------- C:\WINDOWS\system32\azroles.dll
2008-08-16 00:44 . 2008-04-13 20:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-08-16 00:44 . 2004-07-17 14:36 64,352 --------- C:\WINDOWS\system32\drivers\ativmc20.cod
2008-08-16 00:44 . 2008-04-13 20:11 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-08-15 22:01 . 2008-08-15 22:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-15 19:03 . 2008-08-15 19:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-15 19:03 . 2008-08-15 19:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-15 13:04 . 2008-08-15 13:04 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-15 12:59 . 2008-08-15 12:59 <DIR> d-------- C:\Program Files\DNA
2008-08-15 12:59 . 2008-08-23 12:35 <DIR> d-------- C:\Documents and Settings\Shazbot\Application Data\DNA
2008-08-15 02:47 . 2008-08-15 02:47 <DIR> d-------- C:\Program Files\Windows Defender
2008-08-15 02:27 . 2008-06-23 12:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-15 02:27 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-15 02:27 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-15 02:27 . 2008-06-23 12:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-15 02:27 . 2008-06-23 12:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-15 02:27 . 2008-06-23 12:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-15 02:27 . 2008-06-23 12:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-15 02:27 . 2008-06-23 12:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-15 02:27 . 2008-06-23 05:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-15 02:13 . 2008-08-15 02:13 <DIR> d-------- C:\Documents and Settings\Shazbot\Application Data\ESET
2008-08-15 02:08 . 2008-08-15 02:08 <DIR> d-------- C:\Program Files\ESET
2008-08-15 02:08 . 2008-08-15 02:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-15 01:01 . 2008-04-11 15:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-15 01:01 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-15 01:01 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-15 00:55 . 2008-08-15 00:55 268 --ah----- C:\sqmdata05.sqm
2008-08-15 00:55 . 2008-08-15 00:55 244 --ah----- C:\sqmnoopt05.sqm
2008-08-12 21:54 . 2008-08-12 21:54 268 --ah----- C:\sqmdata04.sqm
2008-08-12 21:54 . 2008-08-12 21:54 244 --ah----- C:\sqmnoopt04.sqm
2008-08-12 21:48 . 2006-08-29 13:52 476,416 -ra------ C:\WINDOWS\system32\drivers\MRVW245.sys
2008-08-12 15:33 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 01:37 --------- d-----w C:\Documents and Settings\Shazbot\Application Data\AdobeUM
2008-08-23 00:27 --------- d-----w C:\Documents and Settings\Shazbot\Application Data\BitTorrent
2008-08-21 23:52 --------- d-----w C:\Program Files\AIM6
2008-08-21 23:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-21 05:49 --------- d-----w C:\Documents and Settings\Shazbot\Application Data\Skype
2008-08-21 03:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-21 03:19 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-20 16:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-18 17:49 --------- d-----w C:\Program Files\Java
2008-08-18 03:38 --------- d-----w C:\Documents and Settings\Shazbot\Application Data\Apple Computer
2008-08-18 02:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-18 01:53 --------- d-----w C:\Program Files\Google
2008-08-18 01:52 --------- d-----w C:\Program Files\Easy Internet signup
2008-08-16 05:36 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd6781.sys
2008-08-15 17:07 --------- d-----w C:\Program Files\Lavasoft
2008-08-15 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-15 16:59 --------- d-----w C:\Program Files\BitTorrent
2008-08-15 06:40 --------- d-----w C:\Program Files\McAfee.com
2008-08-15 06:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-08-15 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-08-15 05:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
.

((((((((((((((((((((((((((((( snapshot@2008-08-20_20.44.07.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-04-05 16:00:06 53,248 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-08-21 03:25:57 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2007-04-05 16:00:06 12,800 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-08-21 03:25:57 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2007-04-05 16:00:06 473,600 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-08-21 03:25:58 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2007-04-05 16:00:03 2,676,224 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-21 03:25:48 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-04-05 16:00:03 2,846,720 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-21 03:25:50 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-04-05 16:00:04 563,712 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-21 03:25:51 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-04-05 16:00:04 567,296 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-21 03:25:51 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-04-05 16:00:04 576,000 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-21 03:25:52 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-04-05 16:00:04 577,024 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-21 03:25:53 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-04-05 16:00:05 577,536 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-21 03:25:53 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-04-05 16:00:05 577,536 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-21 03:25:54 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-04-05 16:00:05 578,560 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-21 03:25:54 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-04-05 16:00:06 578,560 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-21 03:25:59 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-04-05 16:00:06 145,920 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-08-21 03:25:59 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2007-04-05 16:00:06 159,232 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-08-21 03:26:00 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2007-04-05 16:00:06 364,544 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-08-21 03:26:00 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2007-04-05 16:00:07 178,176 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-08-21 03:26:01 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2007-04-05 16:00:06 223,232 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-08-21 03:25:57 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2008-08-15 06:05:01 38,428 ----a-w C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
+ 2008-08-21 23:50:52 38,428 ----a-w C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
+ 2008-08-21 03:32:42 49,334 ----a-r C:\WINDOWS\Installer\{06C32EA0-4A22-4919-979A-8700715865B8}\_16A9981913383BD480C5C1.exe
+ 2008-08-21 03:32:42 287,934 ----a-r C:\WINDOWS\Installer\{06C32EA0-4A22-4919-979A-8700715865B8}\_21E30B652578A3CA82B737.exe
+ 2008-08-21 03:32:42 49,334 ----a-r C:\WINDOWS\Installer\{06C32EA0-4A22-4919-979A-8700715865B8}\_3CD681031019B09D231079.exe
+ 2008-08-21 03:32:42 287,934 ----a-r C:\WINDOWS\Installer\{06C32EA0-4A22-4919-979A-8700715865B8}\_7C9BE5D3E5F0C3BB96A0FC.exe
+ 2008-08-21 03:32:42 29,926 ----a-r C:\WINDOWS\Installer\{06C32EA0-4A22-4919-979A-8700715865B8}\_84C60C2FC68B0EEBE7A589.exe
+ 2008-08-23 02:14:02 94,208 ----a-r C:\WINDOWS\Installer\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}\python_icon.exe
+ 2008-08-23 02:23:36 122,880 ----a-r C:\WINDOWS\Installer\{A8EA45A5-B551-42F0-9199-BA661CF58B8C}\KoEd44.exe
- 2004-09-22 23:45:36 480,768 ----a-w C:\WINDOWS\system32\Audiodev.dll
+ 2006-08-25 02:30:12 276,480 ----a-w C:\WINDOWS\system32\audiodev.dll
- 2004-09-22 23:45:38 233,472 -c--a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-08-25 02:30:12 537,600 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2004-09-22 23:45:38 161,792 -c--a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-08-25 02:30:12 228,352 ----a-w C:\WINDOWS\system32\cewmdm.dll
- 2004-09-22 23:45:38 233,472 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-08-25 02:30:12 537,600 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2004-09-22 23:45:38 161,792 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-08-25 02:30:12 228,352 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
- 2004-09-22 23:45:42 527,360 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-08-25 02:30:14 990,208 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
- 2004-09-22 23:45:44 6,656 -c--a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-08-25 02:30:16 11,264 -c--a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2004-09-22 23:45:44 96,768 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-08-25 00:31:04 100,864 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
- 2004-08-04 07:56:42 310,272 -c--a-w C:\WINDOWS\system32\dllcache\mp43dmod.dll
+ 2006-08-25 02:30:18 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP43DMOD.dll
- 2004-08-04 07:56:42 384,512 -c--a-w C:\WINDOWS\system32\dllcache\mp4sdmod.dll
+ 2006-08-25 02:30:18 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP4SDMOD.dll
- 2008-04-14 00:11:57 240,640 -c--a-w C:\WINDOWS\system32\dllcache\mpg4dmod.dll
+ 2006-08-25 02:30:18 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MPG4DMOD.dll
- 2004-09-22 23:45:52 141,312 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-08-25 02:30:18 179,712 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2004-09-22 23:45:54 25,088 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2006-08-25 02:30:20 27,648 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2004-09-22 23:45:54 169,472 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-08-25 02:30:20 175,104 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2004-09-22 23:45:56 360,176 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-08-25 02:30:20 414,208 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2004-09-22 23:45:56 311,296 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-08-25 02:30:20 320,512 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
- 2004-09-22 23:46:02 221,184 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2006-08-25 02:30:22 210,432 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2004-09-22 23:46:10 380,144 -c--a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-08-25 02:30:22 757,248 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2004-09-22 23:46:10 712,704 -c--a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-08-25 02:30:22 1,118,208 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2007-10-27 22:40:06 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2006-08-25 02:30:22 222,208 -c--a-w C:\WINDOWS\system32\dllcache\WMASF.dll
- 2004-09-22 23:46:12 30,208 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-08-25 02:30:22 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2004-09-22 23:46:12 34,304 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-08-25 02:30:22 37,376 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2004-09-22 23:46:14 150,016 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
+ 2006-08-25 02:30:24 157,184 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
- 2004-09-22 23:46:16 1,027,072 -c--a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-08-25 02:30:24 937,984 -c--a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2004-09-22 23:46:26 773,368 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-08-25 02:30:26 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2004-09-22 23:46:26 1,116,160 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2006-08-25 02:30:26 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2004-09-22 23:46:30 531,192 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2006-08-25 02:30:26 603,648 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
- 2004-09-22 23:46:30 936,960 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
+ 2006-08-25 02:30:26 1,327,616 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
- 2006-12-07 06:40:49 2,362,184 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-08-25 02:30:26 2,450,944 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2004-09-22 23:46:34 871,160 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-08-25 02:30:26 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2004-09-22 23:46:34 999,424 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-08-25 02:30:26 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-08-25 02:30:26 667,648 ------w C:\WINDOWS\system32\drivers\umdf\wpdmtpdr.dll
- 2004-09-22 23:46:38 18,944 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-08-25 00:26:02 38,656 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-08-25 00:27:06 249,344 ------w C:\WINDOWS\system32\drmupgds.exe
- 2004-09-22 23:45:42 527,360 -c--a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-08-25 02:30:14 990,208 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-12-19 19:28:42 199,448 -c--a-w C:\WINDOWS\system32\DRVSTORE\NX6000_2E35915C239DFE541CDDDD6085121FF3936DECC8\LCCoin13.dll
+ 2006-12-19 19:27:56 31,512 -c--a-w C:\WINDOWS\system32\DRVSTORE\NX6000_2E35915C239DFE541CDDDD6085121FF3936DECC8\nx6000.sys
+ 2006-12-05 23:37:13 109,344 -c--a-w C:\WINDOWS\system32\DRVSTORE\VX1000_F0D00687F2C6654412F544D2A9CB1DB0F291EC6A\1033\VX1000.dll
+ 2006-12-05 23:37:54 183,072 -c--a-w C:\WINDOWS\system32\DRVSTORE\VX1000_F0D00687F2C6654412F544D2A9CB1DB0F291EC6A\cVX1000.dll
+ 2006-12-05 23:38:03 199,456 -c--a-w C:\WINDOWS\system32\DRVSTORE\VX1000_F0D00687F2C6654412F544D2A9CB1DB0F291EC6A\LCCoin13.dll
+ 2006-12-05 23:38:40 502,560 -c--a-w C:\WINDOWS\system32\DRVSTORE\VX1000_F0D00687F2C6654412F544D2A9CB1DB0F291EC6A\TwainUI.dll
+ 2006-12-05 23:38:30 473,888 -c--a-w C:\WINDOWS\system32\DRVSTORE\VX1000_F0D00687F2C6654412F544D2A9CB1DB0F291EC6A\vVX1000.dll
+ 2006-12-05 23:38:57 707,360 -c--a-w C:\WINDOWS\system32\DRVSTORE\VX1000_F0D00687F2C6654412F544D2A9CB1DB0F291EC6A\vVX1000.exe
+ 2006-12-05 23:39:11 1,963,680 -c--a-w C:\WINDOWS\system32\DRVSTORE\VX1000_F0D00687F2C6654412F544D2A9CB1DB0F291EC6A\VX1000.sys
+ 2006-12-05 23:37:21 109,344 -c--a-w C:\WINDOWS\system32\DRVSTORE\VX3000_0433D7FB800BA3CD73AE2E16AC2F9C4C9B45C2DE\1033\VX3000.dll
+ 2006-12-05 23:37:55 183,072 -c--a-w C:\WINDOWS\system32\DRVSTORE\VX3000_0433D7FB800BA3CD73AE2E16AC2F9C4C9B45C2DE\cVX3000.dll
+ 2006-12-05 23:38:02 199,456 -c--a-w C:\WINDOWS\system32\DRVSTORE\VX3000_0433D7FB800BA3CD73AE2E16AC2F9C4C9B45C2DE\LCCoin13.dll
+ 2006-12-05 23:38:41 502,560 -c--a-w C:\WINDOWS\system32\DRVSTORE\VX3000_0433D7FB800BA3CD73AE2E16AC2F9C4C9B45C2DE\TwainUI.dll
+ 2006-12-05 23:38:28 473,888 -c--a-w C:\WINDOWS\system32\DRVSTORE\VX3000_0433D7FB800BA3CD73AE2E16AC2F9C4C9B45C2DE\vVX3000.dll
+ 2006-12-05 23:38:58 707,360 -c--a-w C:\WINDOWS\system32\DRVSTORE\VX3000_0433D7FB800BA3CD73AE2E16AC2F9C4C9B45C2DE\vVX3000.exe
+ 2006-12-05 23:39:13 1,964,064 -c--a-w C:\WINDOWS\system32\DRVSTORE\VX3000_0433D7FB800BA3CD73AE2E16AC2F9C4C9B45C2DE\VX3000.sys
+ 2006-12-19 19:28:14 113,432 -c--a-w C:\WINDOWS\system32\DRVSTORE\VX6000_2DD332AD17334A76BABFAE3D3F1C0795D0B900F6\1033\VX6000.dll
+ 2006-12-19 19:28:42 183,064 -c--a-w C:\WINDOWS\system32\DRVSTORE\VX6000_2DD332AD17334A76BABFAE3D3F1C0795D0B900F6\cVX6000.dll
+ 2006-12-19 19:28:44 199,448 -c--a-w C:\WINDOWS\system32\DRVSTORE\VX6000_2DD332AD17334A76BABFAE3D3F1C0795D0B900F6\LCCoin13.dll
+ 2006-12-19 19:28:52 482,072 -c--a-w C:\WINDOWS\system32\DRVSTORE\VX6000_2DD332AD17334A76BABFAE3D3F1C0795D0B900F6\vVX6000.dll
+ 2006-12-19 19:29:00 994,072 -c--a-w C:\WINDOWS\system32\DRVSTORE\VX6000_2DD332AD17334A76BABFAE3D3F1C0795D0B900F6\vVX6000.exe
+ 2006-12-19 19:29:04 2,383,256 -c--a-w C:\WINDOWS\system32\DRVSTORE\VX6000_2DD332AD17334A76BABFAE3D3F1C0795D0B900F6\VX6000Xp.sys
+ 2006-12-19 19:27:58 33,688 -c--a-w C:\WINDOWS\system32\DRVSTORE\VX6000_2DD332AD17334A76BABFAE3D3F1C0795D0B900F6\VX6KCamd.sys
+ 2006-12-19 19:28:54 506,648 -c--a-w C:\WINDOWS\system32\DRVSTORE\VX6000_2DD332AD17334A76BABFAE3D3F1C0795D0B900F6\VX6KTUI.dll
- 2004-09-22 23:45:44 6,656 -c--a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-08-25 02:30:16 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
- 2004-09-22 23:45:44 96,768 -c--a-w C:\WINDOWS\system32\logagent.exe
+ 2006-08-25 00:31:04 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-08-25 02:30:18 211,968 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 2006-08-25 02:30:18 258,560 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2004-08-04 07:56:42 310,272 -c--a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-08-25 02:30:18 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-08-25 02:30:18 316,928 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-04 07:56:42 384,512 -c--a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-08-25 02:30:18 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-08-25 02:30:18 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2008-04-14 00:11:57 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-08-25 02:30:18 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
- 2004-09-22 23:45:52 141,312 -c--a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-08-25 02:30:18 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2004-09-22 23:45:54 25,088 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll
+ 2006-08-25 02:30:20 27,648 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2004-09-22 23:45:54 169,472 ----a-w C:\WINDOWS\system32\MsPMSP.dll
+ 2006-08-25 02:30:20 175,104 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2004-09-22 23:45:56 360,176 ----a-w C:\WINDOWS\system32\MSSCP.dll
+ 2006-08-25 02:30:20 414,208 ----a-w C:\WINDOWS\system32\msscp.dll
- 2004-09-22 23:45:56 311,296 ----a-w C:\WINDOWS\system32\MSWMDM.dll
+ 2006-08-25 02:30:20 320,512 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2006-08-25 02:30:22 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-08-25 02:30:22 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-08-25 02:30:22 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-08-25 02:30:22 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-08-25 02:30:22 198,144 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
+ 2008-02-21 17:11:48 2,117,632 ----a-w C:\WINDOWS\system32\python25.dll
- 2004-09-22 23:46:02 221,184 -c--a-w C:\WINDOWS\system32\qasf.dll
+ 2006-08-25 02:30:22 210,432 ----a-w C:\WINDOWS\system32\qasf.dll
- 2004-09-22 23:46:10 47,104 -c--a-w C:\WINDOWS\system32\uwdf.exe
+ 2006-08-25 02:42:14 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe
- 2004-09-22 23:46:10 15,872 -c--a-w C:\WINDOWS\system32\wdfapi.dll
+ 2006-08-25 02:30:22 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll
- 2004-09-22 23:46:10 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2006-08-25 02:42:14 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
- 2004-09-22 23:46:10 380,144 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-08-25 02:30:22 757,248 ----a-w C:\WINDOWS\system32\WMADMOD.dll
- 2004-09-22 23:46:10 712,704 -c--a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-08-25 02:30:22 1,118,208 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2007-10-27 22:40:06 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2006-08-25 02:30:22 222,208 ----a-w C:\WINDOWS\system32\WMASF.dll
- 2004-09-22 23:46:12 30,208 ----a-w C:\WINDOWS\system32\WMDMLOG.dll
+ 2006-08-25 02:30:22 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2004-09-22 23:46:12 34,304 ----a-w C:\WINDOWS\system32\WMDMPS.dll
+ 2006-08-25 02:30:22 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
- 2004-09-22 23:46:12 344,064 -c--a-w C:\WINDOWS\system32\WMDRMdev.dll
+ 2006-08-25 02:30:22 428,032 ----a-w C:\WINDOWS\system32\wmdrmdev.dll
- 2004-09-22 23:46:14 290,816 -c--a-w C:\WINDOWS\system32\WMDRMNet.dll
+ 2006-08-25 02:30:24 347,648 ----a-w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-08-25 02:30:24 532,992 ------w C:\WINDOWS\system32\wmdrmsdk.dll
- 2004-09-22 23:46:14 150,016 -c--a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-08-25 02:30:24 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2004-09-22 23:46:16 1,027,072 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-08-25 02:30:24 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
- 2004-09-22 23:46:26 773,368 -c--a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-08-25 02:30:26 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2004-09-22 23:46:26 1,116,160 -c--a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-08-25 02:30:26 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2004-09-22 23:46:30 531,192 -c--a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-08-25 02:30:26 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2004-09-22 23:46:30 936,960 -c--a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-08-25 02:30:26 1,327,616 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
- 2004-09-22 23:46:32 1,181,944 -c--a-w C:\WINDOWS\system32\wmvadvd.dll
+ 2006-08-25 02:30:26 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll
- 2004-09-22 23:46:32 1,509,376 -c--a-w C:\WINDOWS\system32\WMVADVE.DLL
+ 2006-08-25 02:30:26 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
- 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-08-25 02:30:26 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-08-25 02:30:26 1,539,584 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2004-09-22 23:46:34 871,160 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-08-25 02:30:26 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2004-09-22 23:46:34 999,424 -c--a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-08-25 02:30:26 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-08-25 02:30:26 1,532,416 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-08-25 02:30:26 1,392,128 ------w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-08-25 02:30:26 790,016 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-08-25 02:30:26 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
- 2004-09-22 23:46:38 38,912 -c--a-w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-08-25 02:30:28 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll
- 2004-09-22 23:46:36 61,952 -c--a-w C:\WINDOWS\system32\wpdconns.dll
+ 2006-08-25 02:30:26 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll
- 2004-09-22 23:46:36 114,176 -c--a-w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-08-25 02:30:26 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll
- 2004-09-22 23:46:36 66,560 -c--a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-08-25 02:30:28 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-08-25 02:30:28 2,589,184 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-08-25 00:26:22 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-08-25 02:30:28 133,120 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
- 2004-09-22 23:46:36 327,680 -c--a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-08-25 02:30:28 349,184 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-05-31 11:24:16 230,168 ----a-w C:\WINDOWS\system32\xactengine2_2.dll
+ 2006-12-05 23:38:41 502,560 ----a-w C:\WINDOWS\twain_32\VX3000\TwainUI.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 04:34 32768]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-08-06 11:21 50472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-08-15 12:59 341824]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 16:16 5562368]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 16:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 06:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 06:15 483328]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2008-04-13 20:12 50176]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50 71216]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54 229952]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-11 00:57 180269]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 16:16 86016]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 19:52 1447168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 21:48 275800]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-12-05 19:38 707360]
"nwiz"="nwiz.exe" [2005-04-01 16:16 1495040 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MI-SC4"= MI-SC4.acm
"VIDC.VCR2"= ATIVCR2.DLL
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.VCR1"= ATIVCR1.DLL
"VIDC.YV12"= ATIYUV12.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dynex Wireless Networking Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dynex Wireless Networking Utility.lnk
backup=C:\WINDOWS\pss\Dynex Wireless Networking Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-08-06 11:21 50472 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2008-07-17 19:43 587568 C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager]
--a------ 2007-06-14 16:48 1282048 C:\WINDOWS\system32\wltray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 20:52 50736 C:\Program Files\Common Files\AOL\1128036475\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 18:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-04-01 16:16 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-24 03:24 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-08-31 18:40 22879528 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2004-05-11 06:33 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-02-11 00:57 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-08-19 20:34 3084288 C:\Program Files\Yahoo!\Messenger\YPager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2005-09-21 15:32 2807808 C:\WINDOWS\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-09-21 10:24 86016 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WANMiniportService"=2 (0x2)
"StarWindService"=2 (0x2)
"ose"=3 (0x3)
"mcupdmgr.exe"=3 (0x3)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"AOLService"=2 (0x2)
"AOL ACS"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\America Online 9.0b\\waol.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1128036475\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1128036475\\ee\\aim6.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\kav\\kav7\\setup.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-07-23 18:52]
R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-04 18:13]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
S3 dwusbdnt;dwusbdnt;C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys [2002-05-24 11:52]
S3 NdisWDM;Dynex Wireless G USB Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ndiswdm.sys [2007-08-31 16:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84b4489b-6b2b-11dd-a83f-00038a000015}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL chess.exe e
\Shell\Open\command - M:\chess.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7af6cc2-6901-11dc-a7fb-00038a000015}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-08-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-23 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-08-18 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-30 14:45]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ccApp - c:\Program Files\Common Files\Symantec Shared\ccApp.exe
HKLM-Run-AOL Spyware Protection - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
HKLM-Run-Music Alarm Clock - (no file)



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 12:40:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDRSRVC]
"ImagePath"="system32\drivers\PCDRSRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\wltrysvc.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\eHome\ehsched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\AOL\1128036475\ee\services\antiSpywareApp\ver2_0_31_1\AOLSP Scheduler.exe
.
**************************************************************************
.
Completion time: 2008-08-23 12:53:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-23 16:52:27
ComboFix2.txt 2008-08-21 01:03:58

Pre-Run: 53,558,517,760 bytes free
Post-Run: 53,534,396,416 bytes free

561 --- E O F --- 2008-08-22 22:27:30


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:54 PM, on 8/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\AOL\1128036475\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\program files\common files\aol\1128036475\ee\services\antiSpywareApp\ver2_0_31_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1128036475\ee\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.download.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/ka...can_unicode.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThereInstallHelper.dll
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://c:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://c:\Program Files\There\ThereClient\ThereLauncher.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://helpdesk.acomp.usf.edu/rnt/rnl/java/RntX.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 11212 bytes
Best Regards,
Jeff


"Bart: I was so bored I cut the pony tail off the guy in front of us.
[holds pony tail to his head]

Bart: Look at me, I'm a grad student. I'm 30 years old and I made $600 last year.

Marge: Bart, don't make fun of grad students. They've just made a terrible life choice."

#10 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:58 AM

Posted 23 August 2008 - 05:43 PM

Hello Jeff,

Looks good now. :thumbsup:

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against the following, if still present :O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Then, you can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#11 LizardKing64

LizardKing64
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa, FL
  • Local time:09:58 PM

Posted 23 August 2008 - 10:05 PM

Hey Thunder,
I did those 3 fixes in HJT and everything seems to be running smoothly still. It looks like this has fixed my problem! Thanks so much for all your help on this one. I can finally enjoy my new computer!! I'll let you know if I run into any other problems, but it looks good so far. Thanks again! See yah
Best Regards,
Jeff


"Bart: I was so bored I cut the pony tail off the guy in front of us.
[holds pony tail to his head]

Bart: Look at me, I'm a grad student. I'm 30 years old and I made $600 last year.

Marge: Bart, don't make fun of grad students. They've just made a terrible life choice."

#12 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:58 AM

Posted 24 August 2008 - 03:40 AM

Glad we could help, Jeff :thumbsup:

Please read this Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Please also read Tony Klein's excellent article: How I got Infected in the First Place
and/or Grinlers tutorial on how malware is hidden and installed

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users