Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Comp Acting Up


  • This topic is locked This topic is locked
10 replies to this topic

#1 naf

naf

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 30 September 2008 - 09:28 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:29 PM, on 9/30/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\AOL\1204420073\ee\aolsoftware.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Users\Nikki\AppData\Roaming\Adobe\Manager.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Nikki\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\Windows\System32\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1204420073\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Run] "C:\Users\Nikki\AppData\Roaming\Adobe\Manager.exe"
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Nikki\AppData\Local\Temp\cBsPjGYp.dll,c
O4 - HKCU\..\Run: [9e23a742] rundll32.exe "C:\Users\Nikki\AppData\Local\Temp\qxsxrnpu.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14770 bytes

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:38 AM

Posted 06 October 2008 - 08:34 PM

:thumbsup: to BleepingComputer.com

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
If you would still like help, please follow the instructions below:

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 naf

naf
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 07 October 2008 - 10:38 PM

OTViewIt logfile created on: 10/7/2008 10:20:31 AM - Run 2
OTViewIt by OldTimer - Version 1.0.10.1 Folder = C:\Users\Nikki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MA786A6Y
Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16711)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 39.15% Memory free
4.00 Gb Paging File | 1.90 Gb Available in Paging File | 47.62% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.31 Gb Total Space | 110.35 Gb Free Space | 50.09% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.64 Gb Free Space | 56.43% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NIKKI-PC

KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, October 7, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, October 07, 2008 16:06:44
Records in database: 1297866


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\

Scan statistics
Files scanned 163384
Threat name 5
Infected objects 9
Suspicious objects 0
Duration of the scan 06:50:30

File name Threat name Threats count
C:\Users\Nikki\AppData\Local\Temp\a.exe Infected: Trojan.Win32.FraudPack.aiv 1

C:\Users\Nikki\AppData\Local\Temp\a.exe Infected: Trojan.Win32.FraudPack.aiq 1

C:\Users\Nikki\AppData\Local\Temp\codec.exe Infected: Trojan.Win32.Delf.eun 1

C:\Users\Nikki\AppData\Local\Temp\HDVideoCodec_ver1.590359035903590359035903590359035903590359035903.0.exe Infected: Trojan-Downloader.Win32.Zlob.aacx 1

C:\Users\Nikki\AppData\Local\Temp\HDVideoCodec_ver1.5903590359035903590359035903590359035903590359035903.0.exe Infected: Trojan-Downloader.Win32.Zlob.aacx 1

C:\Users\Nikki\AppData\Local\Temp\HDVideoCodec_ver1.59035903590359035903590359035903590359035903590359035903.0.exe Infected: Trojan-Downloader.Win32.Zlob.aacx 1

C:\Users\Nikki\AppData\Local\Temp\HDVideoCodec_ver1.590359035903590359035903590359035903590359035903590359035903.0.exe Infected: Trojan-Downloader.Win32.Zlob.aacx 1

C:\Users\Nikki\AppData\Local\Temp\tynaenss.dll Infected: Trojan.Win32.Vapsup.mao 1

C:\Users\Nikki\AppData\Roaming\Adobe\Manager.exe Infected: Trojan.Win32.Delf.eun 1

The selected area was scanned.

Current User Name: Nikki
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/11/02 04:45:57 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2006/11/02 04:45:21 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2008/03/02 10:02:58 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2007/12/12 01:02:14 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
[2007/12/12 01:01:26 | 02,506,752 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE
[2006/11/02 07:34:30 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanext.exe
[2008/01/25 17:47:02 | 00,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2006/11/02 04:45:04 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2006/11/02 04:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2007/09/24 04:27:30 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
[2007/08/29 00:54:58 | 00,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
[2007/09/07 13:23:36 | 00,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
[2007/09/26 05:47:22 | 00,154,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
[2007/09/26 05:47:26 | 00,129,560 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
[2007/05/31 10:21:28 | 00,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdc.exe
[2007/07/27 17:43:34 | 00,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
[2007/12/12 01:02:12 | 03,444,736 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
[2006/10/03 12:37:04 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2008/07/25 16:38:56 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2007/11/01 16:39:28 | 00,189,736 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
[2006/04/13 15:36:53 | 00,050,792 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1204420073\ee\aolsoftware.exe
[2006/12/10 22:52:38 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2007/09/06 15:53:40 | 00,169,264 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
[2008/01/25 17:47:02 | 00,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2008/10/01 18:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2007/03/15 13:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
[2008/01/03 11:15:06 | 00,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
[2008/08/13 18:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
[2008/05/14 13:41:50 | 00,785,520 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
[2006/11/02 07:36:04 | 00,201,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2008/08/21 10:45:42 | 00,888,832 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe
[2008/08/28 10:18:24 | 03,660,848 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[2008/09/15 15:37:23 | 00,015,360 | ---- | M] () -- C:\Users\Nikki\AppData\Roaming\Adobe\Manager.exe
[2006/11/02 04:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2006/11/03 19:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
[2007/01/02 22:40:10 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2004/10/15 14:26:54 | 02,080,768 | ---- | M] (3M) -- C:\Program Files\3M\PSNLite\PsnLite.exe
[2007/09/26 05:47:30 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
[2007/07/20 19:13:26 | 01,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
[2008/07/25 16:38:56 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2004/10/15 14:27:22 | 00,065,536 | ---- | M] (3M) -- C:\Program Files\3M\PSNLite\PSNGive.exe
[2008/07/25 16:38:56 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2007/08/29 16:25:16 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/09/28 13:24:36 | 00,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
[2007/02/22 16:33:06 | 00,294,912 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe
[2006/11/05 12:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
[2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
[2007/09/07 13:25:12 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
[2008/01/12 04:26:27 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2006/08/04 19:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
[2006/11/02 07:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2006/11/02 04:46:00 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2006/11/02 04:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2007/09/24 04:27:28 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
[2007/09/24 04:27:28 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
[2007/09/24 04:27:38 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
[2007/05/25 12:16:08 | 00,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
[2008/02/09 16:06:32 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2006/11/02 04:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2008/07/19 00:10:40 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2008/03/28 18:48:11 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[2007/02/22 16:32:16 | 00,049,152 | ---- | M] (Pharos Systems International) -- C:\Program Files\Pharos\bin\popnet.exe
[2008/10/01 18:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
[2008/06/26 22:54:09 | 00,301,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
[2008/06/26 22:54:09 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/03/24 21:32:44 | 00,218,496 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil9f.exe
[2008/06/26 22:54:09 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/06/26 22:54:09 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/07/27 10:23:12 | 00,020,480 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative Live! Cam\VideoFX\StartFX.exe
[2006/11/02 07:34:48 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
[2007/05/11 04:06:38 | 00,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
[2008/10/07 10:20:05 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Users\Nikki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MA786A6Y\OTViewIt[1].exe

========== (O23) Win32 Services ==========

[2007/08/29 16:25:16 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters [Auto | Running])
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/03/19 20:19:14 | 00,263,168 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer [On_Demand | Stopped])
[2008/02/09 16:06:32 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/01/25 17:47:02 | 00,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
[2008/01/25 17:47:02 | 00,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
[2006/11/02 01:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/01/25 17:47:02 | 00,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
[2006/11/02 07:36:25 | 02,089,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2008/01/12 04:32:13 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2007/03/19 13:44:44 | 00,070,656 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
[2008/01/12 04:25:38 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2006/11/02 07:36:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/07/25 16:38:56 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])
[2006/11/02 04:46:05 | 00,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
[2008/01/11 21:17:28 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/11/02 07:36:02 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/08/04 11:20:16 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
[2008/01/25 17:47:02 | 00,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Running])
[2007/09/28 13:24:36 | 00,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service [Auto | Running])
[2006/11/02 08:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2006/11/02 07:36:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/02/22 16:33:06 | 00,294,912 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster [Auto | Running])
[2006/11/05 12:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2006/11/05 12:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Running])
[2006/11/02 04:46:12 | 00,545,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (RpcSs [Unknown | Running])
[2006/11/02 04:46:12 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
[2008/03/02 10:02:58 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 04:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
[2007/09/07 13:25:12 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe -- (STacSV [Auto | Running])
[2006/09/14 15:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2008/03/28 18:48:11 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])
[2008/03/02 01:24:17 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller [Unknown | Stopped])
[2006/11/02 04:45:50 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2006/11/02 04:45:50 | 00,392,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2007/12/12 01:02:14 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
[2006/11/02 07:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
[2008/01/12 04:26:27 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
[2006/08/04 19:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService [Auto | Running])

========== Driver Services ==========

[2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2008/01/12 04:38:19 | 00,017,592 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2008/01/12 04:25:25 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2008/01/12 04:38:19 | 00,018,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 03:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006/11/02 03:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2007/09/24 04:27:26 | 00,155,136 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2007/05/21 00:43:56 | 00,179,712 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x [On_Demand | Running])
[2007/12/12 01:02:00 | 01,044,984 | ---- | M] (Broadcom Corp.) -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX [On_Demand | Running])
File not found -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive [Disabled | Stopped])
[2006/11/02 03:31:12 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 03:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006/11/02 03:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/03/02 01:24:20 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2008/01/12 04:38:19 | 00,019,128 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])
[2006/11/02 04:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 03:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2006/11/02 03:31:04 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2006/11/02 03:51:04 | 00,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4.sys -- (Dot4 [On_Demand | Stopped])
[2006/11/02 03:51:02 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped])
[2006/11/02 03:51:03 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4usb.sys -- (dot4usb [On_Demand | Stopped])
[2006/10/05 18:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
[2007/02/25 13:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2008/01/12 04:26:05 | 00,621,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/02 02:30:55 | 00,200,704 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express [On_Demand | Stopped])
[2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2006/11/02 07:34:35 | 00,132,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2008/09/02 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008/09/02 03:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2006/11/02 04:49:58 | 00,056,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2006/11/02 03:32:55 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2006/11/02 04:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/01/12 04:27:21 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 03:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 03:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/11/02 21:43:30 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2006/11/02 21:42:18 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
[2007/04/23 05:51:56 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Boot | Running])
[2008/09/12 02:33:24 | 00,270,384 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20081003.001\IDSvix86.sys -- (IDSvix86 [System | Running])
[2007/09/26 05:47:24 | 01,899,008 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx [On_Demand | Running])
[2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2006/11/02 03:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2006/11/02 04:51:12 | 00,168,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2008/03/02 01:24:14 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2006/11/02 03:56:49 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2006/11/02 03:33:07 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006/06/19 16:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008/03/12 00:52:21 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006/11/02 04:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008/01/12 04:27:50 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2007/03/20 06:21:18 | 00,046,848 | ---- | M] (Mars Semiconductor Corp.) -- C:\Windows\System32\drivers\mr7910.sys -- (mr7910 [On_Demand | Stopped])
[2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2006/11/02 03:31:27 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008/03/02 10:02:05 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2008/01/12 04:38:19 | 00,025,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 04:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2008/01/12 04:25:25 | 00,013,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2006/11/02 04:51:09 | 00,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2007/05/03 14:37:08 | 00,022,152 | ---- | M] (Maxtor Corp.) -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD [On_Demand | Stopped])
[2008/03/02 01:17:56 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2008/08/20 03:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20081006.041\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/08/20 03:00:00 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20081006.041\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2006/11/02 03:57:30 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2008/01/12 04:25:25 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2007/08/29 00:54:56 | 00,235,520 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev [On_Demand | Running])
[2007/08/29 00:55:06 | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx [On_Demand | Running])
[2006/11/02 04:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2008/01/12 04:32:13 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2006/07/24 04:00:00 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2006/11/02 07:34:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2006/11/02 02:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (R300 [On_Demand | Stopped])
[2006/11/02 04:02:01 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2006/11/27 02:48:44 | 00,032,256 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])
[2006/11/27 02:48:44 | 00,043,520 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk [Auto | Running])
[2006/11/27 02:48:46 | 00,037,376 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp [Auto | Running])
[2006/11/02 03:56:49 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/11/02 04:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2008/01/12 04:31:18 | 00,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/03/02 01:24:15 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2008/01/12 04:31:18 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2008/01/12 04:31:18 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2008/01/12 04:31:18 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2008/01/12 04:25:25 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008/01/12 04:26:17 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2008/01/16 20:05:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
[2006/11/02 04:49:35 | 00,018,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008/01/31 17:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP [System | Running])
[2008/01/31 17:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])
[2008/01/31 17:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX [System | Running])
[2008/03/02 10:02:03 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008/03/02 10:02:04 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2007/09/07 13:26:04 | 00,330,240 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA [On_Demand | Running])
[2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2008/06/13 14:13:38 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])
[2008/08/20 09:36:09 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2008/06/13 14:13:38 | 00,096,432 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])
[2008/06/13 14:14:02 | 00,024,112 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM [System | Running])
[2008/06/13 14:13:40 | 00,041,008 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV [On_Demand | Running])
[2008/06/13 14:13:38 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2008/06/13 14:13:40 | 00,184,240 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2006/11/02 03:57:47 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2006/11/02 03:57:35 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2006/11/02 04:02:07 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2008/01/12 04:27:50 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008/01/12 04:27:50 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006/11/02 04:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2008/01/12 04:25:25 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2006/11/02 03:55:24 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006/11/02 03:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2006/11/02 03:57:48 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
[2006/11/02 03:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 03:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2008/01/12 04:38:19 | 00,020,152 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2008/01/12 04:25:25 | 00,050,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2008/01/12 04:25:52 | 00,293,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 03:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 04:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/03/02 01:24:16 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006/11/02 21:42:08 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/03/02 10:03:36 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [On_Demand | Running])
[2006/11/02 03:58:26 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2006/08/04 19:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio [Auto | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Secondary Start Pages"=
"Start Page"=http://www.google.com/
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1463702005-4269622687-1015911835-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Secondary Start Pages"=
"Start Page"=http://www.google.com/
"StartPageCache"=

[HKEY_USERS\S-1-5-21-1463702005-4269622687-1015911835-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1463702005-4269622687-1015911835-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_USERS\S-1-5-21-1463702005-4269622687-1015911835-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1463702005-4269622687-1015911835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{145B29F4-A56B-4b90-BBAC-45784EBEBBB7} (HKLM) -- C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
{AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} (HKLM) -- C:\Windows\System32\TwcToolbarBho.dll ()
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2E5E800E-6AC0-411E-940A-369530A35E43}" (HKLM) -- C:\Windows\System32\TwcToolbarIe7.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{5093EB4C-3E93-40AB-9266-B607BA87BDC8}" (HKLM) -- C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{D0943516-5076-4020-A3B5-AEFAF26AB263}" (HKLM) -- C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1463702005-4269622687-1015911835-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1463702005-4269622687-1015911835-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_USERS\S-1-5-21-1463702005-4269622687-1015911835-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Apoint"=C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe (Dell Inc.)
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s (Creative Technology Ltd.)
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( )
"ECenter"=C:\Dell\E-Center\EULALauncher.exe ( )
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
"HostManager"=C:\Program Files\Common Files\AOL\1204420073\ee\AOLSoftware.exe (America Online, Inc.)
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe (Intel Corporation)
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
"IgfxTray"=C:\Windows\system32\igfxtray.exe (Intel Corporation)
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (Macrovision Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" (Maxtor Corporation)
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" (CyberLink Corp.)
"Persistence"=C:\Windows\system32\igfxpers.exe (Intel Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SigmatelSysTrayApp"=%ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"9e23a742"=rundll32.exe "C:\Users\Nikki\AppData\Local\Temp\glmfxcev.dll",b ()
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
"ares"="C:\Program Files\Ares\Ares.exe" -h (Ares Development Group)
"cmds"=rundll32.exe C:\Users\Nikki\AppData\Local\Temp\cBsPjGYp.dll,c ()
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" /startup (Gteko Ltd.)
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" (The Weather Channel Interactive, Inc.)
"MSServer"=rundll32.exe C:\Users\Nikki\AppData\Local\Temp\geBtSLET.dll,#1 ()
"Run"="C:\Users\Nikki\AppData\Roaming\Adobe\Manager.exe" ()
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide (Veoh Networks)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1463702005-4269622687-1015911835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"9e23a742"=rundll32.exe "C:\Users\Nikki\AppData\Local\Temp\glmfxcev.dll",b ()
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
"ares"="C:\Program Files\Ares\Ares.exe" -h (Ares Development Group)
"cmds"=rundll32.exe C:\Users\Nikki\AppData\Local\Temp\cBsPjGYp.dll,c ()
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" /startup (Gteko Ltd.)
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" (The Weather Channel Interactive, Inc.)
"MSServer"=rundll32.exe C:\Users\Nikki\AppData\Local\Temp\geBtSLET.dll,#1 ()
"Run"="C:\Users\Nikki\AppData\Roaming\Adobe\Manager.exe" ()
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide (Veoh Networks)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar Search: c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html [2006/09/07 15:59:50 | 00,000,747 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
StumbleUpon PhotoBlog It!: File not found

[HKEY_USERS\S-1-5-21-1463702005-4269622687-1015911835-1000\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar Search: c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html [2006/09/07 15:59:50 | 00,000,747 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
StumbleUpon PhotoBlog It!: File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0\bin\npjpi160.dll [2008/01/11 20:55:45 | 00,132,744 | ---- | M] (Sun Microsystems, Inc.)
{2E5E800E-6AC0-411E-940A-369530A35E43}: Button: The Weather Channel -- Reg Error: Key does not exist or could not be opened. File not found
{2E5E800E-6AC0-411E-940A-369530A35E43}: Menu: The Weather Channel -- File not found
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 -- %SystemRoot%\WindowsMobile\INetRepl.dll [2007/05/31 10:21:16 | 00,176,520 | ---- | M] (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Menu: @C:\Windows\WindowsMobile\INetRepl.dll,-223 -- %SystemRoot%\WindowsMobile\INetRepl.dll [2007/05/31 10:21:16 | 00,176,520 | ---- | M] (Microsoft Corporation)
{3369AF0D-62E9-4bda-8103-B4C75499B578}: Button: AIM Toolbar -- %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [2007/10/10 09:56:58 | 01,090,912 | ---- | M] (AOL LLC)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
GD: ":Range"=127.0.0.1 -- http in Local intranet |

[HKEY_USERS\S-1-5-21-1463702005-4269622687-1015911835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
GD: ":Range"=127.0.0.1 -- http in Local intranet |

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/Facebo...toUploader5.cab -- Facebook Photo Uploader 5
{6F15128C-E66A-490C-B848-5000B5ABEEAC}: https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab -- HP Download Manager
{80AEEC0E-A2BE-4B8D-985F-350FE869DC40}: http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab -- HPDDClientExec Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{2782E986-A587-4688-A3C4-6E2F65C070CB} (Servers: | Description: Broadcom NetLink ™ Fast Ethernet)
{839F5814-CC2C-493A-B296-B8F9C0CE70DB} (Servers: | Description: Microsoft Windows Mobile Remote Adapter)
{C89C3A76-E947-4DD9-90D6-51B5126DD31A} (Servers: | Description: Dell Wireless 1395 WLAN Mini-Card)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
>[2008/07/25 16:38:57 | 00,113,664 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\Windows\System32\igfxdev.dll (Intel Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2006/11/02 04:46:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2006/11/02 04:46:13 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 16:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a55f61e-20fb-11dd-8971-001c23fcb6de}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a55f61e-20fb-11dd-8971-001c23fcb6de}\Shell\AutoRun\command]
""=G:\LaunchU3.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9df2f6c3-21cd-11dd-a45e-001c23fcb6de}\Shell\AutoRun\command]
""=w0o.com


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9df2f6c3-21cd-11dd-a45e-001c23fcb6de}\Shell\explore\Command]
""=w0o.com


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9df2f6c3-21cd-11dd-a45e-001c23fcb6de}\Shell\open\Command]
""=w0o.com


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f322495-e8a7-11dc-b0f9-001c23fcb6de}\Shell\AutoRun\command]
""=.\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f04a98f3-4f67-11dd-859e-001c23fcb6de}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f04a98f3-4f67-11dd-859e-001c23fcb6de}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=.\Encryption Tool\MaxtorEncryption.exe

========== Files/Folders - Created Within 30 Days ==========

[2008/10/07 10:18:48 | 00,421,376 | ---- | C] (OldTimer Tools) -- C:\Users\Nikki\Desktop\OTViewIt.exe
[2008/10/05 13:02:48 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2008/10/05 13:01:55 | 00,000,000 | ---D | C] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/05 13:01:55 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/09/30 21:25:43 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Nikki\Desktop\HiJackThis.exe
[2008/09/26 18:53:10 | 00,000,750 | ---- | C] () -- C:\Users\Nikki\Desktop\Ares.lnk
[2008/09/26 18:53:06 | 00,000,000 | ---D | C] -- C:\Program Files\Ares
[2008/09/15 13:13:46 | 00,001,838 | ---- | C] () -- C:\Users\Nikki\Desktop\Launch VeohTV.lnk
[2008/09/15 13:11:26 | 00,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2008/09/12 15:11:15 | 00,000,000 | ---D | C] -- C:\Users\Nikki\AppData\Local\Ares
[2008/09/11 13:35:14 | 00,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2008/09/11 13:34:52 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2008/09/11 13:33:06 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2008/09/11 13:29:05 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/09/11 13:25:46 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/09/10 08:15:06 | 01,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2008/09/10 08:15:05 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2008/09/10 08:15:04 | 04,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2008/09/10 08:15:01 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2008/10/07 10:18:50 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Users\Nikki\Desktop\OTViewIt.exe
[2008/10/07 10:06:10 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2008/10/07 10:06:10 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2008/10/07 00:36:54 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2008/10/06 21:47:38 | 00,000,480 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus - Run Full System Scan - Nikki.job
[2008/10/06 16:50:59 | 00,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2008/10/06 16:50:59 | 00,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2008/10/06 16:50:58 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2008/10/06 13:06:12 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2008/10/06 13:05:52 | 21,370,42944 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/06 13:04:54 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2008/10/06 13:04:21 | 01,500,612 | -H-- | M] () -- C:\Users\Nikki\AppData\Local\IconCache.db
[2008/10/05 13:02:48 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2008/10/04 23:24:32 | 00,141,824 | ---- | M] () -- C:\Users\Nikki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/30 21:25:46 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Nikki\Desktop\HiJackThis.exe
[2008/09/26 18:53:10 | 00,000,750 | ---- | M] () -- C:\Users\Nikki\Desktop\Ares.lnk
[2008/09/23 22:08:38 | 00,000,275 | ---- | M] () -- C:\Windows\win.ini
[2008/09/15 13:13:46 | 00,001,838 | ---- | M] () -- C:\Users\Nikki\Desktop\Launch VeohTV.lnk
[2008/09/11 13:35:14 | 00,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
< End of report >

OTViewIt Extras logfile created on: 10/7/2008 10:20:31 AM - Run 2
OTViewIt by OldTimer - Version 1.0.10.1 Folder = C:\Users\Nikki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MA786A6Y
Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16711)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 39.15% Memory free
4.00 Gb Paging File | 1.90 Gb Available in Paging File | 47.62% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.31 Gb Total Space | 110.35 Gb Free Space | 50.09% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.64 Gb Free Space | 56.43% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NIKKI-PC
Current User Name: Nikki
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
"UacDisableNotify"=1
"InternetSettingsDisableNotify"=1
"AutoUpdateDisableNotify"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000006 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/06/05 04:18:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/01 15:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}"=Roxio Creator Tools
"{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"{0D397393-9B50-4c52-84D5-77E344289F87}"=Roxio Creator Data
"{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}"=QuickSet
"{179C56A4-F57F-4561-8BBF-F911D26EB435}"=WebReg
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}"=Live! Cam Avatar v1.0
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}"=Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}"=AOL Install
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}"=HP Deskjet All-In-One Software 8.0
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}"=Scan
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Roxio Update Manager
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}"=Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160000}"=Java™ SE Runtime Environment 6
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}"=Norton AntiVirus Help
"{352310C3-E46B-42D3-8F32-54721FDD72D9}"=NetZeroInstallers
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}"=Sonic Activation Module
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{48B82226-75E3-4E90-92CC-D30F79EA6380}"=Norton Security Scan
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}"=DocProc
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}"=Cisco PEAP Module
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}"=User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}"=EarthLink Setup Files
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}"=Roxio Creator Copy
"{62120008-8E1E-4807-860D-A8B48F8552DB}"=Norton Protection Center
"{62230596-37E5-4618-A329-0D21F529A86F}"=Browser Address Error Redirector
"{657F8B33-CBBB-45F4-9087-274F22C89400}"=DJ_AIO_ProductContext
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}"=Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}"=HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{6DA9102E-199F-43A0-A36B-6EF48081A658}"=MobileMe Control Panel
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{76F9CF97-FC4B-4E20-B363-D127C888448F}"=Cisco LEAP Module
"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}"=Norton AntiVirus
"{7A634EAD-CA78-4085-9157-0C31A9324FF4}"=SymNet
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}"=Fax
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}"=Dell Getting Started Guide
"{7DDEABFB-0621-4321-B385-CB86D3A6F90F}"=F4100
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}"=DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}"=Roxio Creator Audio
"{87E2B986-07E8-477a-93DC-AF0B6758B192}"=DocProcQFolder
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}"=Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}"=Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8C6027FD-53DC-446D-BB75-CACD7028A134}"=HP Update
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{904CCF62-818D-4675-BC76-D37EB399F917}"=Windows Mobile Device Center
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint Viewer 2007 (English)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}"=MarketResearch
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{978C25EE-5777-46e4-8988-732C297CBDBD}"=Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}"=Destinations
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}"=OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}"=MediaDirect
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}"=DJ_AIO_Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=Dell Touchpad
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}"=SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}"=Copy
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{ACE22C48-49D7-4531-BE20-5C3D03393AB6}"=F4100_Help
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}"=AIO_Scan
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}"=ccCommon
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}"=HP Deskjet All-In-One Software 9.0
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}"=DJ_AIO_Software_min
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}"=BufferChm
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}"=Cisco EAP-FAST Module
"{C716522C-3731-4667-8579-40B098294500}"=Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}"=Roxio Creator DE
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}"=HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{C99C0593-3B48-41D9-B42F-6E035B320449}"=Broadcom Management Programs
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}"=Safari
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}"=Internet Service Offers Launcher
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}"=Roxio MyDVD DE
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}"=Symantec Real Time Storage Protection Component
"{D7769185-9A7C-48D4-8874-5388743A1DE2}"=Music, Photos & Videos Launcher
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}"=LiveUpdate Notice (Symantec Corporation)
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DC83F417-8068-4074-BA2F-C4F8AB872556}"=DJ_AIO_Software_min
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}"=UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}"=AIO_CDB_Software
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}"=Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{E7044E25-3038-4A76-9064-344AC038043E}"=Windows Mobile Device Center Driver Update
"{E80F62FF-5D3C-4A19-8409-9721F2928206}"=LiveUpdate (Symantec Corporation)
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}"=Toolbox
"{EB21A812-671B-4D08-B974-2A347F0D8F70}"=HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}"=HPSSupply
"{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}"=Maxtor Manager
"{ED3F469E-D9EC-4DF1-968F-5812CE2F30F8}"=HP Driver Diagnostics
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}"=32 Bit HP CIO Components Installer
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}"=Modem Diagnostic Tool
"{FF075778-6E50-47ed-991D-3B07FD4E3250}"=TrayApp
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"Advanced Audio FX Engine"=Advanced Audio FX Engine
"Advanced Video FX Engine"=Advanced Video FX Engine
"AIM Toolbar"=AIM Toolbar 5.0
"AIM_6"=AIM 6
"AIMTunes"=AIMTunes
"AOL Uninstaller"=AOL Uninstaller (Choose which Products to Remove)
"Ares"=Ares 2.0.9
"Broadcom 802.11b Network Adapter"=Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F"=Conexant HDA D330 MDC V.92 Modem
"Creative OEM002"=Laptop Integrated Webcam Driver (1.03.02.0719)
"Dell Webcam Center"=Dell Webcam Center
"Dell Webcam Manager"=Dell Webcam Manager
"EasyJob Resume Builder_is1"=EasyJob Resume Builder 4.65.2194
"Google Desktop"=Google Desktop
"HijackThis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools"=HP Solution Center 8.0
"HPExtendedCapabilities"=HP Customer Participation Program 8.0
"HPOCR"=HP OCR Software 8.0
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"InstallShield_{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}"=Maxtor Manager
"Pharos"=Pharos
"PSN"=Post-it® Software Notes Lite
"PsuedoLiveUpdate"=LiveUpdate (Symantec Corporation)
"StumbleUponIEToolbar"=StumbleUpon IE Toolbar
"SymSetup.{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}"=Norton AntiVirus (Symantec Corporation)
"The Weather Channel Desktop 6"=The Weather Channel Desktop 6
"The Weather Channel Toolbar"=The Weather Channel Toolbar
"ViewpointMediaPlayer"=Viewpoint Media Player
"Weather Services"=Weather Services
"Windows Mobile Device Handbook"=Touch by HTC™ User Guide
"Yahoo! Companion"=Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"USAGYMNASTICS"=USA Gymnastics Desktop Communicator

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1463702005-4269622687-1015911835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"USAGYMNASTICS"=USA Gymnastics Desktop Communicator

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/6/2008 12:33:20 AM | Computer Name = Nikki-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6000.16549, time stamp
0x46d230c5, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000374, fault offset 0x000af1c9, process id 0x1bcc, application
start time 0x01c92761bc993d00.

Error - 10/6/2008 1:14:13 AM | Computer Name = Nikki-PC | Source = Application Error | ID = 1000
Description = Faulting application WLTRAY.EXE, version 4.170.25.12, time stamp 0x46f343b5,
faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception
code 0xc015000f, fault offset 0x00077bf3, process id 0x9e4, application start time
0x01c9271963d618d9.

Error - 10/6/2008 9:51:29 AM | Computer Name = Nikki-PC | Source = Application Error | ID = 1000
Description = Faulting application HDVideoCodec_ver1.5903590359035903590359035903590359035903590359,
version 0.0.0.0, time stamp 0x48ea0de9, faulting module ntdll.dll, version 6.0.6000.16386,
time stamp 0x4549bdc9, exception code 0xc0000005, fault offset 0x000633f8, process
id 0x151c, application start time 0x01c927baa1a1ddf0.

Error - 10/6/2008 10:51:44 AM | Computer Name = Nikki-PC | Source = Application Error | ID = 1000
Description = Faulting application HDVideoCodec_ver1.5903590359035903590359035903590359035903590359,
version 0.0.0.0, time stamp 0x48ea0de9, faulting module ntdll.dll, version 6.0.6000.16386,
time stamp 0x4549bdc9, exception code 0xc0000005, fault offset 0x000633f8, process
id 0x1888, application start time 0x01c927c30cb934a0.

Error - 10/6/2008 11:52:01 AM | Computer Name = Nikki-PC | Source = Application Error | ID = 1000
Description = Faulting application HDVideoCodec_ver1.5903590359035903590359035903590359035903590359,
version 0.0.0.0, time stamp 0x48ea24ab, faulting module ntdll.dll, version 6.0.6000.16386,
time stamp 0x4549bdc9, exception code 0xc0000005, fault offset 0x000633f8, process
id 0x1cd8, application start time 0x01c927cb78604830.

Error - 10/6/2008 1:58:39 PM | Computer Name = Nikki-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6000.16711 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1768 Start Time: 01c927dc9e1fd7ac Termination Time: 797

Error - 10/6/2008 2:04:00 PM | Computer Name = Nikki-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6000.16711 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 11d0 Start Time: 01c927dd2da246bc Termination Time: 1195

Error - 10/6/2008 2:04:44 PM | Computer Name = Nikki-PC | Source = EventSystem | ID = 4621
Description =

Error - 10/6/2008 6:18:09 PM | Computer Name = Nikki-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16711, time stamp
0x486445ce, faulting module kernel32.dll, version 6.0.6000.20608, time stamp 0x465cf04b,
exception code 0xe06d7363, fault offset 0x0001b08e, process id 0x15c4, application
start time 0x01c927e66a17446d.

Error - 10/6/2008 10:54:05 PM | Computer Name = Nikki-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16711, time stamp
0x486445ce, faulting module kernel32.dll, version 6.0.6000.20608, time stamp 0x465cf04b,
exception code 0xe06d7363, fault offset 0x0001b08e, process id 0x1e88, application
start time 0x01c92827b566fcdd.

[ System Events ]
Error - 9/20/2008 8:21:40 PM | Computer Name = Nikki-PC | Source = bowser | ID = 8003
Description =

Error - 9/20/2008 8:22:14 PM | Computer Name = Nikki-PC | Source = bowser | ID = 8003
Description =

Error - 9/20/2008 8:25:12 PM | Computer Name = Nikki-PC | Source = bowser | ID = 8003
Description =

Error - 9/20/2008 8:27:27 PM | Computer Name = Nikki-PC | Source = bowser | ID = 8003
Description =

Error - 9/20/2008 8:30:36 PM | Computer Name = Nikki-PC | Source = bowser | ID = 8003
Description =

Error - 9/20/2008 8:31:41 PM | Computer Name = Nikki-PC | Source = bowser | ID = 8003
Description =

Error - 9/20/2008 8:35:45 PM | Computer Name = Nikki-PC | Source = bowser | ID = 8003
Description =

Error - 9/20/2008 8:37:11 PM | Computer Name = Nikki-PC | Source = bowser | ID = 8003
Description =

Error - 9/20/2008 8:39:26 PM | Computer Name = Nikki-PC | Source = bowser | ID = 8003
Description =

Error - 9/20/2008 8:42:36 PM | Computer Name = Nikki-PC | Source = bowser | ID = 8003
Description =


< End of report >

KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, October 7, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, October 07, 2008 16:06:44
Records in database: 1297866


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\

Scan statistics
Files scanned 163384
Threat name 5
Infected objects 9
Suspicious objects 0
Duration of the scan 06:50:30

File name Threat name Threats count
C:\Users\Nikki\AppData\Local\Temp\a.exe Infected: Trojan.Win32.FraudPack.aiv 1

C:\Users\Nikki\AppData\Local\Temp\a.exe Infected: Trojan.Win32.FraudPack.aiq 1

C:\Users\Nikki\AppData\Local\Temp\codec.exe Infected: Trojan.Win32.Delf.eun 1

C:\Users\Nikki\AppData\Local\Temp\HDVideoCodec_ver1.590359035903590359035903590359035903590359035903.0.exe Infected: Trojan-Downloader.Win32.Zlob.aacx 1

C:\Users\Nikki\AppData\Local\Temp\HDVideoCodec_ver1.5903590359035903590359035903590359035903590359035903.0.exe Infected: Trojan-Downloader.Win32.Zlob.aacx 1

C:\Users\Nikki\AppData\Local\Temp\HDVideoCodec_ver1.59035903590359035903590359035903590359035903590359035903.0.exe Infected: Trojan-Downloader.Win32.Zlob.aacx 1

C:\Users\Nikki\AppData\Local\Temp\HDVideoCodec_ver1.590359035903590359035903590359035903590359035903590359035903.0.exe Infected: Trojan-Downloader.Win32.Zlob.aacx 1

C:\Users\Nikki\AppData\Local\Temp\tynaenss.dll Infected: Trojan.Win32.Vapsup.mao 1

C:\Users\Nikki\AppData\Roaming\Adobe\Manager.exe Infected: Trojan.Win32.Delf.eun 1

The selected area was scanned.

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:38 AM

Posted 07 October 2008 - 11:24 PM

Hello naf.

Hmm... not fun stuff in here :thumbsup:

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 naf

naf
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 09 October 2008 - 04:27 PM

ComboFix 08-10-08.02 - Nikki 2008-10-09 16:16:37.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.988 [GMT -5:00]
Running from: C:\Users\Nikki\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Nikki\AppData\Roaming\Adobe\crc.dat
C:\Users\Nikki\AppData\Roaming\Adobe\Manager.exe
C:\Windows\Downloaded Program Files\setup.inf
C:\Windows\system32\AutoRun.inf

----- BITS: Possible infected sites -----

hxxp://directcubetwo.net
hxxp://pornotube30.net
.
((((((((((((((((((((((((( Files Created from 2008-09-09 to 2008-10-09 )))))))))))))))))))))))))))))))
.

2008-10-09 12:49 . 2008-10-09 12:49 124,464 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-10-09 12:49 . 2008-10-09 12:48 25,136 -ra------ C:\Windows\System32\drivers\SymIMV.sys
2008-10-09 12:49 . 2008-10-09 12:49 10,635 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-10-09 12:49 . 2008-10-09 12:49 806 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-10-09 12:48 . 2008-10-09 12:48 <DIR> d-------- C:\Windows\System32\drivers\NAV
2008-10-09 12:48 . 2008-10-09 12:48 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-10-09 12:38 . 2008-10-09 12:38 <DIR> d-------- C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP
2008-10-09 12:32 . 2008-10-09 12:32 <DIR> d-------- C:\Users\All Users\PCSettings
2008-10-09 12:32 . 2008-10-09 12:32 <DIR> d-------- C:\ProgramData\PCSettings
2008-10-09 12:31 . 2008-10-09 12:54 <DIR> d-------- C:\Users\All Users\Norton
2008-10-09 12:31 . 2008-10-09 12:54 <DIR> d-------- C:\ProgramData\Norton
2008-10-09 12:29 . 2008-10-09 12:29 <DIR> d-------- C:\Users\All Users\NortonInstaller
2008-10-09 12:29 . 2008-10-09 12:29 <DIR> d-------- C:\ProgramData\NortonInstaller
2008-10-09 12:29 . 2008-10-09 12:29 <DIR> d-------- C:\Program Files\NortonInstaller
2008-10-09 12:27 . 2008-10-09 12:27 <DIR> d-------- C:\Users\All Users\Symantec Temporary Files
2008-10-09 12:27 . 2008-10-09 12:27 <DIR> d-------- C:\ProgramData\Symantec Temporary Files
2008-10-08 23:32 . 2008-10-08 23:38 1,905 --a------ C:\Windows\diagwrn.xml
2008-10-08 23:32 . 2008-10-08 23:38 1,905 --a------ C:\Windows\diagerr.xml
2008-10-08 20:31 . 2006-12-15 11:04 258,048 --a------ C:\Windows\System32\hpzids01.dll
2008-10-05 13:01 . 2008-10-05 13:02 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-05 13:01 . 2008-10-05 13:02 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-05 13:01 . 2008-10-05 13:02 <DIR> d-------- C:\Program Files\iTunes
2008-09-26 18:53 . 2008-09-28 19:27 <DIR> d-------- C:\Program Files\Ares
2008-09-15 13:11 . 2008-09-15 13:11 <DIR> d-------- C:\Program Files\Veoh Networks
2008-09-11 13:34 . 2008-09-11 13:35 <DIR> d-------- C:\Program Files\Safari
2008-09-11 13:33 . 2008-09-11 13:33 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-09-11 13:33 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll
2008-09-11 13:33 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-09-11 13:29 . 2008-09-11 13:29 <DIR> d-------- C:\Program Files\Bonjour
2008-09-11 13:25 . 2008-09-11 13:26 <DIR> d-------- C:\Program Files\QuickTime
2008-09-10 08:15 . 2008-07-30 18:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 08:15 . 2008-07-30 22:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-09-10 08:15 . 2008-06-25 22:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 08:15 . 2008-07-30 22:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 20:37 --------- d-----w C:\Users\Nikki\AppData\Roaming\StumbleUpon
2008-10-09 17:49 --------- d-----w C:\Program Files\Symantec
2008-10-09 17:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-09 17:38 --------- d-----w C:\ProgramData\Symantec
2008-10-05 18:02 --------- d-----w C:\Program Files\iPod
2008-10-02 20:09 --------- d-----w C:\Users\Nikki\AppData\Roaming\Move Networks
2008-09-15 18:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-11 18:25 --------- d-----w C:\Program Files\Common Files\Apple
2008-08-29 15:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
2008-08-29 14:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
2008-08-18 23:30 --------- d-----w C:\Program Files\Apple Software Update
2008-08-13 21:36 --------- d-----w C:\Program Files\Windows Mail
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-19 03:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-19 01:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-10 08:11 174 --sha-w C:\Program Files\desktop.ini
2008-01-12 01:58 76 --sh--r C:\Windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 50528]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-05-14 785520]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"ares"="C:\Program Files\Ares\Ares.exe" [2008-08-21 888832]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-24 159744]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-29 36864]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-26 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-26 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-26 129560]
"Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-25 29744]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"HostManager"="C:\Program Files\Common Files\AOL\1204420073\ee\AOLSoftware.exe" [2006-04-13 50792]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2008-01-29 583048]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-01-11 50688]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{79C44779-9871-4C3E-ACCB-E58424296A7F}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{0C78C526-ABFC-4ECF-BBED-ADCC4FBDC2CE}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{F4264D33-B097-419E-8338-65B03459778E}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{2C9A8D5C-6813-44CD-A895-42FE7004D7FB}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{1B405FBB-67E2-48E6-B214-752D5F0D730A}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E18F5E88-4A76-42FD-8FEA-76DD11FF7838}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{2BF0FE50-F909-4746-8E59-00405A4C434A}"= UDP:C:\Program Files\Common Files\AOL\1204420073\ee\aolsoftware.exe:AOL Services
"{FD2B5BCB-AD7D-49C0-81C6-49D98C489C3C}"= TCP:C:\Program Files\Common Files\AOL\1204420073\ee\aolsoftware.exe:AOL Services
"{EF1CECC5-5FAD-49E1-9167-20604F7B793F}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{22405D1C-0174-4F3A-AB90-A83DF9AA93FC}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"{DACCF780-072C-4C2C-8483-BC643719C16C}"= C:\Program Files\PharosSystems\Core\CTskMstr.exe:Pharos Com Task Master
"{234D5069-C91C-4F3E-A693-BEACBA94C9D6}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6D445A00-45DC-4427-ADCE-391445B28C19}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{1D593504-F994-409A-80FD-E0966D253421}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A949C70C-DEA5-4A52-B96A-9E6C29802837}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{DA61BA2C-4F3B-435F-83C4-DBA5136AD7C5}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DD9B40EF-DB74-4EE4-AA36-638EE1CB54F6}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAV\1000000.07D\SYMEFA.SYS [2008-10-09 309296]
R1 BHDrvx86;Symantec Heuristics Driver;C:\Windows\system32\drivers\NAV\1000000.07D\BHDrvx86.sys [2008-10-09 254512]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NAV\1000000.07D\ccHPx86.sys [2008-10-09 362544]
R1 IDSVix86;IDSVix86;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081008.002\IDSvix86.sys [2008-10-09 289840]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 73728]
R2 Maxtor Sync Service;Maxtor Service;C:\Program Files\Maxtor\Sync\SyncServices.exe [2007-09-28 156976]
R2 Norton AntiVirus;Norton AntiVirus;C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe /s Norton AntiVirus /m C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll [ ]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-05-21 179712]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-29 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-29 7424]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\drivers\NAV\1000000.07D\SYMNDISV.SYS [2008-10-09 40496]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-25 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a55f61e-20fb-11dd-8971-001c23fcb6de}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9df2f6c3-21cd-11dd-a45e-001c23fcb6de}]
\shell\AutoRun\command - w0o.com
\shell\explore\Command - w0o.com
\shell\open\Command - w0o.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f322495-e8a7-11dc-b0f9-001c23fcb6de}]
\shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f04a98f3-4f67-11dd-859e-001c23fcb6de}]
\shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 16:20:59
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-09 16:23:03
ComboFix-quarantined-files.txt 2008-10-09 21:22:35

Pre-Run: 116,129,034,240 bytes free
Post-Run: 119,962,353,664 bytes free

223 --- E O F --- 2008-09-11 22:48:38


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:16 PM, on 10/9/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Windows\System32\rundll32.exe
C:\Users\Nikki\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\Windows\System32\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1204420073\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13391 bytes

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:38 AM

Posted 09 October 2008 - 06:00 PM

Hello, naf.
You have a Peer-To-Peer program installed.
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case ares). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

Viewpoint is considered foistware instead of malware because it is installed without users approval, but doesn't spy or do anything "bad". You may like to read this article about the potential of this Viewpoint software here:
http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on Start > Run... > and then paste the following into the "Open" field: "appwiz.cpl" and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, and/or Viewpoint Media Player.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe
  • Follow the on screen instructions to install the latest Java version.
We need to clear out some temporary data.
Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

We need to re-run ComboFix with some additonal directives.
  • Please disable any running anti-virus programs.

    If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    folder::
    C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP
    C:\Users\Nikki\AppData\Local\Temp\
    registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9df2f6c3-21cd-11dd-a45e-001c23fcb6de}]
    file::
    C:\Users\Nikki\AppData\Roaming\Adobe\Manager.exe
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ComboFix.txt
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:38 AM

Posted 13 October 2008 - 03:59 PM

Hello, naf.
Are you still here?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#8 naf

naf
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 13 October 2008 - 09:14 PM

ComboFix 08-10-08.02 - Nikki 2008-10-13 19:08:01.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1015 [GMT -5:00]
Running from: C:\Users\Nikki\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Users\Nikki\AppData\Local\Temp\
C:\Users\Nikki\AppData\Local\Temp\\~DF3BFB.tmp
C:\Users\Nikki\AppData\Local\Temp\\~DFD1D.tmp
C:\Users\Nikki\AppData\Local\Temp\\~DFE8AE.tmp
C:\Users\Nikki\AppData\Local\Temp\\16A7.tmp
C:\Users\Nikki\AppData\Local\Temp\\1715.tmp
C:\Users\Nikki\AppData\Local\Temp\\1F14.tmp
C:\Users\Nikki\AppData\Local\Temp\\aolbartcache\1\01E54E6A51543C65BB0853F31FAA9CD3.jpeg
C:\Users\Nikki\AppData\Local\Temp\\aolbartcache\1\034820784DA62680327BC1611986FECE.jpeg
C:\Users\Nikki\AppData\Local\Temp\\aolbartcache\1\0C9FD4B3E660DFBE1656B17DF3E3B9AA.jpeg
C:\Users\Nikki\AppData\Local\Temp\\aolbartcache\1\1BC466696CE5173E65B4FA14E047FCCE.jpeg
C:\Users\Nikki\AppData\Local\Temp\\aolbartcache\1\2AF3F01390B31A572FDA3C8A2D9FBA95.jpeg
C:\Users\Nikki\AppData\Local\Temp\\aolbartcache\1\2B000004C8.gif
C:\Users\Nikki\AppData\Local\Temp\\aolbartcache\1\2B000017DC.gif
C:\Users\Nikki\AppData\Local\Temp\\aolbartcache\1\4CC5A80A150C7C8EEBE1DB5C03A4CE15.jpeg
C:\Users\Nikki\AppData\Local\Temp\\aolbartcache\1\BD24D722436A9C8BEB7ABBDDDAD3CA29.gif
C:\Users\Nikki\AppData\Local\Temp\\aolbartcache\1\C0E70FD2482F03AECDE71B54970FAC37.jpeg
C:\Users\Nikki\AppData\Local\Temp\\aolbartcache\1\ED0304F5D51AEA5D6462B237DEB66C2B.gif
C:\Users\Nikki\AppData\Local\Temp\\aolbartcache\1\FC35012DFBBE0241F99735328F475B56.jpeg
C:\Users\Nikki\AppData\Local\Temp\\AUInst.log
C:\Users\Nikki\AppData\Local\Temp\\Av-test.txt
C:\Users\Nikki\AppData\Local\Temp\\blank.gif
C:\Users\Nikki\AppData\Local\Temp\\catchme.dll
C:\Users\Nikki\AppData\Local\Temp\\CF22675.exe
C:\Users\Nikki\AppData\Local\Temp\\D0E0.tmp
C:\Users\Nikki\AppData\Local\Temp\\DFAF.tmp
C:\Users\Nikki\AppData\Local\Temp\\E01E.tmp
C:\Users\Nikki\AppData\Local\Temp\\E02E.tmp
C:\Users\Nikki\AppData\Local\Temp\\E04E.tmp
C:\Users\Nikki\AppData\Local\Temp\\E05F.tmp
C:\Users\Nikki\AppData\Local\Temp\\E070.tmp
C:\Users\Nikki\AppData\Local\Temp\\E090.tmp
C:\Users\Nikki\AppData\Local\Temp\\E0A0.tmp
C:\Users\Nikki\AppData\Local\Temp\\E0B1.tmp
C:\Users\Nikki\AppData\Local\Temp\\E0C2.tmp
C:\Users\Nikki\AppData\Local\Temp\\log.txt
C:\Users\Nikki\AppData\Local\Temp\\Nikki.bmp
C:\Users\Nikki\AppData\Local\Temp\\wmplog00.sqm
C:\Users\Nikki\AppData\Local\Temp\\wmplog01.sqm
C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP
C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP\WiseCustomCall.dll

.
((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
.

2008-10-09 12:49 . 2008-10-09 12:49 124,464 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-10-09 12:49 . 2008-10-09 12:48 25,136 -ra------ C:\Windows\System32\drivers\SymIMV.sys
2008-10-09 12:49 . 2008-10-09 12:49 10,635 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-10-09 12:49 . 2008-10-09 12:49 806 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-10-09 12:48 . 2008-10-09 12:48 <DIR> d-------- C:\Windows\System32\drivers\NAV
2008-10-09 12:48 . 2008-10-09 12:48 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-10-09 12:32 . 2008-10-09 12:32 <DIR> d-------- C:\Users\All Users\PCSettings
2008-10-09 12:32 . 2008-10-09 12:32 <DIR> d-------- C:\ProgramData\PCSettings
2008-10-09 12:31 . 2008-10-09 12:54 <DIR> d-------- C:\Users\All Users\Norton
2008-10-09 12:31 . 2008-10-09 12:54 <DIR> d-------- C:\ProgramData\Norton
2008-10-09 12:29 . 2008-10-09 12:29 <DIR> d-------- C:\Users\All Users\NortonInstaller
2008-10-09 12:29 . 2008-10-09 12:29 <DIR> d-------- C:\ProgramData\NortonInstaller
2008-10-09 12:29 . 2008-10-09 12:29 <DIR> d-------- C:\Program Files\NortonInstaller
2008-10-09 12:27 . 2008-10-09 12:27 <DIR> d-------- C:\Users\All Users\Symantec Temporary Files
2008-10-09 12:27 . 2008-10-09 12:27 <DIR> d-------- C:\ProgramData\Symantec Temporary Files
2008-10-08 23:32 . 2008-10-08 23:38 1,905 --a------ C:\Windows\diagwrn.xml
2008-10-08 23:32 . 2008-10-08 23:38 1,905 --a------ C:\Windows\diagerr.xml
2008-10-08 20:31 . 2006-12-15 11:04 258,048 --a------ C:\Windows\System32\hpzids01.dll
2008-10-05 13:01 . 2008-10-05 13:02 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-05 13:01 . 2008-10-05 13:02 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-05 13:01 . 2008-10-05 13:02 <DIR> d-------- C:\Program Files\iTunes
2008-09-26 18:53 . 2008-09-28 19:27 <DIR> d-------- C:\Program Files\Ares
2008-09-15 13:11 . 2008-09-15 13:11 <DIR> d-------- C:\Program Files\Veoh Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 20:37 --------- d-----w C:\Users\Nikki\AppData\Roaming\StumbleUpon
2008-10-09 17:49 --------- d-----w C:\Program Files\Symantec
2008-10-09 17:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-09 17:38 --------- d-----w C:\ProgramData\Symantec
2008-10-05 18:02 --------- d-----w C:\Program Files\iPod
2008-10-02 20:09 --------- d-----w C:\Users\Nikki\AppData\Roaming\Move Networks
2008-09-15 18:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-11 18:35 --------- d-----w C:\Program Files\Safari
2008-09-11 18:29 --------- d-----w C:\Program Files\Bonjour
2008-09-11 18:26 --------- d-----w C:\Program Files\QuickTime
2008-09-11 18:25 --------- d-----w C:\Program Files\Common Files\Apple
2008-08-29 15:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
2008-08-29 14:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
2008-08-18 23:30 --------- d-----w C:\Program Files\Apple Software Update
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-19 03:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-19 01:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-10 08:11 174 --sha-w C:\Program Files\desktop.ini
2008-01-12 01:58 76 --sh--r C:\Windows\CT4CET.bin
.

((((((((((((((((((((((((((((( snapshot@2008-10-09_16.21.44.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-09 21:06:27 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-14 00:01:08 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-09 21:06:27 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-14 00:01:09 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-09 21:09:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-14 00:02:11 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-14 00:02:11 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-10-09 21:09:11 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-14 00:03:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-10-09 21:06:48 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-14 00:01:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-09 21:06:48 114,688 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-14 00:01:21 114,688 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-09 21:06:48 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-14 00:01:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-06 21:50:59 104,024 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-13 03:18:24 104,024 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-06 21:50:59 618,648 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-13 03:18:24 618,648 ----a-w C:\Windows\System32\perfh009.dat
- 2008-10-09 21:09:32 9,062 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1463702005-4269622687-1015911835-1000_UserData.bin
+ 2008-10-14 00:03:05 9,254 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1463702005-4269622687-1015911835-1000_UserData.bin
- 2008-10-09 21:09:31 70,016 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-14 00:03:05 70,336 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 50528]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-05-14 785520]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"ares"="C:\Program Files\Ares\Ares.exe" [2008-08-21 888832]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-24 159744]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-29 36864]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-26 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-26 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-26 129560]
"Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-25 29744]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"HostManager"="C:\Program Files\Common Files\AOL\1204420073\ee\AOLSoftware.exe" [2006-04-13 50792]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2008-01-29 583048]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-01-11 50688]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{79C44779-9871-4C3E-ACCB-E58424296A7F}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{0C78C526-ABFC-4ECF-BBED-ADCC4FBDC2CE}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{F4264D33-B097-419E-8338-65B03459778E}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{2C9A8D5C-6813-44CD-A895-42FE7004D7FB}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{1B405FBB-67E2-48E6-B214-752D5F0D730A}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E18F5E88-4A76-42FD-8FEA-76DD11FF7838}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{2BF0FE50-F909-4746-8E59-00405A4C434A}"= UDP:C:\Program Files\Common Files\AOL\1204420073\ee\aolsoftware.exe:AOL Services
"{FD2B5BCB-AD7D-49C0-81C6-49D98C489C3C}"= TCP:C:\Program Files\Common Files\AOL\1204420073\ee\aolsoftware.exe:AOL Services
"{EF1CECC5-5FAD-49E1-9167-20604F7B793F}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{22405D1C-0174-4F3A-AB90-A83DF9AA93FC}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"{DACCF780-072C-4C2C-8483-BC643719C16C}"= C:\Program Files\PharosSystems\Core\CTskMstr.exe:Pharos Com Task Master
"{234D5069-C91C-4F3E-A693-BEACBA94C9D6}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6D445A00-45DC-4427-ADCE-391445B28C19}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{1D593504-F994-409A-80FD-E0966D253421}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A949C70C-DEA5-4A52-B96A-9E6C29802837}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{DA61BA2C-4F3B-435F-83C4-DBA5136AD7C5}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DD9B40EF-DB74-4EE4-AA36-638EE1CB54F6}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAV\1000000.07D\SYMEFA.SYS [2008-10-09 309296]
R1 BHDrvx86;Symantec Heuristics Driver;C:\Windows\system32\drivers\NAV\1000000.07D\BHDrvx86.sys [2008-10-09 254512]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NAV\1000000.07D\ccHPx86.sys [2008-10-09 362544]
R1 IDSVix86;IDSVix86;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081009.001\IDSvix86.sys [2008-10-09 289840]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 73728]
R2 Maxtor Sync Service;Maxtor Service;C:\Program Files\Maxtor\Sync\SyncServices.exe [2007-09-28 156976]
R2 Norton AntiVirus;Norton AntiVirus;C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe /s Norton AntiVirus /m C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll [ ]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-05-21 179712]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-29 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-29 7424]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\drivers\NAV\1000000.07D\SYMNDISV.SYS [2008-10-09 40496]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-25 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a55f61e-20fb-11dd-8971-001c23fcb6de}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f322495-e8a7-11dc-b0f9-001c23fcb6de}]
\shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f04a98f3-4f67-11dd-859e-001c23fcb6de}]
\shell\AutoRun\command - F:\LaunchU3.exe -a
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 19:10:58
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-10-13 19:13:39
ComboFix-quarantined-files.txt 2008-10-14 00:12:34
ComboFix2.txt 2008-10-09 21:23:05

Pre-Run: 133,319,409,664 bytes free
Post-Run: 133,313,114,112 bytes free

268 --- E O F --- 2008-09-11 22:48:38

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3519 (20081013)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=7cf1edfa7a7dff459e124dbc537db88f
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-10-14 02:05:24
# local_time=2008-10-13 09:05:24 (-0600, Central Daylight Time)
# country="United States"
# osver=6.0.6000 NT
# scanned=347447
# found=2
# scan_time=5521
C:\QooBox\Quarantine\C\Users\Nikki\AppData\Local\Temp\Av-test.txt.vir Eicar test file (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Users\Nikki\AppData\Roaming\Adobe\Manager.exe.vir Win32/TrojanDownloader.FakeAlert.JI trojan (unable to clean - deleted) 00000000000000000000000000000000

#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:38 AM

Posted 13 October 2008 - 09:17 PM

Hello, naf.
Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware
We Need to Remove ComboFix
  • Please go to Start -> Run
  • Enter "ComboFix /u" (without quotes). Note the space betwen "ComboFix" and "/u", it needs to be there.
    Posted Image
  • Press OK (Or hit enter).
  • Allow ComboFix to remove itself.
We Need to Clean Up Our Mess
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start -> Control Panel -> System and Maintenance -> System.
  • Select "System Protection" in the upper left hand corner.
  • Click the button marked "Create" in the bottom of the window.
  • Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Open Vista's Searchbox (on your start menu) and type in "cleanmgr.exe"
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up", and then "Delete" in the "System Restore and Shadow Copies" section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#10 naf

naf
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 14 October 2008 - 05:27 PM

thank you!

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:38 AM

Posted 14 October 2008 - 05:43 PM

Hello, naf.

You're welcome :D

Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users