Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popup Problems


  • This topic is locked This topic is locked
16 replies to this topic

#1 naterich

naterich

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 14 December 2008 - 08:55 PM

The real problem is popups and seemingly unstable webbrowser. Two spyware files I can't seem to get rid of and always keep coming back after spyware removal are c:\windows\system32\drivers\core.cache.dsk and c:\temp\tn3.
I've attached logs from kaspersky, rsit, and spyware.
Thanks in advance for any help that can be provided.

Sunday, December 14, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 14, 2008 17:34:54
Records in database: 1460955


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
Z:\

Scan statistics
Files scanned 70642
Threat name 5
Infected objects 11
Suspicious objects 0
Duration of the scan 02:17:50

File name Threat name Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\17940004.VBN Infected: Trojan.Win32.Agent.attb 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\17940008.VBN Infected: Trojan.Win32.Monder.abke 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\1794000C.VBN Infected: Trojan.Win32.Agent.asjz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\17940010.VBN Infected: Trojan.Win32.Monder.abke 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\17940012.VBN Infected: Trojan.Win32.Pakes.mag 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\17940014.VBN Infected: Trojan.Win32.Monder.abke 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\17940016.VBN Infected: Trojan.Win32.Monder.abke 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\17940018.VBN Infected: Trojan.Win32.Pakes.mag 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\1794001C.VBN Infected: Trojan.Win32.Monder.abke 1

C:\Documents and Settings\nrichard\Desktop\backup.pst Infected: Trojan-Spy.HTML.Bankfraud.dq 2


Logfile of random's system information tool 1.04 (written by random/random)
Run by nrichard at 2008-12-14 20:23:56
Microsoft Windows XP Professional Service Pack 3
System drive C: has 35 GB (62%) free of 57 GB
Total RAM: 503 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:29 PM, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SpywareDetector\SDMainService.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\system32\sim9sync.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\SpywareDetector\SDActiveMonitor.exe
C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\nrichard.NRICHARDS2\Desktop\RSIT.exe
C:\Program Files\trend micro\nrichard.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.62.102/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {183E81C8-9270-4D8C-8AB0-0195E5A4B2A7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {c984c40d-2362-43f7-9d91-4fa6998549cb} - C:\WINDOWS\system32\gayujoje.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {387614AA-6D5C-46BB-8964-220A6B47BCFB} - (no file)
O3 - Toolbar: (no name) - {13BBB9D4-8833-402E-AA07-C27D1717176D} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO
O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
O4 - HKLM\..\Run: [rijudumowo] Rundll32.exe "C:\WINDOWS\system32\gikosiha.dll",s
O4 - HKLM\..\Run: [242572e2] rundll32.exe "C:\WINDOWS\system32\zodezaru.dll",b
O4 - HKLM\..\Run: [CPM2716417e] Rundll32.exe "c:\windows\system32\balayoyu.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [rijudumowo] Rundll32.exe "C:\WINDOWS\system32\gikosiha.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [rijudumowo] Rundll32.exe "C:\WINDOWS\system32\gikosiha.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1178244896-1127127065-2014522485-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-487215892-1180799035-461842373-1125\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\X-Lite\x-lite.exe" (User '?')
O4 - HKUS\S-1-5-21-487215892-1180799035-461842373-1125\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.tdameritrade.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228882377171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228887653953
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll c:\windows\system32\weziroze.dll c:\windows\system32\zeveluhe.dll c:\windows\system32\bal c:\windows\system32\fayilure.dll c:\windows\system32\balayoyu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\balayoyu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\balayoyu.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SDMainSvc - Max Secure Software - C:\Program Files\SpywareDetector\SDMainService.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: SIMATIC NET Synchronization Service (Sim9Sync) - Siemens AG - C:\WINDOWS\system32\sim9sync.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13906 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\vstsvowd.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{183E81C8-9270-4D8C-8AB0-0195E5A4B2A7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 323904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar6.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-27 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c984c40d-2362-43f7-9d91-4fa6998549cb}]
C:\WINDOWS\system32\gayujoje.dll [2008-09-12 61494]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar6.dll [2007-01-19 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]
{387614AA-6D5C-46BB-8964-220A6B47BCFB}
{13BBB9D4-8833-402E-AA07-C27D1717176D}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-09-13 155648]
""= []
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2005-09-01 684032]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-26 53248]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-07 29744]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [2003-05-21 90112]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2007-08-03 63048]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"SDActiveMonitor"=C:\Program Files\SpywareDetector\SDActiveMonitor.exe [2008-12-04 1370064]
"RCAutoLiveUpdate"=C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe [2008-07-03 865744]
"RCSystemTray"=C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe [2008-07-03 914896]
"rijudumowo"=C:\WINDOWS\system32\gikosiha.dll [2008-09-12 61494]
"242572e2"=C:\WINDOWS\system32\zodezaru.dll [2008-12-14 85726]
"CPM2716417e"=c:\windows\system32\fayilure.dll [2008-12-14 91280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-21 68856]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~1\google\google~1\goec62~1.dll c:\windows\system32\weziroze.dll c:\windows\system32\zeveluhe.dll c:\windows\system32\bal c:\windows\system32\fayilure.dll c:\windows\system32\balayoyu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-16 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2003-05-21 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll [2008-12-01 475136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fayilure.dll [2008-12-14 91280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fayilure.dll [2008-12-14 91280]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\geBuTkhg
"notification packages"=scecli
C:\WINDOWS\system32\weziroze.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FileMaker\FileMaker Pro 8\FileMaker Pro.exe"="C:\Program Files\FileMaker\FileMaker Pro 8\FileMaker Pro.exe:*:Enabled:FileMaker Pro"
"C:\Program Files\CounterPath\X-Lite\x-lite.exe"="C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\setup\HPZNUI01.EXE"="D:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Documents and Settings\nrichard.NRICHARDS2\Local Settings\Temp\7zSC.tmp\setup\HPZnui01.exe"="C:\Documents and Settings\nrichard.NRICHARDS2\Local Settings\Temp\7zSC.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager"
"C:\Documents and Settings\nrichard.NRICHARDS2\Local Settings\Temp\7zS8C5.tmp\setup\HPZnui01.exe"="C:\Documents and Settings\nrichard.NRICHARDS2\Local Settings\Temp\7zS8C5.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\Program Files\FileMaker\FileMaker Pro 8\FileMaker Pro.exe"="C:\Program Files\FileMaker\FileMaker Pro 8\FileMaker Pro.exe:*:Enabled:FileMaker Pro"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\ISONAS\PlugNPlay.exe"="C:\ISONAS\PlugNPlay.exe:*:Enabled:PlugNPlay"
"C:\ISONAS\badgesvr.exe"="C:\ISONAS\badgesvr.exe:*:Enabled:badgesvr"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\CounterPath\X-Lite\x-lite.exe"="C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2008-12-14 14:00:37 ----D---- C:\Documents and Settings\nrichard.NRICHARDS2\Application Data\Help
2008-12-14 10:59:07 ----SH---- C:\WINDOWS\system32\urazedoz.ini
2008-12-14 09:07:09 ----D---- C:\Program Files\trend micro
2008-12-14 09:07:01 ----D---- C:\rsit
2008-12-13 11:09:38 ----SH---- C:\WINDOWS\system32\oyiniyej.ini
2008-12-12 19:06:20 ----SH---- C:\WINDOWS\system32\oraravuz.ini
2008-12-12 17:03:53 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-12 11:33:34 ----D---- C:\WINDOWS\MaxSecureBackup
2008-12-12 11:30:44 ----A---- C:\WINDOWS\system32\GetHardDiskNo.dll
2008-12-12 11:30:38 ----D---- C:\Program Files\Max Registry Cleaner
2008-12-10 01:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 01:00:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 00:59:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 00:56:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 00:55:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-10 00:53:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-10 00:52:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-10 00:50:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-10 00:23:27 ----D---- C:\WINDOWS\Prefetch
2008-12-10 00:20:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-10 00:19:45 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-10 00:19:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-10 00:19:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-10 00:19:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-10 00:18:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-10 00:18:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-10 00:18:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-10 00:18:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-10 00:18:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-10 00:18:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-10 00:17:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-10 00:17:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-10 00:17:39 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-10 00:17:30 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-10 00:10:33 ----D---- C:\WINDOWS\system32\scripting
2008-12-10 00:10:33 ----D---- C:\WINDOWS\l2schemas
2008-12-10 00:10:30 ----D---- C:\WINDOWS\system32\en
2008-12-10 00:10:30 ----D---- C:\WINDOWS\system32\bits
2008-12-10 00:05:48 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-09 23:55:04 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-09 23:45:37 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-12-09 23:45:35 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-12-09 23:45:32 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-12-09 23:45:32 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-12-09 23:45:19 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-12-09 23:45:19 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-09 23:45:08 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-12-09 23:45:07 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-12-09 23:45:05 ----N---- C:\WINDOWS\system32\slserv.exe
2008-12-09 23:45:05 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-12-09 23:45:05 ----N---- C:\WINDOWS\slrundll.exe
2008-12-09 23:45:04 ----N---- C:\WINDOWS\system32\slgen.dll
2008-12-09 23:45:04 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-12-09 23:45:04 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-12-09 23:45:00 ----N---- C:\WINDOWS\system32\setupn.exe
2008-12-09 23:44:56 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-12-09 23:44:54 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-09 23:44:52 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-12-09 23:44:50 ----N---- C:\WINDOWS\system32\qutil.dll
2008-12-09 23:44:49 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-12-09 23:44:49 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-12-09 23:44:49 ----N---- C:\WINDOWS\system32\qagent.dll
2008-12-09 23:44:46 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-12-09 23:44:43 ----N---- C:\WINDOWS\system32\onex.dll
2008-12-09 23:44:29 ----N---- C:\WINDOWS\system32\napstat.exe
2008-12-09 23:44:29 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-12-09 23:44:29 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-12-09 23:44:28 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-12-09 23:44:28 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-12-09 23:44:28 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-12-09 23:44:25 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-12-09 23:44:25 ----N---- C:\WINDOWS\system32\mssha.dll
2008-12-09 23:44:05 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-12-09 23:44:05 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-12-09 23:44:04 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-12-09 23:44:04 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-12-09 23:43:49 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-12-09 23:43:48 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-12-09 23:43:47 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-12-09 23:43:47 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-12-09 23:43:46 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-12-09 23:43:46 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-12-09 23:43:27 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-12-09 23:43:26 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-12-09 23:43:20 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-12-09 23:43:13 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-12-09 23:43:03 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-12-09 23:43:03 ----A---- C:\WINDOWS\002919_.tmp
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-12-09 23:42:59 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-12-09 23:42:53 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-12-09 23:42:53 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-12-09 23:42:52 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-12-09 23:42:47 ----N---- C:\WINDOWS\system32\credssp.dll
2008-12-09 23:42:38 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-12-09 23:42:37 ----N---- C:\WINDOWS\system32\azroles.dll
2008-12-09 23:42:35 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-12-09 23:42:35 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-12-09 23:42:34 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-12-09 23:42:34 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-12-09 23:42:34 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-12-09 23:42:34 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-12-09 23:42:33 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-12-09 23:42:24 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-09 23:14:18 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-09 20:53:39 ----RSH---- C:\SDVirus.txt
2008-12-09 20:29:58 ----RASH---- C:\SDSignature.txt
2008-12-09 20:29:58 ----RASH---- C:\ExecSignature.txt
2008-12-09 19:45:16 ----A---- C:\WINDOWS\system32\ProxySettings.ini
2008-12-09 19:45:15 ----A---- C:\WINDOWS\system32\SDEarlyDelete.ini
2008-12-09 19:45:15 ----A---- C:\WINDOWS\system32\SDEarlyDelete.exe
2008-12-09 19:45:12 ----A---- C:\WINDOWS\system32\CheckDll.dll
2008-12-09 19:45:09 ----D---- C:\Program Files\SpywareDetector
2008-12-09 15:56:26 ----SH---- C:\WINDOWS\system32\efofgaih.ini
2008-12-09 14:44:32 ----SH---- C:\WINDOWS\system32\nifohgao.ini
2008-12-09 09:20:53 ----SHD---- C:\WINDOWS\U3VybWV0
2008-12-09 09:20:42 ----D---- C:\WINDOWS\system32\ki3
2008-12-09 09:20:42 ----D---- C:\WINDOWS\system32\in
2008-12-09 09:20:41 ----D---- C:\WINDOWS\system32\C
2008-12-09 09:12:04 ----SH---- C:\WINDOWS\system32\pwmjbamf.ini
2008-12-09 09:11:32 ----A---- C:\WINDOWS\system32\2f06b69c-.txt
2008-12-09 09:10:50 ----ASH---- C:\WINDOWS\system32\ghkTuBeg.ini2
2008-12-09 09:10:49 ----ASH---- C:\WINDOWS\system32\ghkTuBeg.ini
2008-11-18 09:46:22 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2008-11-16 12:39:27 ----D---- C:\Program Files\Research In Motion
2008-11-16 12:39:27 ----D---- C:\Program Files\Common Files\Research In Motion
2008-11-16 12:35:10 ----SHD---- C:\WINDOWS\ftpcache

======List of files/folders modified in the last 1 months======

2008-12-14 14:59:07 ----D---- C:\WINDOWS\Temp
2008-12-14 14:46:19 ----D---- C:\TEMP
2008-12-14 14:46:09 ----D---- C:\WINDOWS\system32
2008-12-14 14:22:18 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-14 14:20:08 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.92 Modem.txt
2008-12-14 14:17:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-14 10:59:01 ----ASH---- C:\WINDOWS\system32\zodezaru.dll
2008-12-14 10:59:01 ----A---- C:\WINDOWS\system32\fayilure.dll
2008-12-14 09:58:45 ----D---- C:\Program Files\LogMeIn
2008-12-14 09:07:09 ----RD---- C:\Program Files
2008-12-13 22:58:55 ----A---- C:\WINDOWS\system32\balayoyu.dll
2008-12-13 17:32:59 ----D---- C:\WINDOWS
2008-12-13 10:58:34 ----ASH---- C:\WINDOWS\system32\radisezo.dll
2008-12-12 18:54:46 ----D---- C:\WINDOWS\system32\config
2008-12-12 18:05:56 ----ASH---- C:\WINDOWS\system32\vigalefe.dll
2008-12-12 17:19:55 ----D---- C:\WINDOWS\system32\drivers
2008-12-12 11:31:44 ----D---- C:\WINDOWS\system
2008-12-10 01:03:29 ----HD---- C:\Config.Msi
2008-12-10 01:03:29 ----D---- C:\Program Files\Internet Explorer
2008-12-10 01:01:20 ----HD---- C:\WINDOWS\inf
2008-12-10 01:01:02 ----A---- C:\WINDOWS\imsins.BAK
2008-12-10 01:00:47 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-10 01:00:20 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-10 00:59:39 ----SHD---- C:\WINDOWS\Installer
2008-12-10 00:57:39 ----A---- C:\WINDOWS\win.ini
2008-12-10 00:53:34 ----D---- C:\WINDOWS\WinSxS
2008-12-10 00:41:01 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-10 00:41:00 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-10 00:37:12 ----SD---- C:\Documents and Settings\nrichard.NRICHARDS2\Application Data\Microsoft
2008-12-10 00:29:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-10 00:26:54 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-10 00:23:46 ----A---- C:\WINDOWS\setuplog.txt
2008-12-10 00:22:38 ----D---- C:\WINDOWS\system32\Setup
2008-12-10 00:22:38 ----D---- C:\WINDOWS\AppPatch
2008-12-10 00:22:36 ----D---- C:\WINDOWS\system32\wbem
2008-12-10 00:22:35 ----SD---- C:\WINDOWS\Fonts
2008-12-10 00:20:05 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-10 00:17:40 ----D---- C:\Program Files\Messenger
2008-12-10 00:17:03 ----D---- C:\WINDOWS\security
2008-12-10 00:11:04 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-10 00:11:04 ----D---- C:\WINDOWS\network diagnostic
2008-12-10 00:11:03 ----D---- C:\WINDOWS\ime
2008-12-10 00:11:03 ----D---- C:\WINDOWS\Help
2008-12-10 00:10:36 ----D---- C:\WINDOWS\system32\usmt
2008-12-10 00:10:36 ----D---- C:\WINDOWS\system32\en-US
2008-12-10 00:10:30 ----D---- C:\WINDOWS\PeerNet
2008-12-10 00:10:29 ----D---- C:\Program Files\Movie Maker
2008-12-10 00:05:31 ----D---- C:\WINDOWS\system32\Restore
2008-12-10 00:05:31 ----D---- C:\WINDOWS\system32\npp
2008-12-10 00:05:30 ----D---- C:\WINDOWS\mui
2008-12-10 00:05:29 ----D---- C:\WINDOWS\msagent
2008-12-10 00:05:27 ----D---- C:\WINDOWS\srchasst
2008-12-10 00:05:24 ----D---- C:\Program Files\NetMeeting
2008-12-10 00:05:22 ----D---- C:\WINDOWS\system32\Com
2008-12-10 00:05:18 ----D---- C:\Program Files\Windows Media Player
2008-12-10 00:05:17 ----D---- C:\Program Files\Windows NT
2008-12-10 00:05:17 ----D---- C:\Program Files\Outlook Express
2008-12-10 00:05:12 ----D---- C:\Program Files\Common Files\System
2008-12-10 00:04:48 ----D---- C:\WINDOWS\system32\oobe
2008-12-10 00:00:02 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-09 23:54:59 ----D---- C:\WINDOWS\ehome
2008-12-09 23:17:02 ----D---- C:\WINDOWS\Debug
2008-12-09 21:17:59 ----D---- C:\Program Files\AutoCAD LT 2002
2008-12-09 09:05:44 ----SD---- C:\WINDOWS\Tasks
2008-12-02 13:05:30 ----SHD---- C:\WINDOWS\CSC
2008-11-23 22:03:00 ----D---- C:\Documents and Settings\nrichard.NRICHARDS2\Application Data\Adobe
2008-11-16 12:39:27 ----D---- C:\Program Files\Common Files
2008-11-16 09:13:21 ----D---- C:\Documents and Settings\nrichard.NRICHARDS2\Application Data\AdobeUM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-03 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 RimUsbb;RimUsbb; C:\WINDOWS\System32\drivers\RimUsbb.sys [2008-12-09 86272]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-02-02 17056]
R2 BASFND;BASFND; \??\C:\WINDOWS\system32\Drivers\BASFND.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 NAVAPEL;NAVAPEL; \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-31 11354]
R2 s7otranx;s7otranx; C:\WINDOWS\System32\Drivers\S7otranx.sys [2001-12-05 478720]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-16 108791]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-09-03 121472]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-08-03 10144]
R3 NAVAP;NAVAP; \??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys []
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081214.003\NAVENG.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081214.003\NAVEX15.sys []
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 S7oppilx;Siemens PC/PPI Cable; C:\WINDOWS\System32\Drivers\S7oppilx.sys [2002-05-03 123904]
R3 SDActMon;SDActMon; \??\C:\Program Files\SpywareDetector\SDActMon.sys []
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-21 3210496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-11-07 22272]
S3 s7oppitx;s7oppitx; C:\WINDOWS\System32\Drivers\S7oppitx.sys [2001-12-05 73216]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.4; C:\WINDOWS\system32\basfipm.exe [2004-04-01 77824]
R2 DefWatch;DefWatch; C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe [2003-05-21 32768]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2008-10-16 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2007-08-03 63040]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-06-09 356352]
R2 Norton AntiVirus Server;Symantec AntiVirus Client; C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe [2003-05-21 610304]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2008-02-27 20480]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]
R2 SDMainSvc;SDMainSvc; C:\Program Files\SpywareDetector\SDMainService.exe [2008-12-04 923088]
R2 SDService;SDService; C:\Program Files\SpywareDetector\SDService.exe [2008-12-04 1701328]
R2 Sim9Sync;SIMATIC NET Synchronization Service; C:\WINDOWS\system32\sim9sync.exe [2002-06-19 94208]
R2 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-07 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 138168]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2007-05-24 61440]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 usnsvc;Messenger Sharing USN Journal Reader service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------


Spyware Detector LogInformation :
Date:12/14/2008 14-33-33
OS Version:Windows XP Professional Edition
Computer Name:NRICHARDS2

Log:
Spyware NameThreat TypeThreatAction
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@ad.yieldmanager[1].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@adbrite[1].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@adopt.specificclick[2].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@ads.pointroll[2].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@adserver.adtechus[1].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@adtrgt[2].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@advertising[2].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@afy11[1].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@atwola[2].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@blogger[1].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@crackle[2].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@directtrack[1].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@doubleclick[1].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@ehg-groupernetworks.hitbox[2].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@fastclick[1].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@hitbox[2].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@imrworldwide[2].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@mediaplex[2].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@stats.adbrite[1].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@trafficmp[1].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@tribalfusion[1].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@trk.pcsecurityshield[2].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@www.pcsecurityshield[1].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@wwwamnc1[2].txtScan
Tracking.CookieCookiec:\documents and
settings\nrichard.nrichards2\cookies\nrichard@zedo[2].txtScan
Downloader.SmallFilec:\windows\system32\drivers\core.cache.dskScan
Trojan.AgentFolderc:\temp\tn3Scan
Trojan.AgentRegistry Keyhkey_local_machine\software\microsoft\rdfaScan
Trojan.AgentRegistry
Keyhkey_users\s-1-5-21-1178244896-1127127065-2014522485-1006\software\microsoft\fias4013Scan
Trojan.AgentRegistry
Valuehkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
:: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}Scan
Trojan.AgentRegistry
Keyhkey_local_machine\software\classes\clsid\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}Scan
Trojan.AgentRegistry
Keyhkey_classes_root\clsid\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}Scan
Trojan.AgentRegistry
Keyhkey_local_machine\software\classes\clsid\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}\inprocserver32Scan
Trojan.AgentRegistry
Keyhkey_classes_root\clsid\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}\inprocserver32Scan
Trojan.AgentRegistry
Datahkey_local_machine\software\classes\clsid\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}\inprocserver32
:: (default) :: c:\windows\system32\balayoyu.dllScan
Trojan.AgentRegistry
Datahkey_classes_root\clsid\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}\inprocserver32
:: (default) :: c:\windows\system32\balayoyu.dllScan
Trojan.AgentFilec:\windows\system32\balayoyu.dllScan
Trojan.BuzusRegistry Keyhkey_local_machine\software\microsoft\contimScan
GenSSODL.{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}Registry
Valuehkey_local_machine\software\microsoft\windows\currentversion\shellserviceobjectdelayload
:: ssodlScan
Backdoor.BifroseRegistry
Valuehkey_local_machine\software\microsoft\windows\currentversion\run ::
userfaultcheckScan
Trojan.AppInit_DllsFix: Registry
Datahkey_local_machine\software\microsoft\windows
nt\currentversion\windows :: appinit_dlls ::
c:\windows\system32\weziroze.dll |
c:\progra~1\google\google~1\goec62~1.dll c:\windows\system32\zeveluhe.dll
c:\windows\system32\balayoyu.dll c:\windows\system32\fayilure.dllScan
Trojan.AppInit_DllsFilec:\windows\system32\weziroze.dllScan
Trojan.AppInit_DllsFix: Registry
Datahkey_local_machine\software\microsoft\windows
nt\currentversion\windows :: appinit_dlls ::
c:\windows\system32\balayoyu.dll |
c:\progra~1\google\google~1\goec62~1.dll c:\windows\system32\weziroze.dll
c:\windows\system32\zeveluhe.dll c:\windows\system32\fayilure.dllScan
Trojan.AppInit_DllsFix: Registry
Datahkey_local_machine\software\microsoft\windows
nt\currentversion\windows :: appinit_dlls ::
c:\windows\system32\fayilure.dll |
c:\progra~1\google\google~1\goec62~1.dll c:\windows\system32\weziroze.dll
c:\windows\system32\zeveluhe.dll c:\windows\system32\balayoyu.dll Scan
Trojan.AppInit_DllsFilec:\windows\system32\fayilure.dllScan

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:56 AM

Posted 23 December 2008 - 03:22 AM

Hello naterich,

Posted Image

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 naterich

naterich
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 29 December 2008 - 04:51 PM

Are you still interested, I just got your response.

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:56 AM

Posted 29 December 2008 - 05:16 PM

Hello,

Please post a new HijackThis log and we'll go from there. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 naterich

naterich
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 29 December 2008 - 09:44 PM

Here you go

Logfile of random's system information tool 1.04 (written by random/random)
Run by nrichard at 2008-12-29 21:38:13
Microsoft Windows XP Professional Service Pack 3
System drive C: has 36 GB (62%) free of 57 GB
Total RAM: 503 MB (8% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:25 PM, on 12/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\SpywareDetector\SDActiveMonitor.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SpywareDetector\SDMainService.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\system32\sim9sync.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nrichard.NRICHARDS2\Desktop\RSIT.exe
C:\Program Files\trend micro\nrichard.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.62.102/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {183E81C8-9270-4D8C-8AB0-0195E5A4B2A7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {c984c40d-2362-43f7-9d91-4fa6998549cb} - C:\WINDOWS\system32\patafudi.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {387614AA-6D5C-46BB-8964-220A6B47BCFB} - (no file)
O3 - Toolbar: (no name) - {13BBB9D4-8833-402E-AA07-C27D1717176D} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO
O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
O4 - HKLM\..\Run: [rijudumowo] Rundll32.exe "C:\WINDOWS\system32\nusayuta.dll",s
O4 - HKLM\..\Run: [242572e2] rundll32.exe "C:\WINDOWS\system32\viwefizu.dll",b
O4 - HKLM\..\Run: [CPM2716417e] Rundll32.exe "c:\windows\system32\fewohite.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [rijudumowo] Rundll32.exe "C:\WINDOWS\system32\nusayuta.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [rijudumowo] Rundll32.exe "C:\WINDOWS\system32\nusayuta.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.tdameritrade.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228882377171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228887653953
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...464/mcfscan.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\fatenuva.dll c:\windows\system32\fewohite.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fewohite.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SDMainSvc - Max Secure Software - C:\Program Files\SpywareDetector\SDMainService.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: SIMATIC NET Synchronization Service (Sim9Sync) - Siemens AG - C:\WINDOWS\system32\sim9sync.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13005 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\vstsvowd.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{183E81C8-9270-4D8C-8AB0-0195E5A4B2A7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 323904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar6.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-27 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c984c40d-2362-43f7-9d91-4fa6998549cb}]
C:\WINDOWS\system32\patafudi.dll [2008-09-16 62529]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar6.dll [2007-01-19 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]
{387614AA-6D5C-46BB-8964-220A6B47BCFB}
{13BBB9D4-8833-402E-AA07-C27D1717176D}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-09-13 155648]
""= []
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2005-09-01 684032]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-26 53248]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-07 29744]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2007-08-03 63048]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"SDActiveMonitor"=C:\Program Files\SpywareDetector\SDActiveMonitor.exe [2008-12-04 1370064]
"RCAutoLiveUpdate"=C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe [2008-07-03 865744]
"RCSystemTray"=C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe [2008-07-03 914896]
"rijudumowo"=C:\WINDOWS\system32\nusayuta.dll [2008-09-16 62529]
"242572e2"=C:\WINDOWS\system32\viwefizu.dll [2008-12-16 83172]
"CPM2716417e"=c:\windows\system32\fewohite.dll [2008-12-16 94977]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-21 68856]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\fatenuva.dll c:\windows\system32\fewohite.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-16 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll [2008-12-01 475136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fewohite.dll [2008-12-16 94977]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\geBuTkhg
"notification packages"=scecli
C:\WINDOWS\system32\fatenuva.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FileMaker\FileMaker Pro 8\FileMaker Pro.exe"="C:\Program Files\FileMaker\FileMaker Pro 8\FileMaker Pro.exe:*:Enabled:FileMaker Pro"
"C:\Program Files\CounterPath\X-Lite\x-lite.exe"="C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\setup\HPZNUI01.EXE"="D:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Documents and Settings\nrichard.NRICHARDS2\Local Settings\Temp\7zSC.tmp\setup\HPZnui01.exe"="C:\Documents and Settings\nrichard.NRICHARDS2\Local Settings\Temp\7zSC.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager"
"C:\Documents and Settings\nrichard.NRICHARDS2\Local Settings\Temp\7zS8C5.tmp\setup\HPZnui01.exe"="C:\Documents and Settings\nrichard.NRICHARDS2\Local Settings\Temp\7zS8C5.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe:*:Enabled:DVDLauncher"
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe:*:Enabled:GoogleToolbarNotifier"
"C:\Program Files\SpywareDetector\SDMainService.exe"="C:\Program Files\SpywareDetector\SDMainService.exe:*:Enabled:SDMainService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\Program Files\FileMaker\FileMaker Pro 8\FileMaker Pro.exe"="C:\Program Files\FileMaker\FileMaker Pro 8\FileMaker Pro.exe:*:Enabled:FileMaker Pro"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\ISONAS\PlugNPlay.exe"="C:\ISONAS\PlugNPlay.exe:*:Enabled:PlugNPlay"
"C:\ISONAS\badgesvr.exe"="C:\ISONAS\badgesvr.exe:*:Enabled:badgesvr"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\CounterPath\X-Lite\x-lite.exe"="C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 2 months======

2008-12-16 19:12:40 ----A---- C:\WINDOWS\gmer.ini
2008-12-16 19:12:37 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-16 19:12:37 ----A---- C:\WINDOWS\gmer.exe
2008-12-16 19:12:37 ----A---- C:\WINDOWS\gmer.dll
2008-12-16 18:33:58 ----SH---- C:\WINDOWS\system32\uzifewiv.ini
2008-12-15 22:15:21 ----D---- C:\WINDOWS\McAfee.com
2008-12-15 20:55:36 ----SH---- C:\WINDOWS\system32\urukakod.ini
2008-12-14 14:00:37 ----D---- C:\Documents and Settings\nrichard.NRICHARDS2\Application Data\Help
2008-12-14 10:59:07 ----SH---- C:\WINDOWS\system32\urazedoz.ini
2008-12-14 09:07:09 ----D---- C:\Program Files\trend micro
2008-12-14 09:07:01 ----D---- C:\rsit
2008-12-13 11:09:38 ----SH---- C:\WINDOWS\system32\oyiniyej.ini
2008-12-12 19:06:20 ----SH---- C:\WINDOWS\system32\oraravuz.ini
2008-12-12 17:03:53 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-12 11:33:34 ----D---- C:\WINDOWS\MaxSecureBackup
2008-12-12 11:30:44 ----A---- C:\WINDOWS\system32\GetHardDiskNo.dll
2008-12-12 11:30:38 ----D---- C:\Program Files\Max Registry Cleaner
2008-12-10 01:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 01:00:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 00:59:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 00:56:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 00:55:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-10 00:53:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-10 00:52:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-10 00:50:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-10 00:23:27 ----D---- C:\WINDOWS\Prefetch
2008-12-10 00:20:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-10 00:19:45 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-10 00:19:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-10 00:19:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-10 00:19:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-10 00:18:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-10 00:18:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-10 00:18:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-10 00:18:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-10 00:18:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-10 00:18:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-10 00:17:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-10 00:17:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-10 00:17:39 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-10 00:17:30 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-10 00:10:33 ----D---- C:\WINDOWS\system32\scripting
2008-12-10 00:10:33 ----D---- C:\WINDOWS\l2schemas
2008-12-10 00:10:30 ----D---- C:\WINDOWS\system32\en
2008-12-10 00:10:30 ----D---- C:\WINDOWS\system32\bits
2008-12-10 00:05:48 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-09 23:55:04 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-09 23:45:37 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-12-09 23:45:35 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-12-09 23:45:32 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-12-09 23:45:32 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-12-09 23:45:19 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-12-09 23:45:19 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-09 23:45:08 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-12-09 23:45:07 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-12-09 23:45:05 ----N---- C:\WINDOWS\system32\slserv.exe
2008-12-09 23:45:05 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-12-09 23:45:05 ----N---- C:\WINDOWS\slrundll.exe
2008-12-09 23:45:04 ----N---- C:\WINDOWS\system32\slgen.dll
2008-12-09 23:45:04 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-12-09 23:45:04 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-12-09 23:45:00 ----N---- C:\WINDOWS\system32\setupn.exe
2008-12-09 23:44:56 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-12-09 23:44:54 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-09 23:44:52 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-12-09 23:44:50 ----N---- C:\WINDOWS\system32\qutil.dll
2008-12-09 23:44:49 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-12-09 23:44:49 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-12-09 23:44:49 ----N---- C:\WINDOWS\system32\qagent.dll
2008-12-09 23:44:46 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-12-09 23:44:43 ----N---- C:\WINDOWS\system32\onex.dll
2008-12-09 23:44:29 ----N---- C:\WINDOWS\system32\napstat.exe
2008-12-09 23:44:29 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-12-09 23:44:29 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-12-09 23:44:28 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-12-09 23:44:28 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-12-09 23:44:28 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-12-09 23:44:25 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-12-09 23:44:25 ----N---- C:\WINDOWS\system32\mssha.dll
2008-12-09 23:44:05 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-12-09 23:44:05 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-12-09 23:44:04 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-12-09 23:44:04 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-12-09 23:43:49 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-12-09 23:43:48 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-12-09 23:43:47 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-12-09 23:43:47 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-12-09 23:43:46 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-12-09 23:43:46 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-12-09 23:43:27 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-12-09 23:43:26 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-12-09 23:43:20 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-12-09 23:43:13 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-12-09 23:43:03 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-12-09 23:43:03 ----A---- C:\WINDOWS\002919_.tmp
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-12-09 23:42:59 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-12-09 23:42:53 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-12-09 23:42:53 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-12-09 23:42:52 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-12-09 23:42:47 ----N---- C:\WINDOWS\system32\credssp.dll
2008-12-09 23:42:38 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-12-09 23:42:37 ----N---- C:\WINDOWS\system32\azroles.dll
2008-12-09 23:42:35 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-12-09 23:42:35 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-12-09 23:42:34 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-12-09 23:42:34 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-12-09 23:42:34 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-12-09 23:42:34 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-12-09 23:42:33 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-12-09 23:42:24 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-09 23:14:18 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-09 20:53:39 ----RSH---- C:\SDVirus.txt
2008-12-09 20:29:58 ----RASH---- C:\SDSignature.txt
2008-12-09 20:29:58 ----RASH---- C:\ExecSignature.txt
2008-12-09 19:45:16 ----A---- C:\WINDOWS\system32\ProxySettings.ini
2008-12-09 19:45:15 ----A---- C:\WINDOWS\system32\SDEarlyDelete.ini
2008-12-09 19:45:15 ----A---- C:\WINDOWS\system32\SDEarlyDelete.exe
2008-12-09 19:45:12 ----A---- C:\WINDOWS\system32\CheckDll.dll
2008-12-09 19:45:09 ----D---- C:\Program Files\SpywareDetector
2008-12-09 15:56:26 ----SH---- C:\WINDOWS\system32\efofgaih.ini
2008-12-09 14:44:32 ----SH---- C:\WINDOWS\system32\nifohgao.ini
2008-12-09 09:20:53 ----SHD---- C:\WINDOWS\U3VybWV0
2008-12-09 09:20:42 ----D---- C:\WINDOWS\system32\ki3
2008-12-09 09:20:42 ----D---- C:\WINDOWS\system32\in
2008-12-09 09:20:41 ----D---- C:\WINDOWS\system32\C
2008-12-09 09:12:04 ----SH---- C:\WINDOWS\system32\pwmjbamf.ini
2008-12-09 09:11:32 ----A---- C:\WINDOWS\system32\2f06b69c-.txt
2008-12-09 09:10:50 ----ASH---- C:\WINDOWS\system32\ghkTuBeg.ini2
2008-12-09 09:10:49 ----ASH---- C:\WINDOWS\system32\ghkTuBeg.ini
2008-11-18 09:46:22 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2008-11-16 12:39:27 ----D---- C:\Program Files\Research In Motion
2008-11-16 12:39:27 ----D---- C:\Program Files\Common Files\Research In Motion
2008-11-16 12:35:10 ----SHD---- C:\WINDOWS\ftpcache
2008-11-04 21:38:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-11-04 21:37:17 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-11-04 21:37:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-11-04 21:36:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-11-04 21:36:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-04 21:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-11-04 21:30:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-11-04 21:29:09 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-11-04 21:26:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-11-04 21:26:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-04 21:26:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-11-04 21:26:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-11-04 21:26:24 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-11-04 21:26:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-11-04 21:24:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-11-01 13:43:18 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-01 13:43:18 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-01 13:43:18 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 2 months======

2008-12-29 21:30:03 ----D---- C:\WINDOWS\Temp
2008-12-29 21:27:14 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-29 21:25:23 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.92 Modem.txt
2008-12-29 21:25:20 ----D---- C:\Program Files\LogMeIn
2008-12-29 21:24:33 ----RD---- C:\Program Files
2008-12-16 19:34:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-16 19:12:40 ----D---- C:\WINDOWS
2008-12-16 19:12:37 ----D---- C:\WINDOWS\system32\drivers
2008-12-16 18:46:34 ----D---- C:\WINDOWS\system32
2008-12-16 18:40:54 ----SHD---- C:\WINDOWS\Installer
2008-12-16 18:40:38 ----D---- C:\Program Files\Symantec
2008-12-16 18:39:29 ----HD---- C:\Config.Msi
2008-12-16 18:39:21 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-16 18:33:47 ----ASH---- C:\WINDOWS\system32\viwefizu.dll
2008-12-16 18:33:47 ----ASH---- C:\WINDOWS\system32\fewohite.dll
2008-12-16 18:33:45 ----ASH---- C:\WINDOWS\system32\suliweya.dll
2008-12-15 23:22:15 ----D---- C:\TEMP
2008-12-15 22:16:08 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-15 22:15:21 ----HD---- C:\WINDOWS\inf
2008-12-15 22:01:03 ----D---- C:\ISONAS
2008-12-15 21:59:24 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-15 20:55:10 ----ASH---- C:\WINDOWS\system32\royetuki.dll
2008-12-15 20:55:09 ----A---- C:\WINDOWS\system32\yanohide.dll
2008-12-15 20:55:08 ----N---- C:\WINDOWS\system32\dokakuru.dll
2008-12-14 10:59:01 ----N---- C:\WINDOWS\system32\zodezaru.dll
2008-12-13 22:58:55 ----A---- C:\WINDOWS\system32\balayoyu.dll
2008-12-12 18:54:46 ----D---- C:\WINDOWS\system32\config
2008-12-12 18:05:56 ----ASH---- C:\WINDOWS\system32\vigalefe.dll
2008-12-12 11:31:44 ----D---- C:\WINDOWS\system
2008-12-10 01:03:29 ----D---- C:\Program Files\Internet Explorer
2008-12-10 01:01:02 ----A---- C:\WINDOWS\imsins.BAK
2008-12-10 01:00:47 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-10 01:00:20 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-10 00:57:39 ----A---- C:\WINDOWS\win.ini
2008-12-10 00:53:34 ----D---- C:\WINDOWS\WinSxS
2008-12-10 00:41:01 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-10 00:37:12 ----SD---- C:\Documents and Settings\nrichard.NRICHARDS2\Application Data\Microsoft
2008-12-10 00:29:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-10 00:26:54 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-10 00:23:46 ----A---- C:\WINDOWS\setuplog.txt
2008-12-10 00:22:38 ----D---- C:\WINDOWS\system32\Setup
2008-12-10 00:22:38 ----D---- C:\WINDOWS\AppPatch
2008-12-10 00:22:36 ----D---- C:\WINDOWS\system32\wbem
2008-12-10 00:22:35 ----SD---- C:\WINDOWS\Fonts
2008-12-10 00:20:05 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-10 00:17:40 ----D---- C:\Program Files\Messenger
2008-12-10 00:17:03 ----D---- C:\WINDOWS\security
2008-12-10 00:11:04 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-10 00:11:04 ----D---- C:\WINDOWS\network diagnostic
2008-12-10 00:11:03 ----D---- C:\WINDOWS\ime
2008-12-10 00:11:03 ----D---- C:\WINDOWS\Help
2008-12-10 00:10:36 ----D---- C:\WINDOWS\system32\usmt
2008-12-10 00:10:36 ----D---- C:\WINDOWS\system32\en-US
2008-12-10 00:10:30 ----D---- C:\WINDOWS\PeerNet
2008-12-10 00:10:29 ----D---- C:\Program Files\Movie Maker
2008-12-10 00:05:31 ----D---- C:\WINDOWS\system32\Restore
2008-12-10 00:05:31 ----D---- C:\WINDOWS\system32\npp
2008-12-10 00:05:30 ----D---- C:\WINDOWS\mui
2008-12-10 00:05:29 ----D---- C:\WINDOWS\msagent
2008-12-10 00:05:27 ----D---- C:\WINDOWS\srchasst
2008-12-10 00:05:24 ----D---- C:\Program Files\NetMeeting
2008-12-10 00:05:22 ----D---- C:\WINDOWS\system32\Com
2008-12-10 00:05:18 ----D---- C:\Program Files\Windows Media Player
2008-12-10 00:05:17 ----D---- C:\Program Files\Windows NT
2008-12-10 00:05:17 ----D---- C:\Program Files\Outlook Express
2008-12-10 00:05:12 ----D---- C:\Program Files\Common Files\System
2008-12-10 00:04:48 ----D---- C:\WINDOWS\system32\oobe
2008-12-10 00:00:02 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-09 23:54:59 ----D---- C:\WINDOWS\ehome
2008-12-09 23:17:02 ----D---- C:\WINDOWS\Debug
2008-12-09 21:17:59 ----D---- C:\Program Files\AutoCAD LT 2002
2008-12-09 09:05:44 ----SD---- C:\WINDOWS\Tasks
2008-12-02 13:05:30 ----SHD---- C:\WINDOWS\CSC
2008-11-23 22:03:00 ----D---- C:\Documents and Settings\nrichard.NRICHARDS2\Application Data\Adobe
2008-11-16 12:39:27 ----D---- C:\Program Files\Common Files
2008-11-16 09:13:21 ----D---- C:\Documents and Settings\nrichard.NRICHARDS2\Application Data\AdobeUM
2008-11-01 13:43:16 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-03 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 RimUsbb;RimUsbb; C:\WINDOWS\System32\drivers\RimUsbb.sys [2008-12-09 86272]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-02-02 17056]
R2 BASFND;BASFND; \??\C:\WINDOWS\system32\Drivers\BASFND.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-31 11354]
R2 s7otranx;s7otranx; C:\WINDOWS\System32\Drivers\S7otranx.sys [2001-12-05 478720]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-16 108791]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-09-03 121472]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-08-03 10144]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 S7oppilx;Siemens PC/PPI Cable; C:\WINDOWS\System32\Drivers\S7oppilx.sys [2002-05-03 123904]
R3 SDActMon;SDActMon; \??\C:\Program Files\SpywareDetector\SDActMon.sys []
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-21 3210496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-16 85969]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-11-07 22272]
S3 s7oppitx;s7oppitx; C:\WINDOWS\System32\Drivers\S7oppitx.sys [2001-12-05 73216]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.4; C:\WINDOWS\system32\basfipm.exe [2004-04-01 77824]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2008-10-16 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2007-08-03 63040]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-06-09 356352]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2008-02-27 20480]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]
R2 SDMainSvc;SDMainSvc; C:\Program Files\SpywareDetector\SDMainService.exe [2008-12-04 923088]
R2 SDService;SDService; C:\Program Files\SpywareDetector\SDService.exe [2008-12-04 1701328]
R2 Sim9Sync;SIMATIC NET Synchronization Service; C:\WINDOWS\system32\sim9sync.exe [2002-06-19 94208]
R2 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-07 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 138168]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2007-05-24 61440]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 usnsvc;Messenger Sharing USN Journal Reader service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:56 AM

Posted 30 December 2008 - 07:13 PM

Hi there,

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

When this gets clean enough to do so, you HAVE to install an AntiVirus! AVG, Avira OR Avast are good FREE antivirus.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 naterich

naterich
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 31 December 2008 - 07:51 PM

Hi Tea,

A couple of things you need to know. I ran Bit Defender Rescue Bootable CD, which fixed or deleted about 20 virus/malware items. Then I downloaded Bit Defender and activated it. I'm still having the pop up problem and Bit Defender Virus Scan is not finding anything. Turned off BD before running combofix. FYI,Popups still coming after running combofix. I got impatient I guess, but I'm just going to follow your lead the rest of the way. Lastly, the freeware you recommended, is it better than a Bit Defender?

I really appreciate the help, See you in 2009, Happy New Year.

Here's the Combo Log

ComboFix 08-12-30.02 - nrichard 2008-12-31 18:25:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.161 [GMT -5:00]
Running from: c:\documents and settings\nrichard.NRICHARDS2\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\nrichard.NRICHARDS2\Local Settings\Temporary Internet Files\fbk.sts
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\temp\tn3
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\system32\balayoyu.dll
c:\windows\system32\C
c:\windows\system32\drivers\core.cache.dsk
c:\windows\system32\drivers\fad.sys
c:\windows\system32\efofgaih.ini
c:\windows\system32\esudozan.ini
c:\windows\system32\fetijonu.dll
c:\windows\system32\fewohite.dll
c:\windows\system32\gehuseda.dll
c:\windows\system32\ghkTuBeg.ini
c:\windows\system32\ghkTuBeg.ini2
c:\windows\system32\IN
c:\windows\system32\ki3
c:\windows\system32\majiriho.dll
c:\windows\system32\nifohgao.ini
c:\windows\system32\oraravuz.ini
c:\windows\system32\oyiniyej.ini
c:\windows\system32\pwmjbamf.ini
c:\windows\system32\rayukile.dll
c:\windows\system32\royetuki.dll
c:\windows\system32\senukare.dll
c:\windows\system32\suliweya.dll
c:\windows\system32\unojitef.ini
c:\windows\system32\urazedoz.ini
c:\windows\system32\urukakod.ini
c:\windows\system32\uzifewiv.ini
c:\windows\system32\vigalefe.dll
c:\windows\system32\vulademu.dll
c:\windows\system32\wokozupi.dll
c:\windows\system32\yanohide.dll
c:\windows\Tasks\vstsvowd.job

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-31 )))))))))))))))))))))))))))))))
.

2009-04-22 14:37 . 2009-04-22 14:37 60,416 --ahs---- c:\windows\system32\yabafoga.dll
2008-12-31 17:54 . 2008-12-31 17:54 <DIR> d-------- c:\documents and settings\nrichard.NRICHARDS2\Application Data\BitDefender
2008-12-31 13:16 . 2008-12-31 13:16 850 --a------ c:\windows\system32\ProductTweaks.xml
2008-12-31 13:16 . 2008-12-31 13:16 385 --a------ c:\windows\system32\user_gensett.xml
2008-12-31 13:11 . 2008-12-31 18:31 121 --a------ c:\windows\bdagent.INI
2008-12-31 10:48 . 2008-12-31 10:48 <DIR> d-------- c:\documents and settings\Administrator\Application Data\BitDefender
2008-12-31 10:47 . 2008-12-31 10:47 <DIR> d-------- c:\program files\BitDefender
2008-12-31 10:47 . 2008-12-31 11:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2008-12-31 10:45 . 2008-12-31 10:48 <DIR> d-------- c:\program files\Common Files\BitDefender
2008-12-30 18:07 . 2008-12-30 18:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-16 19:12 . 2008-12-16 19:12 250 --a------ c:\windows\gmer.ini
2008-12-15 22:15 . 2008-12-15 22:15 <DIR> d-------- c:\windows\McAfee.com
2008-12-14 09:07 . 2008-12-14 09:10 <DIR> d-------- C:\rsit
2008-12-14 09:07 . 2008-12-29 21:38 <DIR> d-------- c:\program files\trend micro
2008-12-12 11:33 . 2008-12-12 11:33 <DIR> d-------- c:\windows\MaxSecureBackup
2008-12-12 11:31 . 2008-12-12 11:47 123 --a------ c:\windows\system\SYSRegC.dll
2008-12-12 11:30 . 2008-12-31 10:54 <DIR> d-------- c:\program files\Max Registry Cleaner
2008-12-12 11:30 . 2007-05-24 16:57 143,360 --a------ c:\windows\system32\GetHardDiskNo.dll
2008-12-10 00:46 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-12-10 00:46 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-10 00:10 . 2008-12-10 00:10 <DIR> d-------- c:\windows\system32\scripting
2008-12-10 00:10 . 2008-12-10 00:10 <DIR> d-------- c:\windows\system32\en
2008-12-10 00:10 . 2008-12-10 00:10 <DIR> d-------- c:\windows\system32\bits
2008-12-10 00:10 . 2008-12-10 00:10 <DIR> d-------- c:\windows\l2schemas
2008-12-10 00:05 . 2008-12-10 00:11 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-09 23:44 . 2008-04-13 19:12 1,737,856 --------- c:\windows\system32\mtxparhd.dll
2008-12-09 23:43 . 2004-08-03 22:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys
2008-12-09 23:42 . 2008-04-13 19:11 1,888,992 --------- c:\windows\system32\ati3duag.dll
2008-12-09 23:14 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-09 19:45 . 2008-12-31 10:53 <DIR> d-------- c:\program files\SpywareDetector
2008-12-09 19:45 . 2008-12-31 06:34 123 --a------ c:\windows\system\SysSD.dll
2008-12-09 09:20 . 2008-12-31 05:29 <DIR> d--hs---- c:\windows\U3VybWV0
2008-11-16 12:43 . 2008-11-16 12:43 256 --a------ c:\documents and settings\nrichard.NRICHARDS2\pool.bin
2008-11-16 12:40 . 2007-01-18 10:24 26,496 --a------ c:\windows\system32\drivers\RimSerial.sys
2008-11-16 12:39 . 2008-11-16 12:39 <DIR> d-------- c:\program files\Research In Motion
2008-11-16 12:39 . 2008-11-16 12:39 <DIR> d-------- c:\program files\Common Files\Research In Motion
2008-11-16 12:35 . 2008-11-16 12:35 <DIR> d--hs---- c:\windows\ftpcache
2008-11-04 21:21 . 2008-08-14 05:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-04 21:21 . 2008-08-14 05:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-04 21:21 . 2008-08-14 04:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-04 21:21 . 2008-08-14 04:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-04 21:21 . 2008-10-15 11:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-11-04 21:21 . 2008-09-08 05:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-11-04 21:21 . 2008-08-14 05:04 138,496 --------- c:\windows\system32\dllcache\afd.sys
2008-11-04 21:20 . 2008-09-15 07:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2008-11-04 21:18 . 2008-05-01 09:33 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2008-11-04 21:17 . 2008-04-11 14:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 15:38 96,961 --sha-w c:\windows\system32\zifubogu.dll
2008-12-31 15:38 83,668 --sha-w c:\windows\system32\nazoduse.dll
2008-12-31 11:32 --------- d-----w c:\program files\LogMeIn
2008-12-16 23:40 --------- d-----w c:\program files\Symantec
2008-12-16 23:39 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-10 02:17 --------- d-----w c:\program files\AutoCAD LT 2002
2008-11-16 14:13 --------- d-----w c:\documents and settings\nrichard.NRICHARDS2\Application Data\AdobeUM
2008-11-05 03:37 --------- d-----w c:\documents and settings\Administrator\Application Data\HPAppData
2008-11-01 18:43 --------- d-----w c:\program files\Java
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-17 07:08 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-10-17 00:35 87,352 ----a-w c:\windows\system32\LMIinit.dll
2008-10-17 00:35 83,288 ----a-w c:\windows\system32\LMIRfsClientNP.dll
2008-10-17 00:35 28,984 ----a-w c:\windows\system32\LMIport.dll
2008-10-17 00:35 23,736 ----a-w c:\windows\system32\lmimirr.dll
2008-10-17 00:35 10,040 ----a-w c:\windows\system32\lmimirr2.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:12 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:07 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-09 20:31 192,512 ----a-w c:\windows\system32\txmlutil.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-16 01:55 66,122 --sha-w c:\windows\system32\dutigoru.dll.tmp
2008-09-16 01:55 66,122 ----a-w c:\windows\system32\nugebini.dll.tmp
2008-09-16 01:55 66,122 ----a-w c:\windows\system32\gukowema.dll.tmp
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-12 23:06 61,494 --sha-w c:\windows\system32\gikosiha.dll.tmp
2008-09-12 23:06 61,494 ----a-w c:\windows\system32\gayujoje.dll.tmp
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-06 04:30 241,704 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-06 04:29 917,032 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
1998-04-28 00:15 570,128 ------w c:\program files\Common Files\dao350.dll
1601-01-01 00:12 98,816 --sha-w c:\windows\system32\lawireyo.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-07 29744]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"242572e2"="c:\windows\system32\nazoduse.dll" [2008-12-31 83668]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2008-10-30 741376]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-10-17 69632]
"CPM2716417e"="c:\windows\system32\zifubogu.dll" [2008-12-31 96961]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-02-02 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-02-27 972064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\zifubogu.dll" [2008-12-31 96961]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zifubogu.dll [2008-12-31 96961]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 17:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 19:35 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\zifubogu.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FileMaker\\FileMaker Pro 8\\FileMaker Pro.exe"=
"c:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys [2007-08-03 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2008-02-24 47640]
R2 Sim9Sync;SIMATIC NET Synchronization Service;c:\windows\system32\sim9sync.exe [2006-02-10 94208]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2006-02-02 87936]
S1 RimUsbb;RimUsbb;c:\windows\system32\drivers\RimUsbb.sys []
S3 Arrakis3;BitDefender Arrakis Server;"c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe" [2008-07-17 118784]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-02-02 29744]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S4 LMIRfsClientNP;LMIRfsClientNP; []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
bdx REG_MULTI_SZ scan
.
- - - - ORPHANS REMOVED - - - -

BHO-{183E81C8-9270-4D8C-8AB0-0195E5A4B2A7} - (no file)
BHO-{c984c40d-2362-43f7-9d91-4fa6998549cb} - c:\windows\system32\majiriho.dll
Toolbar-{387614AA-6D5C-46BB-8964-220A6B47BCFB} - (no file)
Toolbar-{13BBB9D4-8833-402E-AA07-C27D1717176D} - (no file)
WebBrowser-{387614AA-6D5C-46BB-8964-220A6B47BCFB} - (no file)
WebBrowser-{13BBB9D4-8833-402E-AA07-C27D1717176D} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://192.168.62.102/
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: *.ameritrade.com
Trusted Zone: wwws.ameritrade.com
Trusted Zone: *.tdameritrade.com
Trusted Zone: wwws.tdameritrade.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 18:35:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1036)
c:\windows\system32\LMIinit.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\scardsvr.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\BAsfIpM.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2008-12-31 18:45:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-31 23:45:40

Pre-Run: 37,434,073,088 bytes free
Post-Run: 37,774,958,592 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

326 --- E O F --- 2008-06-14 02:41:13

HJT Log

Logfile of random's system information tool 1.04 (written by random/random)
Run by nrichard at 2008-12-31 18:48:14
Microsoft Windows XP Professional Service Pack 3
System drive C: has 36 GB (63%) free of 57 GB
Total RAM: 503 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:21 PM, on 12/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\sim9sync.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\nrichard.NRICHARDS2\Desktop\RSIT.exe
C:\Program Files\trend micro\nrichard.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.62.102/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [242572e2] rundll32.exe "C:\WINDOWS\system32\nazoduse.dll",b
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [CPM2716417e] Rundll32.exe "c:\windows\system32\zifubogu.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.tdameritrade.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228882377171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228887653953
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...464/mcfscan.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: c:\windows\system32\zifubogu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zifubogu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zifubogu.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SIMATIC NET Synchronization Service (Sim9Sync) - Siemens AG - C:\WINDOWS\system32\sim9sync.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12728 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 323904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar6.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-27 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar6.dll [2007-01-19 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2008-11-06 90112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-09-13 155648]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2005-09-01 684032]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-26 53248]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-07 29744]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2007-08-03 63048]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"242572e2"=C:\WINDOWS\system32\nazoduse.dll [2008-12-31 83668]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2008-10-30 741376]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2008-10-17 69632]
"CPM2716417e"=c:\windows\system32\zifubogu.dll [2008-12-31 96961]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-21 68856]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\zifubogu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-16 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zifubogu.dll [2008-12-31 96961]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zifubogu.dll [2008-12-31 96961]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FileMaker\FileMaker Pro 8\FileMaker Pro.exe"="C:\Program Files\FileMaker\FileMaker Pro 8\FileMaker Pro.exe:*:Enabled:FileMaker Pro"
"C:\Program Files\CounterPath\X-Lite\x-lite.exe"="C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager"
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe:*:Enabled:DVDLauncher"
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe:*:Enabled:GoogleToolbarNotifier"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\Program Files\FileMaker\FileMaker Pro 8\FileMaker Pro.exe"="C:\Program Files\FileMaker\FileMaker Pro 8\FileMaker Pro.exe:*:Enabled:FileMaker Pro"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\ISONAS\PlugNPlay.exe"="C:\ISONAS\PlugNPlay.exe:*:Enabled:PlugNPlay"
"C:\ISONAS\badgesvr.exe"="C:\ISONAS\badgesvr.exe:*:Enabled:badgesvr"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\CounterPath\X-Lite\x-lite.exe"="C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zifubogu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nazoduse.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lawireyo.dll
2009-04-22 14:37:20 ----ASH---- C:\WINDOWS\system32\yabafoga.dll
2008-12-31 18:45:53 ----A---- C:\ComboFix.txt
2008-12-31 18:45:50 ----SH---- C:\WINDOWS\system32\esudozan.ini
2008-12-31 18:23:56 ----A---- C:\Boot.bak
2008-12-31 18:23:46 ----RASHD---- C:\cmdcons
2008-12-31 18:14:09 ----A---- C:\WINDOWS\zip.exe
2008-12-31 18:14:09 ----A---- C:\WINDOWS\VFIND.exe
2008-12-31 18:14:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-31 18:14:09 ----A---- C:\WINDOWS\SWSC.exe
2008-12-31 18:14:09 ----A---- C:\WINDOWS\SWREG.exe
2008-12-31 18:14:09 ----A---- C:\WINDOWS\sed.exe
2008-12-31 18:14:09 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-31 18:14:09 ----A---- C:\WINDOWS\grep.exe
2008-12-31 18:14:09 ----A---- C:\WINDOWS\fdsv.exe
2008-12-31 18:13:56 ----D---- C:\WINDOWS\ERDNT
2008-12-31 18:13:56 ----D---- C:\Qoobox
2008-12-31 17:54:22 ----D---- C:\Documents and Settings\nrichard.NRICHARDS2\Application Data\BitDefender
2008-12-31 13:11:44 ----A---- C:\WINDOWS\bdagent.INI
2008-12-31 10:47:47 ----D---- C:\Program Files\BitDefender
2008-12-31 10:47:47 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-12-31 10:45:42 ----D---- C:\Program Files\Common Files\BitDefender
2008-12-30 18:07:39 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-12-16 19:12:40 ----A---- C:\WINDOWS\gmer.ini
2008-12-16 19:12:37 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-16 19:12:37 ----A---- C:\WINDOWS\gmer.exe
2008-12-16 19:12:37 ----A---- C:\WINDOWS\gmer.dll
2008-12-15 22:15:21 ----D---- C:\WINDOWS\McAfee.com
2008-12-14 14:00:37 ----D---- C:\Documents and Settings\nrichard.NRICHARDS2\Application Data\Help
2008-12-14 09:07:09 ----D---- C:\Program Files\trend micro
2008-12-14 09:07:01 ----D---- C:\rsit
2008-12-12 17:03:53 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-12 11:33:34 ----D---- C:\WINDOWS\MaxSecureBackup
2008-12-12 11:30:44 ----A---- C:\WINDOWS\system32\GetHardDiskNo.dll
2008-12-12 11:30:38 ----D---- C:\Program Files\Max Registry Cleaner
2008-12-10 01:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 01:00:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 00:59:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 00:56:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 00:55:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-10 00:53:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-10 00:52:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-10 00:50:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-10 00:23:27 ----D---- C:\WINDOWS\Prefetch
2008-12-10 00:20:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-10 00:19:45 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-10 00:19:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-10 00:19:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-10 00:19:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-10 00:18:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-10 00:18:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-10 00:18:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-10 00:18:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-10 00:18:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-10 00:18:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-10 00:17:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-10 00:17:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-10 00:17:39 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-10 00:17:30 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-10 00:10:33 ----D---- C:\WINDOWS\system32\scripting
2008-12-10 00:10:33 ----D---- C:\WINDOWS\l2schemas
2008-12-10 00:10:30 ----D---- C:\WINDOWS\system32\en
2008-12-10 00:10:30 ----D---- C:\WINDOWS\system32\bits
2008-12-10 00:05:48 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-09 23:55:04 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-09 23:45:37 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-12-09 23:45:35 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-12-09 23:45:32 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-12-09 23:45:32 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-12-09 23:45:19 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-12-09 23:45:19 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-09 23:45:08 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-12-09 23:45:07 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-12-09 23:45:05 ----N---- C:\WINDOWS\system32\slserv.exe
2008-12-09 23:45:05 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-12-09 23:45:05 ----N---- C:\WINDOWS\slrundll.exe
2008-12-09 23:45:04 ----N---- C:\WINDOWS\system32\slgen.dll
2008-12-09 23:45:04 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-12-09 23:45:04 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-12-09 23:45:00 ----N---- C:\WINDOWS\system32\setupn.exe
2008-12-09 23:44:56 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-12-09 23:44:54 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-09 23:44:52 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-12-09 23:44:50 ----N---- C:\WINDOWS\system32\qutil.dll
2008-12-09 23:44:49 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-12-09 23:44:49 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-12-09 23:44:49 ----N---- C:\WINDOWS\system32\qagent.dll
2008-12-09 23:44:46 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-12-09 23:44:43 ----N---- C:\WINDOWS\system32\onex.dll
2008-12-09 23:44:29 ----N---- C:\WINDOWS\system32\napstat.exe
2008-12-09 23:44:29 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-12-09 23:44:29 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-12-09 23:44:28 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-12-09 23:44:28 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-12-09 23:44:28 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-12-09 23:44:25 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-12-09 23:44:25 ----N---- C:\WINDOWS\system32\mssha.dll
2008-12-09 23:44:05 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-12-09 23:44:05 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-12-09 23:44:04 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-12-09 23:44:04 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-12-09 23:43:49 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-12-09 23:43:48 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-12-09 23:43:47 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-12-09 23:43:47 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-12-09 23:43:46 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-12-09 23:43:46 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-12-09 23:43:27 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-12-09 23:43:26 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-12-09 23:43:20 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-12-09 23:43:13 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-12-09 23:43:03 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-12-09 23:43:03 ----A---- C:\WINDOWS\002919_.tmp
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-12-09 23:42:59 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-12-09 23:42:53 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-12-09 23:42:53 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-12-09 23:42:52 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-12-09 23:42:47 ----N---- C:\WINDOWS\system32\credssp.dll
2008-12-09 23:42:38 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-12-09 23:42:37 ----N---- C:\WINDOWS\system32\azroles.dll
2008-12-09 23:42:35 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-12-09 23:42:35 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-12-09 23:42:34 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-12-09 23:42:34 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-12-09 23:42:34 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-12-09 23:42:34 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-12-09 23:42:33 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-12-09 23:42:24 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-09 23:14:18 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-09 20:53:39 ----RSH---- C:\SDVirus.txt
2008-12-09 20:29:58 ----RASH---- C:\SDSignature.txt
2008-12-09 20:29:58 ----RASH---- C:\ExecSignature.txt
2008-12-09 19:45:09 ----D---- C:\Program Files\SpywareDetector
2008-12-09 09:20:53 ----SHD---- C:\WINDOWS\U3VybWV0
2008-12-09 09:11:32 ----A---- C:\WINDOWS\system32\2f06b69c-.txt

======List of files/folders modified in the last 1 months======

2008-12-31 18:46:53 ----D---- C:\WINDOWS\system32
2008-12-31 18:46:13 ----D---- C:\WINDOWS\system32\drivers
2008-12-31 18:46:12 ----D---- C:\WINDOWS\Temp
2008-12-31 18:46:02 ----D---- C:\WINDOWS
2008-12-31 18:36:00 ----A---- C:\WINDOWS\system.ini
2008-12-31 18:35:44 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-31 18:34:03 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2008-12-31 18:33:57 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.92 Modem.txt
2008-12-31 18:30:43 ----D---- C:\WINDOWS\system32\config
2008-12-31 18:27:53 ----D---- C:\WINDOWS\AppPatch
2008-12-31 18:27:53 ----D---- C:\Program Files\Common Files
2008-12-31 18:27:25 ----SD---- C:\WINDOWS\Tasks
2008-12-31 18:27:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-31 18:26:13 ----D---- C:\TEMP
2008-12-31 18:23:57 ----RASH---- C:\boot.ini
2008-12-31 18:22:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-31 13:25:17 ----HD---- C:\WINDOWS\inf
2008-12-31 10:49:15 ----SHD---- C:\WINDOWS\Installer
2008-12-31 10:49:15 ----HD---- C:\Config.Msi
2008-12-31 10:48:52 ----D---- C:\WINDOWS\WinSxS
2008-12-31 10:47:47 ----RD---- C:\Program Files
2008-12-31 10:36:36 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-31 06:32:34 ----D---- C:\Program Files\LogMeIn
2008-12-30 21:11:25 ----SHD---- C:\WINDOWS\CSC
2008-12-16 18:40:38 ----D---- C:\Program Files\Symantec
2008-12-16 18:39:21 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-15 22:01:03 ----D---- C:\ISONAS
2008-12-15 21:59:24 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-12 11:31:44 ----D---- C:\WINDOWS\system
2008-12-10 01:03:29 ----D---- C:\Program Files\Internet Explorer
2008-12-10 01:01:02 ----A---- C:\WINDOWS\imsins.BAK
2008-12-10 01:00:47 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-10 01:00:20 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-10 00:57:39 ----A---- C:\WINDOWS\win.ini
2008-12-10 00:41:01 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-10 00:37:12 ----SD---- C:\Documents and Settings\nrichard.NRICHARDS2\Application Data\Microsoft
2008-12-10 00:29:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-10 00:23:46 ----A---- C:\WINDOWS\setuplog.txt
2008-12-10 00:22:38 ----D---- C:\WINDOWS\system32\Setup
2008-12-10 00:22:36 ----D---- C:\WINDOWS\system32\wbem
2008-12-10 00:22:35 ----SD---- C:\WINDOWS\Fonts
2008-12-10 00:20:05 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-10 00:17:40 ----D---- C:\Program Files\Messenger
2008-12-10 00:17:03 ----D---- C:\WINDOWS\security
2008-12-10 00:11:04 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-10 00:11:04 ----D---- C:\WINDOWS\network diagnostic
2008-12-10 00:11:03 ----D---- C:\WINDOWS\ime
2008-12-10 00:11:03 ----D---- C:\WINDOWS\Help
2008-12-10 00:10:36 ----D---- C:\WINDOWS\system32\usmt
2008-12-10 00:10:36 ----D---- C:\WINDOWS\system32\en-US
2008-12-10 00:10:30 ----D---- C:\WINDOWS\PeerNet
2008-12-10 00:10:29 ----D---- C:\Program Files\Movie Maker
2008-12-10 00:05:31 ----D---- C:\WINDOWS\system32\Restore
2008-12-10 00:05:31 ----D---- C:\WINDOWS\system32\npp
2008-12-10 00:05:30 ----D---- C:\WINDOWS\mui
2008-12-10 00:05:29 ----D---- C:\WINDOWS\msagent
2008-12-10 00:05:27 ----D---- C:\WINDOWS\srchasst
2008-12-10 00:05:24 ----D---- C:\Program Files\NetMeeting
2008-12-10 00:05:22 ----D---- C:\WINDOWS\system32\Com
2008-12-10 00:05:18 ----D---- C:\Program Files\Windows Media Player
2008-12-10 00:05:17 ----D---- C:\Program Files\Windows NT
2008-12-10 00:05:17 ----D---- C:\Program Files\Outlook Express
2008-12-10 00:05:12 ----D---- C:\Program Files\Common Files\System
2008-12-10 00:04:48 ----D---- C:\WINDOWS\system32\oobe
2008-12-10 00:00:02 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-09 23:54:59 ----D---- C:\WINDOWS\ehome
2008-12-09 23:17:02 ----D---- C:\WINDOWS\Debug
2008-12-09 21:17:59 ----D---- C:\Program Files\AutoCAD LT 2002

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-03 16128]
R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-02-02 17056]
R2 BASFND;BASFND; \??\C:\WINDOWS\system32\Drivers\BASFND.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-31 11354]
R2 s7otranx;s7otranx; C:\WINDOWS\System32\Drivers\S7otranx.sys [2001-12-05 478720]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-16 108791]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-09-03 121472]
R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-09-18 230920]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-08-03 10144]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 S7oppilx;Siemens PC/PPI Cable; C:\WINDOWS\System32\Drivers\S7oppilx.sys [2002-05-03 123904]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-21 3210496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 RimUsbb;RimUsbb; C:\WINDOWS\System32\drivers\RimUsbb.sys []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-16 85969]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-11-07 22272]
S3 s7oppitx;s7oppitx; C:\WINDOWS\System32\Drivers\S7oppitx.sys [2001-12-05 73216]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.4; C:\WINDOWS\system32\basfipm.exe [2004-04-01 77824]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-10-30 401408]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2008-10-16 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2007-08-03 63040]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-06-09 356352]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2008-02-27 20480]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]
R2 Sim9Sync;SIMATIC NET Synchronization Service; C:\WINDOWS\system32\sim9sync.exe [2002-06-19 94208]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2008-12-31 1572864]
R2 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-07 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 138168]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2007-05-24 61440]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 usnsvc;Messenger Sharing USN Journal Reader service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:56 AM

Posted 01 January 2009 - 03:57 PM

Hello,

Thank you very much for telling me what you did. :thumbsup:

I use Avira (AntiVir) on my own system. It's ranked right up there at the top with the paid programs. For a paid program Bit Defender is one of the best, but you can't beat the price of free. All 3 that I suggested to you have been used on my system, and they're all good, but I like Avira the best.

I would like for you to run ComboFix again, but a little differently this time, please. I need for you to go offline completely and disable ALL your protective programs, then run it. Please post the report in your reply, and a new HijackThis log. Then we'll sort out what's left. You mentioned some specific files in your initial post, but I see no sign of them now, so I'd like to be sure. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 naterich

naterich
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 01 January 2009 - 10:58 PM

Hi Tea,
Here's the info you asked for;
I wanted to let you know that I'm still getting unsolicited popups. Today I was also getting many small popups for " Antivirus 2009" . I've been using task manager to close these windows since I believe every active button on this popup as risky. FYI after running combofix still getting popups.

Combo Log
ComboFix 08-12-30.02 - nrichard 2009-01-01 22:32:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.198 [GMT -5:00]
Running from: c:\documents and settings\nrichard.NRICHARDS2\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\esudozan.ini

.
((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.

2009-04-22 14:37 . 2009-04-22 14:37 60,416 --ahs---- c:\windows\system32\yabafoga.dll
2008-12-31 17:54 . 2008-12-31 17:54 <DIR> d-------- c:\documents and settings\nrichard.NRICHARDS2\Application Data\BitDefender
2008-12-31 13:16 . 2008-12-31 13:16 850 --a------ c:\windows\system32\ProductTweaks.xml
2008-12-31 13:16 . 2008-12-31 13:16 385 --a------ c:\windows\system32\user_gensett.xml
2008-12-31 13:11 . 2008-12-31 18:31 121 --a------ c:\windows\bdagent.INI
2008-12-31 10:48 . 2008-12-31 10:48 <DIR> d-------- c:\documents and settings\Administrator\Application Data\BitDefender
2008-12-31 10:47 . 2008-12-31 10:47 <DIR> d-------- c:\program files\BitDefender
2008-12-31 10:47 . 2008-12-31 11:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2008-12-31 10:45 . 2008-12-31 10:48 <DIR> d-------- c:\program files\Common Files\BitDefender
2008-12-30 18:07 . 2008-12-30 18:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-16 19:12 . 2008-12-16 19:12 250 --a------ c:\windows\gmer.ini
2008-12-15 22:15 . 2008-12-15 22:15 <DIR> d-------- c:\windows\McAfee.com
2008-12-14 09:07 . 2008-12-14 09:10 <DIR> d-------- C:\rsit
2008-12-14 09:07 . 2008-12-31 18:48 <DIR> d-------- c:\program files\trend micro
2008-12-12 11:33 . 2008-12-12 11:33 <DIR> d-------- c:\windows\MaxSecureBackup
2008-12-12 11:31 . 2008-12-12 11:47 123 --a------ c:\windows\system\SYSRegC.dll
2008-12-12 11:30 . 2008-12-31 10:54 <DIR> d-------- c:\program files\Max Registry Cleaner
2008-12-12 11:30 . 2007-05-24 16:57 143,360 --a------ c:\windows\system32\GetHardDiskNo.dll
2008-12-10 00:46 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-12-10 00:46 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-10 00:10 . 2008-12-10 00:10 <DIR> d-------- c:\windows\system32\scripting
2008-12-10 00:10 . 2008-12-10 00:10 <DIR> d-------- c:\windows\system32\en
2008-12-10 00:10 . 2008-12-10 00:10 <DIR> d-------- c:\windows\system32\bits
2008-12-10 00:10 . 2008-12-10 00:10 <DIR> d-------- c:\windows\l2schemas
2008-12-10 00:05 . 2008-12-10 00:11 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-09 23:44 . 2008-04-13 19:12 1,737,856 --------- c:\windows\system32\mtxparhd.dll
2008-12-09 23:43 . 2004-08-03 22:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys
2008-12-09 23:42 . 2008-04-13 19:11 1,888,992 --------- c:\windows\system32\ati3duag.dll
2008-12-09 23:14 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-09 19:45 . 2008-12-31 10:53 <DIR> d-------- c:\program files\SpywareDetector
2008-12-09 19:45 . 2008-12-31 06:34 123 --a------ c:\windows\system\SysSD.dll
2008-12-09 09:20 . 2008-12-31 05:29 <DIR> d--hs---- c:\windows\U3VybWV0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 08:11 --------- d-----w c:\program files\LogMeIn
2008-12-31 15:38 96,961 --sha-w c:\windows\system32\zifubogu.dll
2008-12-31 15:38 83,668 --sha-w c:\windows\system32\nazoduse.dll
2008-12-16 23:40 --------- d-----w c:\program files\Symantec
2008-12-16 23:39 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-10 02:17 --------- d-----w c:\program files\AutoCAD LT 2002
2008-11-16 17:43 256 ----a-w c:\documents and settings\nrichard.NRICHARDS2\pool.bin
2008-11-16 17:39 --------- d-----w c:\program files\Research In Motion
2008-11-16 17:39 --------- d-----w c:\program files\Common Files\Research In Motion
2008-11-16 14:13 --------- d-----w c:\documents and settings\nrichard.NRICHARDS2\Application Data\AdobeUM
2008-11-05 03:37 --------- d-----w c:\documents and settings\Administrator\Application Data\HPAppData
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-17 00:35 87,352 ----a-w c:\windows\system32\LMIinit.dll
2008-10-17 00:35 83,288 ----a-w c:\windows\system32\LMIRfsClientNP.dll
2008-10-17 00:35 28,984 ----a-w c:\windows\system32\LMIport.dll
2008-10-17 00:35 23,736 ----a-w c:\windows\system32\lmimirr.dll
2008-10-17 00:35 10,040 ----a-w c:\windows\system32\lmimirr2.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:12 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:07 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-09 20:31 192,512 ----a-w c:\windows\system32\txmlutil.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
1998-04-28 00:15 570,128 ------w c:\program files\Common Files\dao350.dll
1601-01-01 00:12 98,816 --sha-w c:\windows\system32\lawireyo.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-31_18.44.00.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-17 07:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
+ 2008-12-09 20:24:38 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-10-17 07:08:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-07 29744]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"242572e2"="c:\windows\system32\nazoduse.dll" [2008-12-31 83668]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2008-10-30 741376]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-10-17 69632]
"CPM2716417e"="c:\windows\system32\zifubogu.dll" [2008-12-31 96961]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-02-02 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-02-27 972064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\zifubogu.dll" [2008-12-31 96961]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zifubogu.dll [2008-12-31 96961]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 17:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 19:35 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\zifubogu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FileMaker\\FileMaker Pro 8\\FileMaker Pro.exe"=
"c:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys [2007-08-03 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2008-02-24 47640]
R2 Sim9Sync;SIMATIC NET Synchronization Service;c:\windows\system32\sim9sync.exe [2006-02-10 94208]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2006-02-02 87936]
S1 RimUsbb;RimUsbb;c:\windows\system32\drivers\RimUsbb.sys []
S3 Arrakis3;BitDefender Arrakis Server;"c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe" [2008-07-17 118784]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-02-02 29744]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S4 LMIRfsClientNP;LMIRfsClientNP; []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
bdx REG_MULTI_SZ scan
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://192.168.62.102/
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: *.ameritrade.com
Trusted Zone: wwws.ameritrade.com
Trusted Zone: *.tdameritrade.com
Trusted Zone: wwws.tdameritrade.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 22:37:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\zifubogu.dll
c:\windows\system32\LMIinit.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(1088)
c:\windows\system32\zifubogu.dll
.
Completion time: 2009-01-01 22:39:12
ComboFix-quarantined-files.txt 2009-01-02 03:38:59
ComboFix2.txt 2008-12-31 23:45:53

Pre-Run: 37,736,550,400 bytes free
Post-Run: 37,754,486,784 bytes free

227 --- E O F --- 2009-01-01 08:05:28


HJT
Logfile of random's system information tool 1.04 (written by random/random)
Run by nrichard at 2009-01-01 22:40:05
Microsoft Windows XP Professional Service Pack 3
System drive C: has 36 GB (63%) free of 57 GB
Total RAM: 503 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:08 PM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\sim9sync.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\nrichard.NRICHARDS2\Desktop\RSIT.exe
C:\Program Files\trend micro\nrichard.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.62.102/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [242572e2] rundll32.exe "C:\WINDOWS\system32\nazoduse.dll",b
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [CPM2716417e] Rundll32.exe "c:\windows\system32\zifubogu.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.tdameritrade.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228882377171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228887653953
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...464/mcfscan.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: c:\windows\system32\zifubogu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zifubogu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zifubogu.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SIMATIC NET Synchronization Service (Sim9Sync) - Siemens AG - C:\WINDOWS\system32\sim9sync.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12569 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 323904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar6.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-27 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar6.dll [2007-01-19 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2008-11-06 90112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-09-13 155648]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2005-09-01 684032]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-26 53248]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-07 29744]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2007-08-03 63048]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"242572e2"=C:\WINDOWS\system32\nazoduse.dll [2008-12-31 83668]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2008-10-30 741376]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2008-10-17 69632]
"CPM2716417e"=c:\windows\system32\zifubogu.dll [2008-12-31 96961]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-21 68856]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\zifubogu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-16 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zifubogu.dll [2008-12-31 96961]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zifubogu.dll [2008-12-31 96961]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FileMaker\FileMaker Pro 8\FileMaker Pro.exe"="C:\Program Files\FileMaker\FileMaker Pro 8\FileMaker Pro.exe:*:Enabled:FileMaker Pro"
"C:\Program Files\CounterPath\X-Lite\x-lite.exe"="C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager"
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe:*:Enabled:DVDLauncher"
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe:*:Enabled:GoogleToolbarNotifier"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\Program Files\FileMaker\FileMaker Pro 8\FileMaker Pro.exe"="C:\Program Files\FileMaker\FileMaker Pro 8\FileMaker Pro.exe:*:Enabled:FileMaker Pro"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\ISONAS\PlugNPlay.exe"="C:\ISONAS\PlugNPlay.exe:*:Enabled:PlugNPlay"
"C:\ISONAS\badgesvr.exe"="C:\ISONAS\badgesvr.exe:*:Enabled:badgesvr"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\CounterPath\X-Lite\x-lite.exe"="C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zifubogu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nazoduse.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lawireyo.dll
2009-04-22 14:37:20 ----ASH---- C:\WINDOWS\system32\yabafoga.dll
2009-01-01 22:39:14 ----A---- C:\ComboFix.txt
2009-01-01 03:02:15 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-31 18:23:56 ----A---- C:\Boot.bak
2008-12-31 18:23:46 ----RASHD---- C:\cmdcons
2008-12-31 18:14:09 ----A---- C:\WINDOWS\zip.exe
2008-12-31 18:14:09 ----A---- C:\WINDOWS\VFIND.exe
2008-12-31 18:14:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-31 18:14:09 ----A---- C:\WINDOWS\SWSC.exe
2008-12-31 18:14:09 ----A---- C:\WINDOWS\SWREG.exe
2008-12-31 18:14:09 ----A---- C:\WINDOWS\sed.exe
2008-12-31 18:14:09 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-31 18:14:09 ----A---- C:\WINDOWS\grep.exe
2008-12-31 18:14:09 ----A---- C:\WINDOWS\fdsv.exe
2008-12-31 18:13:56 ----D---- C:\WINDOWS\ERDNT
2008-12-31 18:13:56 ----D---- C:\Qoobox
2008-12-31 17:54:22 ----D---- C:\Documents and Settings\nrichard.NRICHARDS2\Application Data\BitDefender
2008-12-31 13:11:44 ----A---- C:\WINDOWS\bdagent.INI
2008-12-31 10:47:47 ----D---- C:\Program Files\BitDefender
2008-12-31 10:47:47 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-12-31 10:45:42 ----D---- C:\Program Files\Common Files\BitDefender
2008-12-30 18:07:39 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-12-16 19:12:40 ----A---- C:\WINDOWS\gmer.ini
2008-12-16 19:12:37 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-16 19:12:37 ----A---- C:\WINDOWS\gmer.exe
2008-12-16 19:12:37 ----A---- C:\WINDOWS\gmer.dll
2008-12-15 22:15:21 ----D---- C:\WINDOWS\McAfee.com
2008-12-14 14:00:37 ----D---- C:\Documents and Settings\nrichard.NRICHARDS2\Application Data\Help
2008-12-14 09:07:09 ----D---- C:\Program Files\trend micro
2008-12-14 09:07:01 ----D---- C:\rsit
2008-12-12 17:03:53 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-12 11:33:34 ----D---- C:\WINDOWS\MaxSecureBackup
2008-12-12 11:30:44 ----A---- C:\WINDOWS\system32\GetHardDiskNo.dll
2008-12-12 11:30:38 ----D---- C:\Program Files\Max Registry Cleaner
2008-12-10 01:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 01:00:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 00:59:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 00:56:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 00:55:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-10 00:53:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-10 00:52:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-10 00:50:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-10 00:23:27 ----D---- C:\WINDOWS\Prefetch
2008-12-10 00:20:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-10 00:19:45 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-10 00:19:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-10 00:19:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-10 00:19:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-10 00:18:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-10 00:18:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-10 00:18:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-10 00:18:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-10 00:18:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-10 00:18:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-10 00:17:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-10 00:17:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-10 00:17:39 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-10 00:17:30 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-10 00:10:33 ----D---- C:\WINDOWS\system32\scripting
2008-12-10 00:10:33 ----D---- C:\WINDOWS\l2schemas
2008-12-10 00:10:30 ----D---- C:\WINDOWS\system32\en
2008-12-10 00:10:30 ----D---- C:\WINDOWS\system32\bits
2008-12-10 00:05:48 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-09 23:55:04 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-09 23:45:37 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-12-09 23:45:35 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-12-09 23:45:32 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-12-09 23:45:32 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-12-09 23:45:19 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-12-09 23:45:19 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-09 23:45:08 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-12-09 23:45:07 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-12-09 23:45:05 ----N---- C:\WINDOWS\system32\slserv.exe
2008-12-09 23:45:05 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-12-09 23:45:05 ----N---- C:\WINDOWS\slrundll.exe
2008-12-09 23:45:04 ----N---- C:\WINDOWS\system32\slgen.dll
2008-12-09 23:45:04 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-12-09 23:45:04 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-12-09 23:45:00 ----N---- C:\WINDOWS\system32\setupn.exe
2008-12-09 23:44:56 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-12-09 23:44:54 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-09 23:44:52 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-12-09 23:44:50 ----N---- C:\WINDOWS\system32\qutil.dll
2008-12-09 23:44:49 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-12-09 23:44:49 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-12-09 23:44:49 ----N---- C:\WINDOWS\system32\qagent.dll
2008-12-09 23:44:46 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-12-09 23:44:43 ----N---- C:\WINDOWS\system32\onex.dll
2008-12-09 23:44:29 ----N---- C:\WINDOWS\system32\napstat.exe
2008-12-09 23:44:29 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-12-09 23:44:29 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-12-09 23:44:28 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-12-09 23:44:28 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-12-09 23:44:28 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-12-09 23:44:25 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-12-09 23:44:25 ----N---- C:\WINDOWS\system32\mssha.dll
2008-12-09 23:44:05 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-12-09 23:44:05 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-12-09 23:44:04 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-12-09 23:44:04 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-12-09 23:43:49 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-12-09 23:43:48 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-12-09 23:43:47 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-12-09 23:43:47 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-12-09 23:43:46 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-12-09 23:43:46 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-12-09 23:43:27 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-12-09 23:43:26 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-12-09 23:43:20 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-12-09 23:43:13 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-12-09 23:43:03 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-12-09 23:43:03 ----A---- C:\WINDOWS\002919_.tmp
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-12-09 23:43:00 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-12-09 23:42:59 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-12-09 23:42:55 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-12-09 23:42:53 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-12-09 23:42:53 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-12-09 23:42:52 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-12-09 23:42:47 ----N---- C:\WINDOWS\system32\credssp.dll
2008-12-09 23:42:38 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-12-09 23:42:37 ----N---- C:\WINDOWS\system32\azroles.dll
2008-12-09 23:42:35 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-12-09 23:42:35 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-12-09 23:42:34 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-12-09 23:42:34 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-12-09 23:42:34 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-12-09 23:42:34 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-12-09 23:42:33 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-12-09 23:42:24 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-09 23:14:18 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-09 20:53:39 ----RSH---- C:\SDVirus.txt
2008-12-09 20:29:58 ----RASH---- C:\SDSignature.txt
2008-12-09 20:29:58 ----RASH---- C:\ExecSignature.txt
2008-12-09 19:45:09 ----D---- C:\Program Files\SpywareDetector
2008-12-09 09:20:53 ----SHD---- C:\WINDOWS\U3VybWV0
2008-12-09 09:11:32 ----A---- C:\WINDOWS\system32\2f06b69c-.txt

======List of files/folders modified in the last 1 months======

2009-01-01 22:39:51 ----D---- C:\WINDOWS\Temp
2009-01-01 22:39:21 ----D---- C:\WINDOWS\system32
2009-01-01 22:39:18 ----D---- C:\WINDOWS
2009-01-01 22:37:17 ----A---- C:\WINDOWS\system.ini
2009-01-01 22:35:45 ----D---- C:\WINDOWS\system32\drivers
2009-01-01 22:35:44 ----D---- C:\Program Files\Common Files
2009-01-01 22:35:43 ----D---- C:\WINDOWS\AppPatch
2009-01-01 22:31:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-01 03:15:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-01 03:13:39 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2009-01-01 03:13:33 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.92 Modem.txt
2009-01-01 03:11:42 ----D---- C:\Program Files\LogMeIn
2009-01-01 03:06:56 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-01 03:05:28 ----HD---- C:\WINDOWS\inf
2009-01-01 03:01:52 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-01-01 03:01:46 ----D---- C:\WINDOWS\ie7updates
2009-01-01 03:00:57 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-31 18:30:43 ----D---- C:\WINDOWS\system32\config
2008-12-31 18:27:25 ----SD---- C:\WINDOWS\Tasks
2008-12-31 18:27:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-31 18:26:13 ----D---- C:\TEMP
2008-12-31 18:23:57 ----RASH---- C:\boot.ini
2008-12-31 10:49:15 ----SHD---- C:\WINDOWS\Installer
2008-12-31 10:49:15 ----HD---- C:\Config.Msi
2008-12-31 10:48:52 ----D---- C:\WINDOWS\WinSxS
2008-12-31 10:47:47 ----RD---- C:\Program Files
2008-12-31 10:36:36 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-30 21:11:25 ----SHD---- C:\WINDOWS\CSC
2008-12-16 18:40:38 ----D---- C:\Program Files\Symantec
2008-12-16 18:39:21 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-15 22:01:03 ----D---- C:\ISONAS
2008-12-15 21:59:24 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 11:31:44 ----D---- C:\WINDOWS\system
2008-12-10 01:03:29 ----D---- C:\Program Files\Internet Explorer
2008-12-10 01:01:20 ----A---- C:\WINDOWS\imsins.BAK
2008-12-10 00:57:39 ----A---- C:\WINDOWS\win.ini
2008-12-10 00:41:01 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-10 00:37:12 ----SD---- C:\Documents and Settings\nrichard.NRICHARDS2\Application Data\Microsoft
2008-12-10 00:29:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-10 00:23:46 ----A---- C:\WINDOWS\setuplog.txt
2008-12-10 00:22:38 ----D---- C:\WINDOWS\system32\Setup
2008-12-10 00:22:36 ----D---- C:\WINDOWS\system32\wbem
2008-12-10 00:22:35 ----SD---- C:\WINDOWS\Fonts
2008-12-10 00:17:40 ----D---- C:\Program Files\Messenger
2008-12-10 00:17:03 ----D---- C:\WINDOWS\security
2008-12-10 00:11:04 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-10 00:11:04 ----D---- C:\WINDOWS\network diagnostic
2008-12-10 00:11:03 ----D---- C:\WINDOWS\ime
2008-12-10 00:11:03 ----D---- C:\WINDOWS\Help
2008-12-10 00:10:36 ----D---- C:\WINDOWS\system32\usmt
2008-12-10 00:10:36 ----D---- C:\WINDOWS\system32\en-US
2008-12-10 00:10:30 ----D---- C:\WINDOWS\PeerNet
2008-12-10 00:10:29 ----D---- C:\Program Files\Movie Maker
2008-12-10 00:05:31 ----D---- C:\WINDOWS\system32\Restore
2008-12-10 00:05:31 ----D---- C:\WINDOWS\system32\npp
2008-12-10 00:05:30 ----D---- C:\WINDOWS\mui
2008-12-10 00:05:29 ----D---- C:\WINDOWS\msagent
2008-12-10 00:05:27 ----D---- C:\WINDOWS\srchasst
2008-12-10 00:05:24 ----D---- C:\Program Files\NetMeeting
2008-12-10 00:05:22 ----D---- C:\WINDOWS\system32\Com
2008-12-10 00:05:18 ----D---- C:\Program Files\Windows Media Player
2008-12-10 00:05:17 ----D---- C:\Program Files\Windows NT
2008-12-10 00:05:17 ----D---- C:\Program Files\Outlook Express
2008-12-10 00:05:12 ----D---- C:\Program Files\Common Files\System
2008-12-10 00:04:48 ----D---- C:\WINDOWS\system32\oobe
2008-12-10 00:00:02 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-09 23:54:59 ----D---- C:\WINDOWS\ehome
2008-12-09 23:17:02 ----D---- C:\WINDOWS\Debug
2008-12-09 21:17:59 ----D---- C:\Program Files\AutoCAD LT 2002

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-03 16128]
R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-02-02 17056]
R2 BASFND;BASFND; \??\C:\WINDOWS\system32\Drivers\BASFND.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-31 11354]
R2 s7otranx;s7otranx; C:\WINDOWS\System32\Drivers\S7otranx.sys [2001-12-05 478720]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-16 108791]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-09-03 121472]
R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-09-18 230920]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-08-03 10144]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 S7oppilx;Siemens PC/PPI Cable; C:\WINDOWS\System32\Drivers\S7oppilx.sys [2002-05-03 123904]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-21 3210496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 RimUsbb;RimUsbb; C:\WINDOWS\System32\drivers\RimUsbb.sys []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-16 85969]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-11-07 22272]
S3 s7oppitx;s7oppitx; C:\WINDOWS\System32\Drivers\S7oppitx.sys [2001-12-05 73216]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.4; C:\WINDOWS\system32\basfipm.exe [2004-04-01 77824]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-10-30 401408]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2008-10-16 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2007-08-03 63040]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-06-09 356352]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2008-02-27 20480]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]
R2 Sim9Sync;SIMATIC NET Synchronization Service; C:\WINDOWS\system32\sim9sync.exe [2002-06-19 94208]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2008-12-31 1572864]
R2 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-07 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 138168]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2007-05-24 61440]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 usnsvc;Messenger Sharing USN Journal Reader service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#10 naterich

naterich
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 02 January 2009 - 09:46 AM

For what it's worth,
I attached a screen shot of the most persistant popup.

Also, When all this started a toobar loaded called Mirar. I disabled it from my browser, but when I went to uninstall, from ADD/Remove programs, clickin "uninstall" sends to a inoperable link. It still shows up in Add/Remove programs 2X's, but I can't locate its directory to delete or get the "uninstall" link to work. Another tidbit don't know if it means anything or if your familiar with this Mirar adware toolbar.

Attached Files



#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:56 AM

Posted 02 January 2009 - 06:15 PM

Hello,

Thanks. :thumbsup:

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O4 - HKLM\..\Run: [242572e2] rundll32.exe "C:\WINDOWS\system32\nazoduse.dll",b
O4 - HKLM\..\Run: [CPM2716417e] Rundll32.exe "c:\windows\system32\zifubogu.dll",a
O20 - AppInit_DLLs: c:\windows\system32\zifubogu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zifubogu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zifubogu.dll


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Navigate to and delete the following file(s):

c:\windows\system32\zifubogu.dll
C:\WINDOWS\system32\nazoduse.dll

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

KILLALL::

File::
c:\windows\system32\yabafoga.dll
c:\windows\system32\zifubogu.dll
c:\windows\system32\nazoduse.dll
c:\windows\system32\lawireyo.dll

Folder::
c:\windows\U3VybWV0


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Let me know if you're still getting the Mirar problems, and how it's running in general. :)

Thanks,
tea

Edited by teacup61, 02 January 2009 - 06:16 PM.

Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 naterich

naterich
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 02 January 2009 - 11:07 PM

Hi Tea,
Wow, it appears as though the popups are gone "knockwood". Mirar is still being displayed in the Add/Remove Programs window, but it doesn't appear to be causing a problem.

I guess we are close to being finished, I have another question regarding another computer on my home network. Is it possible for this other computer to pass virus's back . . . and if so before we're done can you work with me on correcting that one? It's an older computer with XP Home Edition. I use it as a file server mostly and overflow for web surfing (kids). I'm not getting popups on it, but it does run slowly lately, I'm afraid there's processes tying up processer.

Thanks, naterich

Combo Log
ComboFix 09-01-01.02 - nrichard 2009-01-02 22:17:06.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.169 [GMT -5:00]
Running from: c:\documents and settings\nrichard.NRICHARDS2\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\nrichard.NRICHARDS2\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\lawireyo.dll
c:\windows\system32\nazoduse.dll
c:\windows\system32\yabafoga.dll
c:\windows\system32\zifubogu.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lawireyo.dll
c:\windows\system32\nazoduse.dll
c:\windows\system32\yabafoga.dll
c:\windows\system32\zifubogu.dll
c:\windows\U3VybWV0

.
((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.

2008-12-31 17:54 . 2008-12-31 17:54 <DIR> d-------- c:\documents and settings\nrichard.NRICHARDS2\Application Data\BitDefender
2008-12-31 13:16 . 2008-12-31 13:16 850 --a------ c:\windows\system32\ProductTweaks.xml
2008-12-31 13:16 . 2008-12-31 13:16 385 --a------ c:\windows\system32\user_gensett.xml
2008-12-31 13:11 . 2008-12-31 18:31 121 --a------ c:\windows\bdagent.INI
2008-12-31 10:48 . 2008-12-31 10:48 <DIR> d-------- c:\documents and settings\Administrator\Application Data\BitDefender
2008-12-31 10:47 . 2008-12-31 10:47 <DIR> d-------- c:\program files\BitDefender
2008-12-31 10:47 . 2008-12-31 11:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2008-12-31 10:45 . 2008-12-31 10:48 <DIR> d-------- c:\program files\Common Files\BitDefender
2008-12-30 18:07 . 2008-12-30 18:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-16 19:12 . 2008-12-16 19:12 250 --a------ c:\windows\gmer.ini
2008-12-15 22:15 . 2008-12-15 22:15 <DIR> d-------- c:\windows\McAfee.com
2008-12-14 09:07 . 2008-12-14 09:10 <DIR> d-------- C:\rsit
2008-12-14 09:07 . 2009-01-02 22:07 <DIR> d-------- c:\program files\trend micro
2008-12-12 11:33 . 2008-12-12 11:33 <DIR> d-------- c:\windows\MaxSecureBackup
2008-12-12 11:31 . 2008-12-12 11:47 123 --a------ c:\windows\system\SYSRegC.dll
2008-12-12 11:30 . 2008-12-31 10:54 <DIR> d-------- c:\program files\Max Registry Cleaner
2008-12-12 11:30 . 2007-05-24 16:57 143,360 --a------ c:\windows\system32\GetHardDiskNo.dll
2008-12-10 00:46 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-12-10 00:46 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-10 00:10 . 2008-12-10 00:10 <DIR> d-------- c:\windows\system32\scripting
2008-12-10 00:10 . 2008-12-10 00:10 <DIR> d-------- c:\windows\system32\en
2008-12-10 00:10 . 2008-12-10 00:10 <DIR> d-------- c:\windows\system32\bits
2008-12-10 00:10 . 2008-12-10 00:10 <DIR> d-------- c:\windows\l2schemas
2008-12-10 00:05 . 2008-12-10 00:11 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-09 23:44 . 2008-04-13 19:12 1,737,856 --------- c:\windows\system32\mtxparhd.dll
2008-12-09 23:43 . 2004-08-03 22:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys
2008-12-09 23:42 . 2008-04-13 19:11 1,888,992 --------- c:\windows\system32\ati3duag.dll
2008-12-09 23:14 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-09 19:45 . 2008-12-31 10:53 <DIR> d-------- c:\program files\SpywareDetector
2008-12-09 19:45 . 2008-12-31 06:34 123 --a------ c:\windows\system\SysSD.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 02:26 --------- d-----w c:\program files\LogMeIn
2008-12-16 23:40 --------- d-----w c:\program files\Symantec
2008-12-16 23:39 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-10 02:17 --------- d-----w c:\program files\AutoCAD LT 2002
2008-11-16 17:43 256 ----a-w c:\documents and settings\nrichard.NRICHARDS2\pool.bin
2008-11-16 17:39 --------- d-----w c:\program files\Research In Motion
2008-11-16 17:39 --------- d-----w c:\program files\Common Files\Research In Motion
2008-11-16 14:13 --------- d-----w c:\documents and settings\nrichard.NRICHARDS2\Application Data\AdobeUM
2008-11-05 03:37 --------- d-----w c:\documents and settings\Administrator\Application Data\HPAppData
1998-04-28 00:15 570,128 ------w c:\program files\Common Files\dao350.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-31_18.44.00.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-17 07:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2008-10-17 07:08:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-09 20:24:38 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-10-17 07:08:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-07 29744]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2008-10-30 741376]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-10-17 69632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-02-02 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-02-27 972064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 17:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 19:35 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FileMaker\\FileMaker Pro 8\\FileMaker Pro.exe"=
"c:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys [2007-08-03 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2008-02-24 47640]
R2 Sim9Sync;SIMATIC NET Synchronization Service;c:\windows\system32\sim9sync.exe [2006-02-10 94208]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2006-02-02 87936]
S1 RimUsbb;RimUsbb;c:\windows\system32\drivers\RimUsbb.sys []
S3 Arrakis3;BitDefender Arrakis Server;"c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe" [2008-07-17 118784]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-02-02 29744]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S4 LMIRfsClientNP;LMIRfsClientNP; []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
bdx REG_MULTI_SZ scan
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-CPM2716417e - c:\windows\system32\zifubogu.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://192.168.62.102/
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: *.ameritrade.com
Trusted Zone: wwws.ameritrade.com
Trusted Zone: *.tdameritrade.com
Trusted Zone: wwws.tdameritrade.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 22:25:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1036)
c:\windows\system32\LMIinit.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\scardsvr.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\system32\BAsfIpM.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Apoint\ApntEx.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-01-02 22:30:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-03 03:30:36
ComboFix2.txt 2009-01-02 03:39:14
ComboFix3.txt 2008-12-31 23:45:53

Pre-Run: 37,709,332,480 bytes free
Post-Run: 37,714,915,328 bytes free

223 --- E O F --- 2009-01-01 08:05:28

Malwarebytes' Anti-Malware 1.31
Database version: 1599
Windows 5.1.2600 Service Pack 3

1/2/2009 10:47:49 PM
mbam-log-2009-01-02 (22-47-49).txt

Scan type: Quick Scan
Objects scanned: 71618
Time elapsed: 10 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:14 PM, on 1/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\sim9sync.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\trend micro\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.62.102/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.tdameritrade.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228882377171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228887653953
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...464/mcfscan.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SIMATIC NET Synchronization Service (Sim9Sync) - Siemens AG - C:\WINDOWS\system32\sim9sync.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12309 bytes



Malware Log

#13 naterich

naterich
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 02 January 2009 - 11:17 PM

Tea
For what it's worth aftter the ComboFix rebooted the computer a windows error popped up "Error Loading C:\windows\...\zifubogu.dll.
Will that always show up now after a reboot?

Naterich

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:56 AM

Posted 02 January 2009 - 11:24 PM

Hi there,

That all looks much better. :thumbsup:

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

The other computer *should* be all right, but if you'll post a HijackThis log I'll have a look and see if we can speed it up some as well. :)

Oh, I barely caught your last post before I hit reply! :) Navigate to system32 and be sure the file is gone. That would be c:\windows\system32\zifubogu.dll Also do a Windows search for Mirar and let me know what comes up. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 naterich

naterich
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 03 January 2009 - 02:38 PM

Hi Tea,

Attached you'll find the HJT log for my desktop.

I cannot find Mirar anywher on the C: drive, but still showing up in Add/Remove Software Box.

I am planning on making a donation because what you do is AWESOME. It was actually a very interesting process . . . once I began to gain confidence in the process. I was struggling for a couple of weeks before you replied. The pay for - antivirus companies even Bit Defender, never replied after contacting them day after day. :thumbsup:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:24 PM, on 1/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techtools/...%20Controls.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...83/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127006109511
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - http://download.verizon.net/sfp/Cabs/hst/w...tWebInstall.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...upv2.0.0.10.cab?
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7661 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users