Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Vundo (I think)


  • Please log in to reply
2 replies to this topic

#1 paradise17

paradise17

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 14 October 2008 - 10:51 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:49:09, on 10/14/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wuauclt.exe
C:\Users\TEST\Program Files\DNA\btdna.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\xxYQkhhF.dll,#1
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\TEST\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\TEST\AppData\Local\Temp\byXRhGaW.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\TEST\AppData\Local\Temp\ddcCsTjj.dll,c
O4 - HKCU\..\Run: [8e0925ae] rundll32.exe "C:\Users\TEST\AppData\Local\Temp\rhxcvhgs.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7893 bytes






Here is my Combofix log


ComboFix 08-10-14.07 - TEST 2008-10-14 23:16:59.1 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.267 [GMT -5:00]
Running from: C:\Users\TEST\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\Users\TEST\AppData\Local\Temp\rhxcvhgs.dll
C:\Windows\system32\MSINET.oca
C:\Windows\system32\pac.txt

.
((((((((((((((((((((((((( Files Created from 2008-09-15 to 2008-10-15 )))))))))))))))))))))))))))))))
.

2008-10-14 22:48 . 2008-10-14 22:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-14 18:51 . 2008-10-14 19:22 <DIR> d-------- C:\Users\TEST\.housecall6.6
2008-10-14 18:36 . 2008-10-14 18:36 691 --a------ C:\Users\TEST\AppData\Roaming\GetValue.vbs
2008-10-14 18:36 . 2008-10-14 18:36 35 --a------ C:\Users\TEST\AppData\Roaming\SetValue.bat
2008-10-14 16:24 . 2008-10-14 16:51 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-10-14 16:24 . 2008-10-14 16:51 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-10-14 16:24 . 2008-10-14 17:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-14 12:40 . 2008-10-14 13:01 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-10-14 12:40 . 2008-10-14 13:01 <DIR> d-------- C:\ProgramData\Lavasoft
2008-10-14 12:40 . 2008-10-14 12:40 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-14 12:39 . 2008-10-14 12:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-14 11:46 . 2008-10-14 11:46 <DIR> d-------- C:\VundoFix Backups
2008-10-14 11:39 . 2008-10-14 11:39 <DIR> d-------- C:\Users\Public
2008-10-13 20:04 . 2008-10-13 20:04 <DIR> d-------- C:\Users\TEST\AppData\Roaming\iWin
2008-10-13 15:54 . 2008-10-13 15:54 <DIR> d-------- C:\test
2008-10-13 15:47 . 2008-10-13 15:47 498 --a------ C:\Users\TEST\997.bat
2008-10-13 15:46 . 2008-10-13 21:12 <DIR> d-------- C:\Users\TEST\Program Files
2008-10-13 15:31 . 2008-10-14 07:58 <DIR> d-------- C:\Users\TEST\AppData\Roaming\BitTorrent
2008-10-13 15:29 . 2008-10-13 15:33 <DIR> d-------- C:\Program Files\Incomplete
2008-10-13 15:27 . 2008-10-14 07:58 <DIR> d--hs---- C:\Users\TEST\'
2008-10-13 15:26 . 2008-10-13 15:51 147,456 --a------ C:\Users\TEST\vbzip10.dll
2008-10-13 15:23 . 2008-10-13 15:23 <DIR> d-------- C:\Temp\xp34
2008-10-13 15:23 . 2008-10-13 15:47 45,568 --a------ C:\Users\TEST\index.exe
2008-10-13 15:23 . 2008-10-13 15:47 68 --a------ C:\Users\TEST\z.bat
2008-10-13 15:17 . 2008-10-13 16:01 <DIR> d-------- C:\Users\TEST\AppData\Roaming\LimeWire
2008-10-13 14:15 . 2008-10-13 14:15 361,984 --a------ C:\WINDOWS\System32\IPSECSVC.DLL
2008-10-13 14:15 . 2008-10-13 14:15 272,896 --a------ C:\WINDOWS\System32\polstore.dll
2008-10-13 14:15 . 2008-10-13 14:15 61,440 --a------ C:\WINDOWS\System32\winipsec.dll
2008-10-13 14:15 . 2008-10-13 14:15 28,672 --a------ C:\WINDOWS\System32\FwRemoteSvr.dll
2008-10-13 14:10 . 2008-10-13 14:10 4,247,552 --a------ C:\WINDOWS\System32\GameUXLegacyGDFs.dll
2008-10-13 14:10 . 2008-10-13 14:10 1,686,528 --a------ C:\WINDOWS\System32\gameux.dll
2008-10-13 14:10 . 2008-10-13 14:10 28,160 --a------ C:\WINDOWS\System32\Apphlpdm.dll
2008-10-13 14:09 . 2008-10-13 14:09 205,824 --a------ C:\WINDOWS\System32\msoeacct.dll
2008-10-13 14:09 . 2008-10-13 14:09 87,040 --a------ C:\WINDOWS\System32\msoert2.dll
2008-10-13 14:09 . 2008-10-13 14:09 39,424 --a------ C:\WINDOWS\System32\ACCTRES.dll
2008-10-13 14:07 . 2008-10-13 14:07 194,560 --a------ C:\WINDOWS\System32\WebClnt.dll
2008-10-13 14:07 . 2008-10-13 14:07 110,080 --a------ C:\WINDOWS\System32\drivers\mrxdav.sys
2008-10-13 14:06 . 2008-10-13 14:06 376,320 --a------ C:\WINDOWS\System32\winsrv.dll
2008-10-13 14:06 . 2008-10-13 14:06 49,664 --a------ C:\WINDOWS\System32\csrsrv.dll
2008-10-13 14:01 . 2008-10-13 14:01 1,060,920 --a------ C:\WINDOWS\System32\drivers\ntfs.sys
2008-10-13 14:01 . 2008-10-13 14:01 41,984 --a------ C:\WINDOWS\System32\drivers\monitor.sys
2008-10-13 13:59 . 2008-10-13 13:59 2,048 --a------ C:\WINDOWS\System32\tzres.dll
2008-10-13 13:58 . 2008-10-13 13:58 303,616 --a------ C:\WINDOWS\System32\wmpeffects.dll
2008-10-13 13:57 . 2008-10-13 13:57 414,208 --a------ C:\WINDOWS\System32\msscp.dll
2008-10-13 13:56 . 2008-10-13 13:56 8,147,968 --a------ C:\WINDOWS\System32\wmploc.DLL
2008-10-13 13:56 . 2008-10-13 13:56 356,864 --a------ C:\WINDOWS\System32\MediaMetadataHandler.dll
2008-10-13 13:56 . 2008-10-13 13:56 7,680 --a------ C:\WINDOWS\System32\spwmp.dll
2008-10-13 13:56 . 2008-10-13 13:56 4,096 --a------ C:\WINDOWS\System32\msdxm.ocx
2008-10-13 13:56 . 2008-10-13 13:56 4,096 --a------ C:\WINDOWS\System32\dxmasf.dll
2008-10-13 13:55 . 2008-10-13 13:55 396,800 --a------ C:\WINDOWS\System32\MPSSVC.dll
2008-10-13 13:55 . 2008-10-13 13:55 392,192 --a------ C:\WINDOWS\System32\FirewallAPI.dll
2008-10-13 13:55 . 2008-10-13 13:55 178,688 --a------ C:\WINDOWS\System32\iphlpsvc.dll
2008-10-13 13:55 . 2008-10-13 13:55 86,016 --a------ C:\WINDOWS\System32\icfupgd.dll
2008-10-13 13:55 . 2008-10-13 13:55 63,488 --a------ C:\WINDOWS\System32\drivers\mpsdrv.sys
2008-10-13 13:55 . 2008-10-13 13:55 61,952 --a------ C:\WINDOWS\System32\cmifw.dll
2008-10-13 13:55 . 2008-10-13 13:55 23,040 --a------ C:\WINDOWS\System32\drivers\tunnel.sys
2008-10-13 13:55 . 2008-10-13 13:55 16,896 --a------ C:\WINDOWS\System32\wfapigp.dll
2008-10-13 13:55 . 2008-10-13 13:55 15,360 --a------ C:\WINDOWS\System32\drivers\TUNMP.SYS
2008-10-13 13:54 . 2008-10-13 13:54 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-10-13 13:52 . 2008-10-13 13:52 3,504,696 --a------ C:\WINDOWS\System32\ntkrnlpa.exe
2008-10-13 13:52 . 2008-10-13 13:52 3,470,392 --a------ C:\WINDOWS\System32\ntoskrnl.exe
2008-10-13 13:52 . 2008-10-13 13:52 211,000 --a------ C:\WINDOWS\System32\drivers\volsnap.sys
2008-10-13 13:52 . 2008-10-13 13:52 154,624 --a------ C:\WINDOWS\System32\drivers\nwifi.sys
2008-10-13 13:52 . 2008-10-13 13:52 109,624 --a------ C:\WINDOWS\System32\drivers\ataport.sys
2008-10-13 13:52 . 2008-10-13 13:52 45,112 --a------ C:\WINDOWS\System32\drivers\pciidex.sys
2008-10-13 13:52 . 2008-10-13 13:52 21,560 --a------ C:\WINDOWS\System32\drivers\atapi.sys
2008-10-13 13:52 . 2008-10-13 13:52 15,928 --a------ C:\WINDOWS\System32\drivers\pciide.sys
2008-10-13 13:51 . 2008-10-13 13:51 1,191,936 --a------ C:\WINDOWS\System32\msxml3.dll
2008-10-13 13:51 . 2008-10-13 13:51 104,448 --a------ C:\WINDOWS\System32\DWWIN.EXE
2008-10-13 13:51 . 2008-10-13 13:51 2,048 --a------ C:\WINDOWS\System32\msxml3r.dll
2008-10-13 13:49 . 2008-10-13 13:49 803,328 --a------ C:\WINDOWS\System32\drivers\tcpip.sys
2008-10-13 13:49 . 2008-10-13 13:49 216,632 --a------ C:\WINDOWS\System32\drivers\netio.sys
2008-10-13 13:49 . 2008-10-13 13:49 167,424 --a------ C:\WINDOWS\System32\tcpipcfg.dll
2008-10-13 13:49 . 2008-10-13 13:49 24,064 --a------ C:\WINDOWS\System32\netcfg.exe
2008-10-13 13:49 . 2008-10-13 13:49 22,016 --a------ C:\WINDOWS\System32\netiougc.exe
2008-10-13 13:42 . 2008-10-13 13:42 1,585,664 --a------ C:\WINDOWS\System32\setupapi.dll
2008-10-13 13:40 . 2008-10-13 13:40 2,027,008 --a------ C:\WINDOWS\System32\win32k.sys
2008-10-13 13:40 . 2008-10-13 13:40 82,432 --a------ C:\WINDOWS\System32\drivers\sdbus.sys
2008-10-13 13:40 . 2008-10-13 13:40 13,312 --a------ C:\WINDOWS\System32\drivers\sffdisk.sys
2008-10-13 13:40 . 2008-10-13 13:40 12,800 --a------ C:\WINDOWS\System32\drivers\sffp_sd.sys
2008-10-13 13:39 . 2008-10-13 13:39 223,232 --a------ C:\WINDOWS\System32\WMASF.DLL
2008-10-13 13:39 . 2008-10-13 13:39 9,728 --a------ C:\WINDOWS\System32\LAPRXY.DLL
2008-10-13 13:39 . 2008-10-13 13:39 2,048 --a------ C:\WINDOWS\System32\asferror.dll
2008-10-13 13:38 . 2008-10-13 13:38 2,605,568 --a------ C:\WINDOWS\System32\SLsvc.exe
2008-10-13 13:38 . 2008-10-13 13:38 566,784 --a------ C:\WINDOWS\System32\SLCommDlg.dll
2008-10-13 13:38 . 2008-10-13 13:38 351,232 --a------ C:\WINDOWS\System32\SLUI.exe
2008-10-13 13:38 . 2008-10-13 13:38 296,448 --a------ C:\WINDOWS\System32\gdi32.dll
2008-10-13 13:38 . 2008-10-13 13:38 268,288 --a------ C:\WINDOWS\System32\mcbuilder.exe
2008-10-13 13:38 . 2008-10-13 13:38 223,232 --a------ C:\WINDOWS\System32\SLC.dll
2008-10-13 13:38 . 2008-10-13 13:38 186,368 --a------ C:\WINDOWS\System32\SLLUA.exe
2008-10-13 13:38 . 2008-10-13 13:38 57,856 --a------ C:\WINDOWS\System32\SLUINotify.dll
2008-10-13 13:38 . 2008-10-13 13:38 39,936 --a------ C:\WINDOWS\System32\slcinst.dll
2008-10-13 13:38 . 2008-10-13 13:38 33,280 --a------ C:\WINDOWS\System32\slwmi.dll
2008-10-13 13:37 . 2008-10-13 13:37 1,335,296 --a------ C:\WINDOWS\System32\msxml6.dll
2008-10-13 13:37 . 2008-10-13 13:37 2,048 --a------ C:\WINDOWS\System32\msxml6r.dll
2008-10-13 13:35 . 2008-10-13 13:35 11,776 --a------ C:\WINDOWS\System32\sbunattend.exe
2008-10-13 13:34 . 2008-10-13 13:34 83,968 --a------ C:\WINDOWS\System32\dnsrslvr.dll
2008-10-13 13:34 . 2008-10-13 13:34 53,760 --a------ C:\WINDOWS\System32\drivers\hdaudbus.sys
2008-10-13 13:34 . 2008-10-13 13:34 24,576 --a------ C:\WINDOWS\System32\dnscacheugc.exe
2008-10-13 13:28 . 2008-10-13 13:28 1,244,672 --a------ C:\WINDOWS\System32\mcmde.dll
2008-10-13 13:28 . 2008-10-13 13:28 428,032 --a------ C:\WINDOWS\System32\EncDec.dll
2008-10-13 13:28 . 2008-10-13 13:28 292,352 --a------ C:\WINDOWS\System32\psisdecd.dll
2008-10-13 13:28 . 2008-10-13 13:28 218,624 --a------ C:\WINDOWS\System32\psisrndr.ax
2008-10-13 13:28 . 2008-10-13 13:28 80,896 --a------ C:\WINDOWS\System32\MSNP.ax
2008-10-13 13:28 . 2008-10-13 13:28 68,608 --a------ C:\WINDOWS\System32\Mpeg2Data.ax
2008-10-13 13:28 . 2008-10-13 13:28 57,856 --a------ C:\WINDOWS\System32\MSDvbNP.ax
2008-10-13 13:27 . 2008-10-13 13:27 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-10-13 13:27 . 2008-10-13 13:27 974,336 --a------ C:\WINDOWS\System32\crypt32.dll
2008-10-13 13:26 . 2008-10-13 13:26 633,856 --a------ C:\WINDOWS\System32\user32.dll
2008-10-13 13:26 . 2008-10-13 13:26 99,840 --a------ C:\WINDOWS\System32\poqexec.exe
2008-10-13 13:25 . 2008-10-13 13:25 750,080 --a------ C:\WINDOWS\System32\qmgr.dll
2008-10-13 13:18 . 2008-10-13 18:43 <DIR> d-------- C:\Program Files\LimeWire
2008-10-13 13:16 . 2008-10-14 23:26 <DIR> d-------- C:\Users\TEST\AppData\Roaming\DNA
2008-10-13 13:16 . 2008-10-13 13:16 <DIR> d-------- C:\Program Files\DNA
2008-10-13 13:16 . 2008-10-13 13:16 <DIR> d-------- C:\Program Files\BitTorrent
2008-10-13 13:10 . 2008-10-14 23:29 11,513 --a------ C:\WINDOWS\System32\Config.MPF
2008-10-13 13:09 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\System32\dunzip32.dll
2008-10-13 13:06 . 2008-10-13 13:06 <DIR> d-------- C:\Program Files\McAfee.com
2008-10-13 13:06 . 2008-10-13 16:09 <DIR> d-------- C:\Program Files\McAfee
2008-10-13 13:06 . 2008-10-13 13:06 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-10-13 13:06 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\System32\drivers\mfehidk.sys
2008-10-13 13:06 . 2007-07-13 06:21 125,728 --a------ C:\WINDOWS\System32\drivers\Mpfp.sys
2008-10-13 13:06 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\System32\drivers\mfeavfk.sys
2008-10-13 13:06 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\System32\drivers\mfesmfk.sys
2008-10-13 13:06 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\System32\drivers\mfebopk.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 20:50 174 --sha-w C:\Program Files\desktop.ini
2008-10-13 20:40 --------- d-----w C:\Program Files\Windows Sidebar
2008-10-13 20:40 --------- d-----w C:\Program Files\Windows Mail
2008-10-13 20:40 --------- d-----w C:\Program Files\Windows Defender
2008-10-13 20:40 --------- d-----w C:\Program Files\Windows Calendar
2008-10-13 20:23 167,976 ------w C:\Windows\system32\drivers\core.cache.dsk
2008-10-13 19:16 --------- d-----w C:\ProgramData\Microsoft Help
2008-10-13 19:14 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-10-13 19:14 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-10-13 19:14 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-10-13 19:14 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-10-13 19:14 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-10-13 19:10 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-10-13 19:10 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-10-13 19:10 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-10-13 19:10 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-10-13 19:10 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-10-13 19:08 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-10-13 19:08 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-10-13 19:08 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-10-13 19:08 2,923,520 ----a-w C:\Windows\explorer.exe
2008-10-13 19:08 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-10-13 19:08 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2008-10-13 18:45 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-10-13 18:42 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-10-13 18:42 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-10-13 18:42 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-10-13 18:42 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-10-13 18:42 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-10-13 18:42 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-10-13 18:42 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-10-13 18:42 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-10-13 18:36 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-10-13 18:29 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-10-13 18:29 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-10-13 18:29 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-10-13 18:29 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
2008-10-13 18:29 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-10-13 18:28 --------- d-----w C:\Program Files\Microsoft Works
2008-10-13 16:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-13 16:32 --------- d-----w C:\ProgramData\Symantec
2008-10-09 10:49 --------- d-----w C:\ProgramData\CyberLink
2008-10-09 10:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-09 10:48 --------- d-----w C:\Program Files\HP
2008-10-09 10:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-09 10:40 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-10-09 10:29 --------- d-sh--w C:\ProgramData\Templates
2008-10-09 10:29 --------- d-sh--w C:\ProgramData\Start Menu
2008-10-09 10:29 --------- d-sh--w C:\ProgramData\Favorites
2008-10-09 10:29 --------- d-sh--w C:\ProgramData\Documents
2008-10-09 10:29 --------- d-sh--w C:\ProgramData\Desktop
2008-10-09 10:29 --------- d-sh--w C:\ProgramData\Application Data
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-21 1474560]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BitTorrent DNA"="C:\Users\TEST\Program Files\DNA\btdna.exe" [2008-10-13 289088]
"MSServer"="C:\Users\TEST\AppData\Local\Temp\awtqnnml.dll" [2008-10-13 34816]
"cmds"="C:\Users\TEST\AppData\Local\Temp\mlJDtSJB.dll" [2008-10-14 282624]
"8e0925ae"="C:\Users\TEST\AppData\Local\Temp\erltuxlh.dll" [2008-10-14 73216]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 C:\WINDOWS\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-28 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-19 77824]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-06 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-06 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-06 81920]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2008-04-17 468264]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"MSServer"="C:\Windows\system32\xxYQkhhF.dll" [2008-10-13 34816]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
HP Connections.lnk - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe [2006-12-19 34520]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{0A43AB64-3AB7-46C5-9FF5-5F718367B9E3}"= "C:\Windows\system32\xxYQkhhF.dll" [2008-10-13 34816]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2AFC187B-7AF4-4EBE-AB6D-7989BF1C595C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{315C6BBB-32CA-416E-BEF9-DA8D10D154FD}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{76C5B98F-E6AA-42F3-A332-1458E3C64FE4}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:_this_program_will_be_deleted
"{94F97279-1463-4FEE-97A2-A18B778E385A}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{D47EEFA3-BF95-464E-B729-631996DBFBF3}"= C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{AFA52BB0-A0ED-4E79-82CB-F22A4AF79B66}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{6740508C-9802-4F3C-824B-AEF23C363805}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{53603BD5-EDCD-42C8-A1E1-45A69CB4E43A}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{D08A38F4-8CA0-4979-8021-58773561345F}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{A41F8896-BEA7-496D-B566-E88E99708941}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C63840E6-1C87-4B86-84F2-6A6D771EB1B2}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{DA88E613-CDDC-447F-B269-6E997CF77C3D}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{DA70F032-0410-47A5-A1A8-8AC3263769EC}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E7B66B2D-4225-4383-8C50-495E33342EB3}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{79356EB1-27F8-4320-8C04-B9331C4B252C}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2D6AA167-EBF6-4BCC-B054-07E9F1242A98}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{4F45A537-EC31-4374-851E-071136C6410D}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{F3B13D3C-5718-4124-BCC4-48F5C24D4FF2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3044B68F-BD00-4A62-9044-25099C3CBD48}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{0AD7D08B-204A-48CB-8693-B73C5AEFF742}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{94F3D2F5-9C8C-464C-AFB6-52DE255E2856}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{A0A4F667-CDCF-4B71-ADF3-7FB73157DDA1}"= UDP:C:\Program Files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{CCA2C42B-305A-42EC-9297-DE872AD4ECC4}"= TCP:C:\Program Files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"{FBDF346C-81A7-475E-BC28-E31DF8AA44C8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{E666A567-944D-439A-ACFD-1B440AAA106A}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{C6302491-1510-47F1-8C3B-5FFC25DDA439}C:\\users\\test\\program files\\dna\\btdna.exe"= UDP:C:\users\test\program files\dna\btdna.exe:btdna.exe
"UDP Query User{B2C77028-9560-49B7-8AAE-1B7E509D6D96}C:\\users\\test\\program files\\dna\\btdna.exe"= TCP:C:\users\test\program files\dna\btdna.exe:btdna.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sys [2008-10-13 224824]
R0 Ecache;ReadyBoost Caching Driver;C:\Windows\system32\drivers\ecache.sys [2006-11-02 132200]
R0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sys [2006-11-02 56424]
R0 msisadrv;ISA/EISA Class Driver;C:\Windows\system32\drivers\msisadrv.sys [2006-11-02 13928]
R0 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.sys [2006-11-02 40040]
R1 DfsC;Dfs Client Driver;C:\Windows\system32\Drivers\dfsc.sys [2006-11-02 74752]
R1 eabfiltr;eabfiltr;C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-06-28 8192]
R1 nsiproxy;NSI proxy service;C:\Windows\system32\drivers\nsiproxy.sys [2006-11-02 16384]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sys [2006-11-02 47104]
R2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.sys [2006-11-02 83456]
R2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.sys [2006-11-02 878080]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-17 534016]
R3 bowser;Bowser;C:\Windows\system32\DRIVERS\bowser.sys [2006-11-02 69632]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sys [2008-10-13 619008]
R3 HBtnKey;HBtnKey;C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDART.sys [2006-11-18 145920]
R3 HSF_DPV;HSF_DPV;C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWAZL;HSXHWAZL;C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-18 206848]
R3 iScsiPrt;iScsiPort Driver;C:\Windows\system32\DRIVERS\msiscsi.sys [2006-11-02 168552]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\system32\DRIVERS\monitor.sys [2008-10-13 41984]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\system32\drivers\mpsdrv.sys [2008-10-13 63488]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb10.sys [2006-11-02 211456]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb20.sys [2008-10-13 58368]
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sys [2008-10-13 154624]
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-12-06 4456416]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 11520]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-17 534016]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\drivers\brfiltlo.sys [2006-11-02 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\drivers\brfiltup.sys [2006-11-02 5248]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\system32\drivers\brusbser.sys [2006-11-02 11904]
S3 BthEnum;Bluetooth Request Block Driver;C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456]
S3 BthPan;Bluetooth Device (Personal Area Network);C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Bluetooth Port Driver;C:\Windows\system32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver;C:\Windows\system32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 E100B;Intel® PRO Adapter Driver;C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 E1G60;Intel® PRO/1000 NDIS 6 Adapter Driver;C:\Windows\system32\DRIVERS\E1G60I32.sys [2006-11-02 117760]
S3 Filetrace;FileTrace;C:\Windows\system32\drivers\filetrace.sys [2006-11-02 27648]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\Windows\system32\drivers\gagp30kx.sys [2006-11-02 58984]
S3 HSFHWAZL;HSFHWAZL;C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sys [2006-11-02 160872]
S4 adp94xx;adp94xx;C:\Windows\system32\drivers\adp94xx.sys [2006-11-02 420968]
S4 adpahci;adpahci;C:\Windows\system32\drivers\adpahci.sys [2006-11-02 297576]
S4 arcsas;arcsas;C:\Windows\system32\drivers\arcsas.sys [2006-11-02 67688]
S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\drivers\brserid.sys [2006-11-02 71808]
S4 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\drivers\brserwdm.sys [2006-11-02 62336]
S4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\drivers\brusbmdm.sys [2006-11-02 12160]
S4 circlass;Consumer IR Devices;C:\Windows\system32\drivers\circlass.sys [2006-11-02 35328]
S4 Crusoe;Transmeta Crusoe Processor Driver;C:\Windows\system32\drivers\crusoe.sys [2006-11-02 38912]
S4 elxstor;elxstor;C:\Windows\system32\drivers\elxstor.sys [2006-11-02 316520]
S4 HidBth;Microsoft Bluetooth HID Miniport;C:\Windows\system32\drivers\hidbth.sys [2006-11-02 29184]
S4 HidIr;Microsoft Infrared HID Driver;C:\Windows\system32\drivers\hidir.sys [2006-11-02 21504]
S4 HpCISSs;HpCISSs;C:\Windows\system32\drivers\hpcisss.sys [2006-11-02 37480]
S4 iaStorV;Intel RAID Controller Vista;C:\Windows\system32\drivers\iastorv.sys [2006-11-02 232040]
S4 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\ipmidrv.sys [2006-11-02 65536]
S4 iteatapi;ITEATAPI_Service_Install;C:\Windows\system32\drivers\iteatapi.sys [2006-11-02 35944]
S4 iteraid;ITERAID_Service_Install;C:\Windows\system32\drivers\iteraid.sys [2006-11-02 35944]
S4 LSI_FC;LSI_FC;C:\Windows\system32\drivers\lsi_fc.sys [2006-11-02 65640]
S4 LSI_SAS;LSI_SAS;C:\Windows\system32\drivers\lsi_sas.sys [2006-11-02 65640]
S4 LSI_SCSI;LSI_SCSI;C:\Windows\system32\drivers\lsi_scsi.sys [2006-11-02 65640]
S4 megasas;megasas;C:\Windows\system32\drivers\megasas.sys [2006-11-02 28776]
S4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sys [2006-11-02 78952]
S4 msahci;msahci;C:\Windows\system32\drivers\msahci.sys [2006-11-02 23144]
S4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sys [2006-11-02 80488]
S4 nfrd960;nfrd960;C:\Windows\system32\drivers\nfrd960.sys [2006-11-02 45160]
S4 ntrigdigi;N-trig HID Tablet Driver;C:\Windows\system32\drivers\ntrigdigi.sys [2006-11-02 20608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2008-10-13 C:\Windows\Tasks\HPCeeScheduleForTEST.job
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-10-30 19:08]

2008-10-13 C:\Windows\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-10-13 C:\Windows\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- Supplementary Scan -------
.
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 23:30:40
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\WINDOWS\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Completion time: 2008-10-14 23:42:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-15 04:42:10

Pre-Run: 83,750,907,904 bytes free
Post-Run: 83,809,050,624 bytes free

407 --- E O F --- 2008-10-13 19:16:48

Edited by paradise17, 14 October 2008 - 11:46 PM.


BC AdBot (Login to Remove)

 


#2 paradise17

paradise17
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 15 October 2008 - 06:18 PM

OK never mind. I had to do a total restore. Thanks anyway.

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:07 PM

Posted 29 October 2008 - 05:52 AM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users