Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virtumonde


  • This topic is locked This topic is locked
25 replies to this topic

#1 crisde23

crisde23

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 08 March 2009 - 11:09 PM

DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 23:58:59.76 on Sun 03/08/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1238 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.yahoo.com
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {64651d0d-6550-46b5-a5c6-8ad55397d4ad} - No File
BHO: {698854ed-dfb3-40cb-81cc-437b65c768cf} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Walgreens PhotoShow Media Manager] c:\progra~1\walgre~1\walgre~1\data\xtras\mssysmgr.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
dRun: [Power2GoExpress] NA
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9f.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: &Search - ?p=ZJxdm128MHUS
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
Trusted Zone: adobe.com\get
Trusted Zone: bleepingcomputer.com\download
Trusted Zone: internet
Trusted Zone: macromedia.com\fpdownload
Trusted Zone: mcafee.com
Trusted Zone: pctools.com\www
Trusted Zone: safer-networking.org\www
DPF: RaptisoftGameLoader - hxxp://real.gamehouse.com/games/raptisoft/raptisoftgameloader.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: Termw32 - {AC6908F2-1C7C-49E4-A460-442D307E7BB4} - c:\windows\system32\httpsme.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\3l098nko.default\
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\3l098nko.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\3l098nko.default\extensions\oberongamehost@oberongames.com\platform\winnt_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-2-16 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-3-8 130424]
R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-2-25 54912]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-26 201320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-3-26 359248]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-3-26 144704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-11 24652]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-3-26 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-26 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-26 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-26 40488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-26 33832]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-3-8 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-3-8 1095560]

=============== Created Last 30 ================

2009-03-08 23:24 2,914 a------- c:\windows\system32\tmp.reg
2009-03-08 23:24 168 a------- c:\windows\system32\drivers\kgpfr2.cfg
2009-03-08 23:14 240 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-03-08 18:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-03-08 18:29 <DIR> --d----- c:\program files\STOPzilla!
2009-03-08 18:29 <DIR> --d----- c:\program files\common files\iS3
2009-03-08 18:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-03-08 16:55 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-03-08 16:55 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-08 16:55 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-08 16:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-08 16:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-08 14:39 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-03-08 14:39 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-03-08 14:39 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-08 14:39 <DIR> --d----- c:\program files\common files\PC Tools
2009-03-08 14:39 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-03-08 14:39 <DIR> --d----- c:\program files\Spyware Doctor
2009-03-08 14:39 <DIR> --d----- c:\docume~1\owner\applic~1\PC Tools
2009-03-08 14:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-03-04 14:33 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-03-04 14:32 294,912 a----r-- c:\windows\system32\SZBase5.dll
2009-03-04 14:31 540,672 a----r-- c:\windows\system32\SZComp5.dll
2009-02-26 16:39 202,072 a----r-- c:\windows\system32\cpnprt2.cid
2009-02-25 18:59 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-25 18:59 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-25 18:21 <DIR> --d----- c:\windows\system32\v2mod32
2009-02-25 14:29 54,912 a----r-- c:\windows\system32\drivers\SZKG.sys
2009-02-24 14:45 1,228 a------- C:\CF-Submit.htm
2009-02-24 14:43 <DIR> --d----- C:\ComboFix
2009-02-16 20:09 <DIR> --d----- c:\program files\Trend Micro
2009-02-16 19:22 <DIR> --d----- C:\cmdcons
2009-02-16 18:10 161,792 a------- c:\windows\SWREG.exe
2009-02-16 18:10 98,816 a------- c:\windows\sed.exe
2009-02-16 12:42 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-02-16 12:41 <DIR> --d----- c:\program files\Panda Security

==================== Find3M ====================

2009-02-06 12:55 126,976 a----r-- c:\windows\system32\IS3HTUI5.dll
2009-02-06 12:54 393,216 a----r-- c:\windows\system32\IS3DBA5.dll
2009-02-06 12:54 372,736 a----r-- c:\windows\system32\IS3UI5.dll
2009-02-06 12:53 61,440 a----r-- c:\windows\system32\IS3Hks5.dll
2009-02-06 12:53 23,040 a----r-- c:\windows\system32\IS3XDat5.dll
2009-02-06 12:53 221,184 a----r-- c:\windows\system32\IS3Win325.dll
2009-02-06 12:52 94,208 a----r-- c:\windows\system32\IS3Inet5.dll
2009-02-06 12:52 90,112 a----r-- c:\windows\system32\IS3Svc5.dll
2009-02-06 12:49 716,800 a----r-- c:\windows\system32\IS3Base5.dll
2008-12-20 19:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-12 00:57 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2008-07-27 13:26 0 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2006-04-19 12:26 774,144 a------- c:\program files\RngInterstitial.dll
2008-09-29 22:04 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092920080930\index.dat

============= FINISH: 0:00:12.10 ===============

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:01:44 PM

Posted 21 March 2009 - 02:11 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 crisde23

crisde23
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 21 March 2009 - 09:56 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 20:55:53.87 on Sat 03/21/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1080 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\ehome\ehtray.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.yahoo.com
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {64651d0d-6550-46b5-a5c6-8ad55397d4ad} - No File
BHO: {698854ed-dfb3-40cb-81cc-437b65c768cf} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Walgreens PhotoShow Media Manager] c:\progra~1\walgre~1\walgre~1\data\xtras\mssysmgr.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRun: [Power2GoExpress] NA
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9f.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: &Search - ?p=ZJxdm128MHUS
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
Trusted Zone: adobe.com\get
Trusted Zone: bleepingcomputer.com\download
Trusted Zone: internet
Trusted Zone: macromedia.com\fpdownload
Trusted Zone: mcafee.com
Trusted Zone: pctools.com\www
Trusted Zone: safer-networking.org\www
DPF: RaptisoftGameLoader - hxxp://real.gamehouse.com/games/raptisoft/raptisoftgameloader.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: Termw32 - {AC6908F2-1C7C-49E4-A460-442D307E7BB4} - c:\windows\system32\httpsme.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\3l098nko.default\
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\3l098nko.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\3l098nko.default\extensions\oberongamehost@oberongames.com\platform\winnt_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-20 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-2-16 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-3-8 130424]
R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-2-25 54912]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-26 201320]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-3-26 359248]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2007-3-26 144704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-11 24652]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-26 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-26 35240]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-26 33832]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-26 40488]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-3-8 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-3-8 1095560]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-3-26 695624]

=============== Created Last 30 ================

2009-03-21 20:35 520 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-03-20 19:34 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-20 19:18 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-20 19:16 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-20 19:16 <DIR> --d----- c:\program files\Lavasoft
2009-03-11 13:22 <DIR> --d----- c:\program files\Safer Networking
2009-03-08 23:24 2,914 a------- c:\windows\system32\tmp.reg
2009-03-08 23:23 289,144 a------- c:\windows\system32\VCCLSID.exe
2009-03-08 23:23 288,417 a------- c:\windows\system32\SrchSTS.exe
2009-03-08 23:23 87,552 a------- c:\windows\system32\VACFix.exe
2009-03-08 23:23 82,944 a------- c:\windows\system32\IEDFix.exe
2009-03-08 23:23 82,944 a------- c:\windows\system32\IEDFix.C.exe
2009-03-08 23:23 82,432 a------- c:\windows\system32\404Fix.exe
2009-03-08 23:23 80,384 a------- c:\windows\system32\o4Patch.exe
2009-03-08 23:23 79,360 a------- c:\windows\system32\swxcacls.exe
2009-03-08 23:23 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2009-03-08 23:23 51,200 a------- c:\windows\system32\dumphive.exe
2009-03-08 23:23 25,600 a------- c:\windows\system32\WS2Fix.exe
2009-03-08 18:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-03-08 18:29 <DIR> --d----- c:\program files\STOPzilla!
2009-03-08 18:29 <DIR> --d----- c:\program files\common files\iS3
2009-03-08 18:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-03-08 16:55 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-03-08 16:55 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-08 16:55 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-08 16:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-08 16:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-08 14:39 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-03-08 14:39 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-03-08 14:39 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-08 14:39 <DIR> --d----- c:\program files\common files\PC Tools
2009-03-08 14:39 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-03-08 14:39 <DIR> --d----- c:\program files\Spyware Doctor
2009-03-08 14:39 <DIR> --d----- c:\docume~1\owner\applic~1\PC Tools
2009-03-08 14:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-03-04 14:33 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-03-04 14:32 294,912 a----r-- c:\windows\system32\SZBase5.dll
2009-03-04 14:31 540,672 a----r-- c:\windows\system32\SZComp5.dll
2009-02-26 16:39 202,072 a----r-- c:\windows\system32\cpnprt2.cid
2009-02-25 18:59 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-25 18:59 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-25 18:21 <DIR> --d----- c:\windows\system32\v2mod32
2009-02-25 14:29 54,912 a----r-- c:\windows\system32\drivers\SZKG.sys
2009-02-24 14:45 1,228 a------- C:\CF-Submit.htm
2009-02-24 14:43 <DIR> --d----- C:\ComboFix

==================== Find3M ====================

2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 12:55 126,976 a----r-- c:\windows\system32\IS3HTUI5.dll
2009-02-06 12:54 393,216 a----r-- c:\windows\system32\IS3DBA5.dll
2009-02-06 12:54 372,736 a----r-- c:\windows\system32\IS3UI5.dll
2009-02-06 12:53 61,440 a----r-- c:\windows\system32\IS3Hks5.dll
2009-02-06 12:53 23,040 a----r-- c:\windows\system32\IS3XDat5.dll
2009-02-06 12:53 221,184 a----r-- c:\windows\system32\IS3Win325.dll
2009-02-06 12:52 94,208 a----r-- c:\windows\system32\IS3Inet5.dll
2009-02-06 12:52 90,112 a----r-- c:\windows\system32\IS3Svc5.dll
2009-02-06 12:49 716,800 a----r-- c:\windows\system32\IS3Base5.dll
2008-07-27 13:26 0 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2006-04-19 12:26 774,144 a------- c:\program files\RngInterstitial.dll
2008-09-29 22:04 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092920080930\index.dat

============= FINISH: 20:56:51.65 ===============

Attached Files



#4 crisde23

crisde23
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 21 March 2009 - 10:03 PM

running very slow. taking a long time to boot up, and getting an additional boot menu. I have gotten rid of virtumonde several times but it keeps moving and is now hidden. I have downloaded many fixes since my post. Thank you very much for your help.

#5 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:44 PM

Posted 22 March 2009 - 05:05 AM

Hi

You seem to have P2P software installed there. Nowadays major part of infections are spread in P2P networks. That's why I recommend you uninstall Limewire. If not uninstalled it must be turned off until your system is clean.


getting an additional boot menu

Do you mean menu visible for a few seconds and recovery console as one of the options?


Disable Ad-Watch



A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log & a fresh dds log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#6 crisde23

crisde23
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 22 March 2009 - 12:32 PM

ComboFix 09-03-19.02 - Owner 2009-03-22 12:46:11.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1316 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-22 to 2009-03-22 )))))))))))))))))))))))))))))))
.

2009-03-22 12:35 . 2009-03-22 12:35 424 --a------ c:\windows\system32\drivers\kgpfr2.cfg
2009-03-22 12:34 . 2009-03-22 12:35 616 --a------ c:\windows\system32\drivers\kgpcpy.cfg
2009-03-21 00:44 . 2009-03-21 00:44 <DIR> d-------- c:\documents and settings\Owner\Application Data\Roxio
2009-03-20 19:34 . 2009-03-09 15:06 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-20 19:18 . 2009-03-09 15:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-20 19:16 . 2009-03-20 19:16 <DIR> d-------- c:\program files\Lavasoft
2009-03-20 19:16 . 2009-03-20 19:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-20 19:16 . 2009-03-20 19:16 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-20 16:37 . 2009-03-20 16:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-03-11 13:22 . 2009-03-11 13:22 <DIR> d-------- c:\program files\Safer Networking
2009-03-08 18:31 . 2009-03-19 19:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2009-03-08 18:29 . 2009-03-08 18:29 <DIR> d-------- c:\program files\STOPzilla!
2009-03-08 18:29 . 2009-03-08 18:29 <DIR> d-------- c:\program files\Common Files\iS3
2009-03-08 18:29 . 2009-03-22 12:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-03-08 16:55 . 2009-03-08 16:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-08 16:55 . 2009-03-08 16:55 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-03-08 16:55 . 2009-03-08 16:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-08 16:55 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-08 16:55 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-08 14:39 . 2009-03-20 19:23 <DIR> d-------- c:\program files\Spyware Doctor
2009-03-08 14:39 . 2009-03-08 14:40 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-03-08 14:39 . 2009-03-08 14:39 <DIR> d-------- c:\documents and settings\Owner\Application Data\PC Tools
2009-03-08 14:39 . 2009-03-08 14:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2009-03-08 14:39 . 2008-12-11 08:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-03-08 14:39 . 2009-03-20 18:26 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-03-08 14:39 . 2008-12-18 12:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-08 14:39 . 2008-12-10 12:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys
2009-03-04 14:33 . 2009-03-04 14:33 17,408 -ra------ c:\windows\system32\SZIO5.dll
2009-03-04 14:32 . 2009-03-04 14:32 294,912 -ra------ c:\windows\system32\SZBase5.dll
2009-03-04 14:31 . 2009-03-04 14:31 540,672 -ra------ c:\windows\system32\SZComp5.dll
2009-02-26 16:39 . 2009-02-26 16:39 202,072 -ra------ c:\windows\system32\cpnprt2.cid
2009-02-25 18:59 . 2009-02-25 18:59 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-25 18:59 . 2009-02-25 18:59 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-25 18:21 . 2009-03-22 12:16 <DIR> d-------- c:\windows\system32\v2mod32
2009-02-25 14:29 . 2009-02-25 14:29 54,912 -ra------ c:\windows\system32\drivers\SZKG.sys
2009-02-24 14:45 . 2009-02-24 14:45 1,228 --a------ C:\CF-Submit.htm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 00:54 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-21 04:44 --------- d-----w c:\program files\Napster
2009-03-21 00:33 --------- d-----w c:\program files\Conference
2009-03-20 20:20 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-25 22:59 --------- d-----w c:\program files\Java
2009-02-17 00:09 --------- d-----w c:\program files\Trend Micro
2009-02-16 23:24 --------- d-----w c:\program files\Common
2009-02-16 16:41 --------- d-----w c:\program files\Panda Security
2009-02-16 04:03 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 16:55 126,976 ----a-r c:\windows\system32\IS3HTUI5.dll
2009-02-06 16:54 393,216 ----a-r c:\windows\system32\IS3DBA5.dll
2009-02-06 16:54 372,736 ----a-r c:\windows\system32\IS3UI5.dll
2009-02-06 16:53 61,440 ----a-r c:\windows\system32\IS3Hks5.dll
2009-02-06 16:53 23,040 ----a-r c:\windows\system32\IS3XDat5.dll
2009-02-06 16:53 221,184 ----a-r c:\windows\system32\IS3Win325.dll
2009-02-06 16:52 94,208 ----a-r c:\windows\system32\IS3Inet5.dll
2009-02-06 16:52 90,112 ----a-r c:\windows\system32\IS3Svc5.dll
2009-02-06 16:49 716,800 ----a-r c:\windows\system32\IS3Base5.dll
2009-01-23 00:17 --------- d-----w c:\program files\U.B. Funkeys
2008-07-27 17:26 0 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2006-04-19 16:26 774,144 ----a-w c:\program files\RngInterstitial.dll
2008-09-30 02:04 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092920080930\index.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-02-18_16.51.29.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 11:08:53 1,847,552 ----a-w c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB958690\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2008-12-05 06:58:08 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB960225\update\updspapi.dll
+ 2008-06-17 19:04:34 8,461,824 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
- 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2000-08-31 13:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 12:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 12:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2000-08-31 13:00:00 136,704 ----a-w c:\windows\SWSC.exe
+ 2000-08-31 12:00:00 136,704 ----a-w c:\windows\SWSC.exe
+ 2008-04-14 00:11:56 2,230,834 ----a-w c:\windows\system32\biotcp.exe
- 2009-02-18 16:59:59 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-22 13:26:54 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-18 16:59:59 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-22 13:26:54 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-22 13:26:54 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-05 06:54:55 144,896 -c----w c:\windows\system32\dllcache\schannel.dll
+ 2008-06-17 19:02:19 8,461,312 -c----w c:\windows\system32\dllcache\shell32.dll
- 2008-09-15 12:12:56 1,846,400 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 11:13:27 1,846,784 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2009-03-09 19:06:56 64,160 -c--a-w c:\windows\system32\DRVSTORE\lbd_1D149FE61E2CD0936E43877117FE3EF0674B9944\Lbd.sys
- 2008-10-15 07:10:13 278,152 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-12 07:08:00 278,152 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-04-14 00:11:56 1,006,201 ----a-w c:\windows\system32\httpsme.dll
- 2005-11-10 15:27:06 49,248 -c--a-w c:\windows\system32\java.exe
+ 2009-02-25 22:59:14 144,792 ----a-w c:\windows\system32\java.exe
- 2005-11-10 15:27:16 49,250 -c--a-w c:\windows\system32\javaw.exe
+ 2009-02-25 22:59:14 144,792 ----a-w c:\windows\system32\javaw.exe
- 2005-11-10 17:03:54 127,078 -c--a-w c:\windows\system32\javaws.exe
+ 2009-02-25 22:59:14 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2008-04-14 00:11:56 2,099 ----a-w c:\windows\system32\macctrl.dll
- 2009-02-16 14:09:45 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-03-02 00:25:39 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-25 16:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe
- 2009-02-16 14:34:56 64,372 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-08 23:00:49 64,372 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-16 14:34:56 409,232 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-08 23:00:49 409,232 ----a-w c:\windows\system32\perfh009.dat
- 2008-04-14 00:12:05 144,384 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 06:54:55 144,896 ----a-w c:\windows\system32\schannel.dll
- 2008-04-14 00:12:05 8,461,312 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\system32\shell32.dll
- 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
- 2007-08-11 00:46:18 26,488 ----a-w c:\windows\system32\spupdsvc.exe
+ 2007-07-27 13:41:38 26,488 ----a-w c:\windows\system32\spupdsvc.exe
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{009CF973-717F-FF63-8C06-63FFFF1669FF}.dat
+ 2009-03-22 16:40:42 1,048,576 ----a-w c:\windows\system32\v2mod32\{07FC7AD1-852C-F803-2E85-03F85E8409F8}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{0F705C5B-9A98-F08F-A4A3-8FF0D75385F0}.dat
+ 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{124C58EE-8309-EDB2-11A7-B3ED78A2B9ED}.dat
+ 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{1A9F27F7-65C9-E560-08D8-60E57CEE6AE5}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{21556A22-8E67-DEAB-DD95-AADEADBCA0DE}.dat
+ 2009-03-22 16:45:49 1,048,576 ----a-w c:\windows\system32\v2mod32\{287A0D60-DEB9-D784-9FF2-85D7EC998FD7}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{2F0C8FDE-5044-D0F2-2170-F3D05278F9D0}.dat
+ 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{34370469-B17F-CBC8-96FB-C8CBE20CC2CB}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{39A173BE-3812-C65E-418C-5EC632D054C6}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{4A03DAE0-FE53-B5FC-1F25-FCB56CC6F6B5}.dat
+ 2009-03-22 16:45:49 2,097,152 ----a-w c:\windows\system32\v2mod32\{565B80F0-5719-A9A5-0F7F-A4A97B7DAEA9}.dat
+ 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{580B73B8-8F8F-A7F5-478C-F4A7339DFEA7}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{62D707CF-F831-9D28-30F8-289D43F9229D}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{635621B5-F639-9CA8-4ADE-A99C3AD2A39C}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{645FFE9C-C6B6-9BA0-6301-A09B10ADAA9B}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{68B4EA63-AF91-974B-9C15-4B97ECF84197}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{747C4F75-0A14-8B83-8AB0-838BF941898B}.dat
+ 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{8253DC42-F0B0-7DAC-BD23-AC7DC9ABA67D}.dat
+ 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{8B89369B-86F6-7476-64C9-767410F07C74}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{96DA3743-09B6-6925-BCC8-2569CF4F2F69}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{9FC6FFDA-A357-6039-2500-396055AB3360}.dat
+ 2009-03-22 16:45:49 8,388,608 ----a-w c:\windows\system32\v2mod32\{A807B3FA-6506-57F9-054C-F8576C42F257}.dat
+ 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{B81A9847-7D1D-47E4-B867-E547D141EF47}.dat
+ 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{C278021C-D490-3D87-E3FD-873D97F18D3D}.dat
+ 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{C5B13AED-E5C7-3A4F-12C5-4E3A66CF443A}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{CCFD1A59-F2DD-3303-A6E5-0233D6F10833}.dat
+ 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{CE42F069-2F02-31BC-960F-BD31FF06B731}.dat
+ 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{CFF743BE-AB5E-3009-41BC-083028AF0230}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{D52494EC-BB68-2ADB-136B-DB2A6337D12A}.dat
+ 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{D5385958-6078-2AC7-A7A6-C72AD30ECD2A}.dat
+ 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{D76FF087-DA42-2890-780F-902811CE9A28}.dat
+ 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{DC941229-2A95-236B-D6ED-6B23BF476123}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{DF68F217-D993-2097-E80D-97209BB09D20}.dat
+ 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{DFA320AC-660B-205C-53DF-5C2027355620}.dat
+ 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{E09CB9D7-63D3-1F62-2846-631F4148691F}.dat
+ 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{E331E88F-DF4E-1CCE-7017-CE1C19A3C41C}.dat
+ 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{EB9C8F25-C928-1463-DA70-6314B39C6914}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{ECC75935-72AB-1338-CAA6-3813BD633213}.dat
+ 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{F07164B3-2E90-0F8E-4C9B-8E0F25F6840F}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{F254D858-E108-0DAB-A727-AB0DCC80A10D}.dat
+ 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{F524EAC8-9D2F-0ADB-3715-DB0A4367D10A}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{F8754E5E-FE20-078A-A1B1-8A07CA888007}.dat
+ 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{FC7F5991-1340-0380-6EA6-80031ACE8A03}.dat
+ 2009-03-22 16:40:45 2,097,152 ----a-w c:\windows\system32\v2mod32\{FF003F76-C088-00FF-89C0-FF00FDC1F500}.dat
- 2007-06-12 03:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
+ 2008-11-11 22:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll
+ 2009-03-22 16:35:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_258.dat
+ 2006-12-02 02:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 04:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 04:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 04:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 04:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 04:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 04:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 04:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 04:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 04:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 04:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 04:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 04:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 04:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2008-07-29 12:05:06 161,784 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 07:54:08 225,280 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 12:05:08 572,928 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 12:05:08 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 07:54:12 312,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2008-07-29 12:05:08 875,520 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 12:05:08 1,180,672 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
+ 2008-07-29 12:05:12 5,937,144 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 12:05:12 5,982,720 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 10:07:42 80,896 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
+ 2008-07-29 10:07:42 80,896 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 12:05:08 3,768,312 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 12:05:10 3,783,672 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 10:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 10:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 12:05:06 38,912 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 12:05:06 39,936 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 12:05:08 66,560 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 12:05:08 56,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 12:05:06 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 12:05:08 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 12:05:06 66,048 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 12:05:08 64,512 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 12:05:08 46,592 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 12:05:08 46,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 12:05:08 62,976 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-04-15 17:47:33 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-07 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"nwiz"="nwiz.exe" [2005-09-18 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-24 218496]

c:\documents and settings\Alexandra\Start Menu\Programs\Startup\

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 12:58:31.14 on Sun 03/22/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1302 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRun: [Power2GoExpress] NA
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9f.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: &Search - ?p=ZJxdm128MHUS
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
Trusted Zone: adobe.com\get
Trusted Zone: bleepingcomputer.com\download
Trusted Zone: internet
Trusted Zone: macromedia.com\fpdownload
Trusted Zone: mcafee.com
Trusted Zone: pctools.com\www
Trusted Zone: safer-networking.org\www
DPF: RaptisoftGameLoader - hxxp://real.gamehouse.com/games/raptisoft/raptisoftgameloader.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: Termw32 - {AC6908F2-1C7C-49E4-A460-442D307E7BB4} - c:\windows\system32\httpsme.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\3l098nko.default\
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\3l098nko.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\3l098nko.default\extensions\oberongamehost@oberongames.com\platform\winnt_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-20 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-2-16 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-3-8 130424]
R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-2-25 54912]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-26 201320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-3-26 359248]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2007-3-26 144704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-11 24652]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-26 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-26 35240]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-26 33832]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-26 40488]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-3-8 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-3-8 1095560]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-3-26 695624]

=============== Created Last 30 ================

2009-03-22 12:45 <DIR> --d----- C:\ComboFix
2009-03-22 12:35 424 a------- c:\windows\system32\drivers\kgpfr2.cfg
2009-03-22 12:34 616 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-03-22 11:59 161,792 a------- c:\windows\SWREG.exe
2009-03-20 19:34 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-20 19:18 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-20 19:16 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-20 19:16 <DIR> --d----- c:\program files\Lavasoft
2009-03-11 13:22 <DIR> --d----- c:\program files\Safer Networking
2009-03-08 18:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-03-08 18:29 <DIR> --d----- c:\program files\STOPzilla!
2009-03-08 18:29 <DIR> --d----- c:\program files\common files\iS3
2009-03-08 18:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-03-08 16:55 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-03-08 16:55 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-08 16:55 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-08 16:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-08 16:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-08 14:39 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-03-08 14:39 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-03-08 14:39 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-08 14:39 <DIR> --d----- c:\program files\common files\PC Tools
2009-03-08 14:39 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-03-08 14:39 <DIR> --d----- c:\program files\Spyware Doctor
2009-03-08 14:39 <DIR> --d----- c:\docume~1\owner\applic~1\PC Tools
2009-03-08 14:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-03-04 14:33 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-03-04 14:32 294,912 a----r-- c:\windows\system32\SZBase5.dll
2009-03-04 14:31 540,672 a----r-- c:\windows\system32\SZComp5.dll
2009-02-26 16:39 202,072 a----r-- c:\windows\system32\cpnprt2.cid
2009-02-25 18:59 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-25 18:59 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-25 18:21 <DIR> --d----- c:\windows\system32\v2mod32
2009-02-25 14:29 54,912 a----r-- c:\windows\system32\drivers\SZKG.sys
2009-02-24 14:45 1,228 a------- C:\CF-Submit.htm

==================== Find3M ====================

2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 12:55 126,976 a----r-- c:\windows\system32\IS3HTUI5.dll
2009-02-06 12:54 393,216 a----r-- c:\windows\system32\IS3DBA5.dll
2009-02-06 12:54 372,736 a----r-- c:\windows\system32\IS3UI5.dll
2009-02-06 12:53 61,440 a----r-- c:\windows\system32\IS3Hks5.dll
2009-02-06 12:53 23,040 a----r-- c:\windows\system32\IS3XDat5.dll
2009-02-06 12:53 221,184 a----r-- c:\windows\system32\IS3Win325.dll
2009-02-06 12:52 94,208 a----r-- c:\windows\system32\IS3Inet5.dll
2009-02-06 12:52 90,112 a----r-- c:\windows\system32\IS3Svc5.dll
2009-02-06 12:49 716,800 a----r-- c:\windows\system32\IS3Base5.dll
2008-07-27 13:26 0 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2006-04-19 12:26 774,144 a------- c:\program files\RngInterstitial.dll
2008-09-29 22:04 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092920080930\index.dat

============= FINISH: 12:58:59.48 ===============

Attached Files



#7 crisde23

crisde23
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 22 March 2009 - 12:39 PM

It didn't happen again. I'm not really sure what it said other then boot cleaner. It was a blue screen. Now my time has switched to military and is a few minutes off and has an error updating. Thank you.

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:44 PM

Posted 23 March 2009 - 10:55 AM

Now my time has switched to military and is a few minutes off and has an error updating.

Hi

That time format can be switched back later. What you mean by saying "and has an error updating"?


Ending part of ComboFix log is missing. Could you post a complete one, please? :thumbup2:

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 crisde23

crisde23
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 23 March 2009 - 12:34 PM

ComboFix 09-03-19.02 - Owner 2009-03-22 12:46:11.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1316 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-22 to 2009-03-22 )))))))))))))))))))))))))))))))
.

2009-03-22 12:35 . 2009-03-22 12:35 424 --a------ c:\windows\system32\drivers\kgpfr2.cfg
2009-03-22 12:34 . 2009-03-22 12:35 616 --a------ c:\windows\system32\drivers\kgpcpy.cfg
2009-03-21 00:44 . 2009-03-21 00:44 <DIR> d-------- c:\documents and settings\Owner\Application Data\Roxio
2009-03-20 19:34 . 2009-03-09 15:06 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-20 19:18 . 2009-03-09 15:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-20 19:16 . 2009-03-20 19:16 <DIR> d-------- c:\program files\Lavasoft
2009-03-20 19:16 . 2009-03-20 19:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-20 19:16 . 2009-03-20 19:16 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-20 16:37 . 2009-03-20 16:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-03-11 13:22 . 2009-03-11 13:22 <DIR> d-------- c:\program files\Safer Networking
2009-03-08 18:31 . 2009-03-19 19:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2009-03-08 18:29 . 2009-03-08 18:29 <DIR> d-------- c:\program files\STOPzilla!
2009-03-08 18:29 . 2009-03-08 18:29 <DIR> d-------- c:\program files\Common Files\iS3
2009-03-08 18:29 . 2009-03-22 12:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-03-08 16:55 . 2009-03-08 16:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-08 16:55 . 2009-03-08 16:55 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-03-08 16:55 . 2009-03-08 16:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-08 16:55 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-08 16:55 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-08 14:39 . 2009-03-20 19:23 <DIR> d-------- c:\program files\Spyware Doctor
2009-03-08 14:39 . 2009-03-08 14:40 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-03-08 14:39 . 2009-03-08 14:39 <DIR> d-------- c:\documents and settings\Owner\Application Data\PC Tools
2009-03-08 14:39 . 2009-03-08 14:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2009-03-08 14:39 . 2008-12-11 08:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-03-08 14:39 . 2009-03-20 18:26 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-03-08 14:39 . 2008-12-18 12:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-08 14:39 . 2008-12-10 12:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys
2009-03-04 14:33 . 2009-03-04 14:33 17,408 -ra------ c:\windows\system32\SZIO5.dll
2009-03-04 14:32 . 2009-03-04 14:32 294,912 -ra------ c:\windows\system32\SZBase5.dll
2009-03-04 14:31 . 2009-03-04 14:31 540,672 -ra------ c:\windows\system32\SZComp5.dll
2009-02-26 16:39 . 2009-02-26 16:39 202,072 -ra------ c:\windows\system32\cpnprt2.cid
2009-02-25 18:59 . 2009-02-25 18:59 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-25 18:59 . 2009-02-25 18:59 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-25 18:21 . 2009-03-22 12:16 <DIR> d-------- c:\windows\system32\v2mod32
2009-02-25 14:29 . 2009-02-25 14:29 54,912 -ra------ c:\windows\system32\drivers\SZKG.sys
2009-02-24 14:45 . 2009-02-24 14:45 1,228 --a------ C:\CF-Submit.htm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 00:54 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-21 04:44 --------- d-----w c:\program files\Napster
2009-03-21 00:33 --------- d-----w c:\program files\Conference
2009-03-20 20:20 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-25 22:59 --------- d-----w c:\program files\Java
2009-02-17 00:09 --------- d-----w c:\program files\Trend Micro
2009-02-16 23:24 --------- d-----w c:\program files\Common
2009-02-16 16:41 --------- d-----w c:\program files\Panda Security
2009-02-16 04:03 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 16:55 126,976 ----a-r c:\windows\system32\IS3HTUI5.dll
2009-02-06 16:54 393,216 ----a-r c:\windows\system32\IS3DBA5.dll
2009-02-06 16:54 372,736 ----a-r c:\windows\system32\IS3UI5.dll
2009-02-06 16:53 61,440 ----a-r c:\windows\system32\IS3Hks5.dll
2009-02-06 16:53 23,040 ----a-r c:\windows\system32\IS3XDat5.dll
2009-02-06 16:53 221,184 ----a-r c:\windows\system32\IS3Win325.dll
2009-02-06 16:52 94,208 ----a-r c:\windows\system32\IS3Inet5.dll
2009-02-06 16:52 90,112 ----a-r c:\windows\system32\IS3Svc5.dll
2009-02-06 16:49 716,800 ----a-r c:\windows\system32\IS3Base5.dll
2009-01-23 00:17 --------- d-----w c:\program files\U.B. Funkeys
2008-07-27 17:26 0 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2006-04-19 16:26 774,144 ----a-w c:\program files\RngInterstitial.dll
2008-09-30 02:04 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092920080930\index.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-02-18_16.51.29.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 11:08:53 1,847,552 ----a-w c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB958690\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2008-12-05 06:58:08 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB960225\update\updspapi.dll
+ 2008-06-17 19:04:34 8,461,824 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
- 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2000-08-31 13:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 12:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 12:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2000-08-31 13:00:00 136,704 ----a-w c:\windows\SWSC.exe
+ 2000-08-31 12:00:00 136,704 ----a-w c:\windows\SWSC.exe
+ 2008-04-14 00:11:56 2,230,834 ----a-w c:\windows\system32\biotcp.exe
- 2009-02-18 16:59:59 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-22 13:26:54 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-18 16:59:59 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-22 13:26:54 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-22 13:26:54 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-05 06:54:55 144,896 -c----w c:\windows\system32\dllcache\schannel.dll
+ 2008-06-17 19:02:19 8,461,312 -c----w c:\windows\system32\dllcache\shell32.dll
- 2008-09-15 12:12:56 1,846,400 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 11:13:27 1,846,784 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2009-03-09 19:06:56 64,160 -c--a-w c:\windows\system32\DRVSTORE\lbd_1D149FE61E2CD0936E43877117FE3EF0674B9944\Lbd.sys
- 2008-10-15 07:10:13 278,152 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-12 07:08:00 278,152 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-04-14 00:11:56 1,006,201 ----a-w c:\windows\system32\httpsme.dll
- 2005-11-10 15:27:06 49,248 -c--a-w c:\windows\system32\java.exe
+ 2009-02-25 22:59:14 144,792 ----a-w c:\windows\system32\java.exe
- 2005-11-10 15:27:16 49,250 -c--a-w c:\windows\system32\javaw.exe
+ 2009-02-25 22:59:14 144,792 ----a-w c:\windows\system32\javaw.exe
- 2005-11-10 17:03:54 127,078 -c--a-w c:\windows\system32\javaws.exe
+ 2009-02-25 22:59:14 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2008-04-14 00:11:56 2,099 ----a-w c:\windows\system32\macctrl.dll
- 2009-02-16 14:09:45 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-03-02 00:25:39 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-25 16:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe
- 2009-02-16 14:34:56 64,372 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-08 23:00:49 64,372 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-16 14:34:56 409,232 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-08 23:00:49 409,232 ----a-w c:\windows\system32\perfh009.dat
- 2008-04-14 00:12:05 144,384 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 06:54:55 144,896 ----a-w c:\windows\system32\schannel.dll
- 2008-04-14 00:12:05 8,461,312 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\system32\shell32.dll
- 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
- 2007-08-11 00:46:18 26,488 ----a-w c:\windows\system32\spupdsvc.exe
+ 2007-07-27 13:41:38 26,488 ----a-w c:\windows\system32\spupdsvc.exe
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{009CF973-717F-FF63-8C06-63FFFF1669FF}.dat
+ 2009-03-22 16:40:42 1,048,576 ----a-w c:\windows\system32\v2mod32\{07FC7AD1-852C-F803-2E85-03F85E8409F8}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{0F705C5B-9A98-F08F-A4A3-8FF0D75385F0}.dat
+ 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{124C58EE-8309-EDB2-11A7-B3ED78A2B9ED}.dat
+ 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{1A9F27F7-65C9-E560-08D8-60E57CEE6AE5}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{21556A22-8E67-DEAB-DD95-AADEADBCA0DE}.dat
+ 2009-03-22 16:45:49 1,048,576 ----a-w c:\windows\system32\v2mod32\{287A0D60-DEB9-D784-9FF2-85D7EC998FD7}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{2F0C8FDE-5044-D0F2-2170-F3D05278F9D0}.dat
+ 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{34370469-B17F-CBC8-96FB-C8CBE20CC2CB}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{39A173BE-3812-C65E-418C-5EC632D054C6}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{4A03DAE0-FE53-B5FC-1F25-FCB56CC6F6B5}.dat
+ 2009-03-22 16:45:49 2,097,152 ----a-w c:\windows\system32\v2mod32\{565B80F0-5719-A9A5-0F7F-A4A97B7DAEA9}.dat
+ 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{580B73B8-8F8F-A7F5-478C-F4A7339DFEA7}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{62D707CF-F831-9D28-30F8-289D43F9229D}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{635621B5-F639-9CA8-4ADE-A99C3AD2A39C}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{645FFE9C-C6B6-9BA0-6301-A09B10ADAA9B}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{68B4EA63-AF91-974B-9C15-4B97ECF84197}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{747C4F75-0A14-8B83-8AB0-838BF941898B}.dat
+ 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{8253DC42-F0B0-7DAC-BD23-AC7DC9ABA67D}.dat
+ 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{8B89369B-86F6-7476-64C9-767410F07C74}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{96DA3743-09B6-6925-BCC8-2569CF4F2F69}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{9FC6FFDA-A357-6039-2500-396055AB3360}.dat
+ 2009-03-22 16:45:49 8,388,608 ----a-w c:\windows\system32\v2mod32\{A807B3FA-6506-57F9-054C-F8576C42F257}.dat
+ 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{B81A9847-7D1D-47E4-B867-E547D141EF47}.dat
+ 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{C278021C-D490-3D87-E3FD-873D97F18D3D}.dat
+ 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{C5B13AED-E5C7-3A4F-12C5-4E3A66CF443A}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{CCFD1A59-F2DD-3303-A6E5-0233D6F10833}.dat
+ 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{CE42F069-2F02-31BC-960F-BD31FF06B731}.dat
+ 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{CFF743BE-AB5E-3009-41BC-083028AF0230}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{D52494EC-BB68-2ADB-136B-DB2A6337D12A}.dat
+ 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{D5385958-6078-2AC7-A7A6-C72AD30ECD2A}.dat
+ 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{D76FF087-DA42-2890-780F-902811CE9A28}.dat
+ 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{DC941229-2A95-236B-D6ED-6B23BF476123}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{DF68F217-D993-2097-E80D-97209BB09D20}.dat
+ 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{DFA320AC-660B-205C-53DF-5C2027355620}.dat
+ 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{E09CB9D7-63D3-1F62-2846-631F4148691F}.dat
+ 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{E331E88F-DF4E-1CCE-7017-CE1C19A3C41C}.dat
+ 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{EB9C8F25-C928-1463-DA70-6314B39C6914}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{ECC75935-72AB-1338-CAA6-3813BD633213}.dat
+ 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{F07164B3-2E90-0F8E-4C9B-8E0F25F6840F}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{F254D858-E108-0DAB-A727-AB0DCC80A10D}.dat
+ 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{F524EAC8-9D2F-0ADB-3715-DB0A4367D10A}.dat
+ 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{F8754E5E-FE20-078A-A1B1-8A07CA888007}.dat
+ 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{FC7F5991-1340-0380-6EA6-80031ACE8A03}.dat
+ 2009-03-22 16:40:45 2,097,152 ----a-w c:\windows\system32\v2mod32\{FF003F76-C088-00FF-89C0-FF00FDC1F500}.dat
- 2007-06-12 03:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
+ 2008-11-11 22:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll
+ 2009-03-22 16:35:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_258.dat
+ 2006-12-02 02:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 04:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 04:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 04:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 04:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 04:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 04:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 04:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 04:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 04:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 04:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 04:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 04:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 04:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2008-07-29 12:05:06 161,784 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 07:54:08 225,280 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 12:05:08 572,928 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 12:05:08 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 07:54:12 312,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2008-07-29 12:05:08 875,520 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 12:05:08 1,180,672 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
+ 2008-07-29 12:05:12 5,937,144 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 12:05:12 5,982,720 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 10:07:42 80,896 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
+ 2008-07-29 10:07:42 80,896 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 12:05:08 3,768,312 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 12:05:10 3,783,672 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 10:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 10:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 12:05:06 38,912 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 12:05:06 39,936 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 12:05:08 66,560 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 12:05:08 56,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 12:05:06 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 12:05:08 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 12:05:06 66,048 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 12:05:08 64,512 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 12:05:08 46,592 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 12:05:08 46,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 12:05:08 62,976 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-04-15 17:47:33 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-07 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"nwiz"="nwiz.exe" [2005-09-18 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-24 218496]

c:\documents and settings\Alexandra\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\Deja Aleecia\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2006-02-16 81920]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Termw32"= {AC6908F2-1C7C-49E4-A460-442D307E7BB4} - c:\windows\system32\httpsme.dll [2008-04-13 1006201]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Conference\\Conference.dll"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\soundman.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=
"c:\\Program Files\\McAfee\\MSC\\mcuimgr.exe"=
"c:\\Program Files\\McAfee\\MSC\\mcmscsvc.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcsysmon.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\WINDOWS\\ehome\\ehmsas.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-20 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-16 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-08 130424]
R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-02-25 54912]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-11-11 24652]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-08 348752]
.
Contents of the 'Scheduled Tasks' folder

2009-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-03-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -

BHO-{64651d0d-6550-46b5-a5c6-8ad55397d4ad} - (no file)
BHO-{698854ed-dfb3-40cb-81cc-437b65c768cf} - (no file)
Toolbar-SITEguard - (no file)
HKCU-Run-Walgreens PhotoShow Media Manager - c:\progra~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: &Search - ?p=ZJxdm128MHUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
Trusted Zone: adobe.com\get
Trusted Zone: bleepingcomputer.com\download
Trusted Zone: internet
Trusted Zone: macromedia.com\fpdownload
Trusted Zone: mcafee.com
Trusted Zone: pctools.com\www
Trusted Zone: safer-networking.org\www
DPF: RaptisoftGameLoader - hxxp://real.gamehouse.com/games/raptisoft/raptisoftgameloader.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3l098nko.default\
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3l098nko.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3l098nko.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 12:48:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(796)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
.
Completion time: 2009-03-22 12:50:22
ComboFix-quarantined-files.txt 2009-03-22 16:50:19
ComboFix2.txt 2009-02-24 18:48:22
ComboFix3.txt 2009-02-18 21:52:48
ComboFix4.txt 2009-02-18 00:35:59
ComboFix5.txt 2009-03-22 15:59:14

Pre-Run: 209,179,852,800 bytes free
Post-Run: 209,172,578,304 bytes free

397 --- E O F --- 2009-03-13 07:01:40


sorry about that

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:44 PM

Posted 23 March 2009 - 03:40 PM

Hi again,


Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.


Upload following files to http://www.virustotal.com and post back the results:
c:\windows\system32\v2mod32\{2F0C8FDE-5044-D0F2-2170-F3D05278F9D0}.dat
c:\windows\system32\v2mod32\{34370469-B17F-CBC8-96FB-C8CBE20CC2CB}.dat
c:\windows\system32\v2mod32\{39A173BE-3812-C65E-418C-5EC632D054C6}.dat



Open notepad and copy/paste the text in the quotebox below into it:

DDS::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

File::
c:\windows\system32\httpsme.dll
c:\windows\system32\biotcp.exe
c:\windows\system32\macctrl.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Termw32"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=-


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader!


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 12.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.


Download ATF (Atribune Temp File) Cleanerę by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here. If you get a message that latest Java must be installed "enable" the Java add-ons in IE7. Do that using "manage add-ons" from the IE7 toolbar.


Post back its report, a fresh dds log and above mentioned ComboFix resultant log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 crisde23

crisde23
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 23 March 2009 - 04:24 PM

File _2F0C8FDE-5044-D0F2-2170-F3D05278 received on 03.23.2009 22:10:18 (CET)
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.23 -
AhnLab-V3 5.0.0.2 2009.03.23 -
AntiVir 7.9.0.120 2009.03.23 -
Authentium 5.1.2.4 2009.03.23 -
Avast 4.8.1335.0 2009.03.23 -
AVG 8.5.0.283 2009.03.23 -
BitDefender 7.2 2009.03.23 -
CAT-QuickHeal 10.00 2009.03.23 -
ClamAV 0.94.1 2009.03.23 -
Comodo 1082 2009.03.23 -
DrWeb 4.44.0.09170 2009.03.23 -
eSafe 7.0.17.0 2009.03.23 -
eTrust-Vet 31.6.6412 2009.03.23 -
F-Prot 4.4.4.56 2009.03.23 -
F-Secure 8.0.14470.0 2009.03.23 -
Fortinet 3.117.0.0 2009.03.23 -
GData 19 2009.03.23 -
Ikarus T3.1.1.48.0 2009.03.23 -
K7AntiVirus 7.10.679 2009.03.23 -
Kaspersky 7.0.0.125 2009.03.23 -
McAfee 5562 2009.03.23 -
McAfee+Artemis 5562 2009.03.23 -
McAfee-GW-Edition 6.7.6 2009.03.23 -
Microsoft 1.4502 2009.03.23 -
NOD32 3955 2009.03.23 -
Norman 6.00.06 2009.03.23 -
nProtect 2009.1.8.0 2009.03.23 -
Panda 10.0.0.10 2009.03.23 -
PCTools 4.4.2.0 2009.03.23 -
Prevx1 V2 2009.03.23 -
Rising 21.22.02.00 2009.03.23 -
Sophos 4.39.0 2009.03.23 -
Sunbelt 3.2.1858.2 2009.03.23 -
Symantec 1.4.4.12 2009.03.23 -
TheHacker 6.3.3.4.288 2009.03.23 -
TrendMicro 8.700.0.1004 2009.03.23 -
VBA32 3.12.10.1 2009.03.23 -
ViRobot 2009.3.23.1660 2009.03.23 -
VirusBuster 4.6.5.0 2009.03.23 -
Additional information
File size: 1048576 bytes
MD5...: 07b5cbf863570623de5fc1b5729d8b6f
SHA1..: a23688e9556ca0388e191b43be254f8a44eda054
SHA256: acb80ce370018729899d88313a5c2da335677431f096c4dff5d70d04a1c0e56b
SHA512: 23c84918696b65f7ff9d13571a92d1559114c211d8c6f0395f802ced5512820d<br>b3ec2d9ae591d19f05b17f41aa0ecc2a8c9ef7cf284cfc7dac2878b92800ba0b
ssdeep: 3072:UST+RvX4C2m66fOPNUKZI5qAjJWJf6D3GdA9km:USThC4PNUpQ6LPy<br>
PEiD..: -
TrID..: File type identification<br>ZSoft PCX bitmap (90.5%)<br>Lumena CEL bitmap (5.6%)<br>Corel Photo Paint (3.7%)
PEInfo: -

Antivirus Version Last Update Result

Additional information
File size: 1048576 bytes
MD5...: 07b5cbf863570623de5fc1b5729d8b6f
SHA1..: a23688e9556ca0388e191b43be254f8a44eda054
SHA256: acb80ce370018729899d88313a5c2da335677431f096c4dff5d70d04a1c0e56b
SHA512: 23c84918696b65f7ff9d13571a92d1559114c211d8c6f0395f802ced5512820d<br>b3ec2d9ae591d19f05b17f41aa0ecc2a8c9ef7cf284cfc7dac2878b92800ba0b
ssdeep: 3072:UST+RvX4C2m66fOPNUKZI5qAjJWJf6D3GdA9km:USThC4PNUpQ6LPy<br>
PEiD..: -
TrID..: File type identification<br>ZSoft PCX bitmap (90.5%)<br>Lumena CEL bitmap (5.6%)<br>Corel Photo Paint (3.7%)
PEInfo: -

#12 crisde23

crisde23
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 23 March 2009 - 04:32 PM

File _34370469-B17F-CBC8-96FB-C8CBE20C received on 03.23.2009 22:25:51 (CET)
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.23 -
AhnLab-V3 5.0.0.2 2009.03.23 -
AntiVir 7.9.0.120 2009.03.23 -
Authentium 5.1.2.4 2009.03.23 -
Avast 4.8.1335.0 2009.03.23 -
AVG 8.5.0.283 2009.03.23 -
BitDefender 7.2 2009.03.23 -
CAT-QuickHeal 10.00 2009.03.23 -
ClamAV 0.94.1 2009.03.23 -
Comodo 1082 2009.03.23 -
DrWeb 4.44.0.09170 2009.03.23 -
eSafe 7.0.17.0 2009.03.23 -
eTrust-Vet 31.6.6412 2009.03.23 -
F-Prot 4.4.4.56 2009.03.23 -
F-Secure 8.0.14470.0 2009.03.23 -
Fortinet 3.117.0.0 2009.03.23 -
GData 19 2009.03.23 -
Ikarus T3.1.1.48.0 2009.03.23 -
K7AntiVirus 7.10.679 2009.03.23 -
Kaspersky 7.0.0.125 2009.03.23 -
McAfee 5562 2009.03.23 -
McAfee+Artemis 5562 2009.03.23 -
McAfee-GW-Edition 6.7.6 2009.03.23 -
Microsoft 1.4502 2009.03.23 -
NOD32 3955 2009.03.23 -
Norman 6.00.06 2009.03.23 -
nProtect 2009.1.8.0 2009.03.23 -
Panda 10.0.0.10 2009.03.23 -
PCTools 4.4.2.0 2009.03.23 -
Prevx1 V2 2009.03.23 -
Rising 21.22.02.00 2009.03.23 -
Sophos 4.39.0 2009.03.23 -
Sunbelt 3.2.1858.2 2009.03.23 -
Symantec 1.4.4.12 2009.03.23 -
TheHacker 6.3.3.4.288 2009.03.23 -
TrendMicro 8.700.0.1004 2009.03.23 -
VBA32 3.12.10.1 2009.03.23 -
ViRobot 2009.3.23.1660 2009.03.23 -
VirusBuster 4.6.5.0 2009.03.23 -
Additional information
File size: 2097152 bytes
MD5...: 585263f4d04ed20a6be21b05e6267898
SHA1..: b93c51007ae096bbab816cea0959c31b5fe7905b
SHA256: 33f83a5ea7ed673db5548f97b9e594f90c6c006a697a2e88dfe067131d55c542
SHA512: 805eb208391700e196e4381092fe4260efaf0933ee518e41bff297aff0e7528b<br>3771bd71e0ecbf6d3eb8a96b8621fd750ac65a8af7c7444aef0b5133fd2d0d53
ssdeep: 24576:sstAZgMlX2uUicSMGNalXc3bnC6HDCa7Y0Vf4pLSDIXIQzJ9TbiZ2wPFzA<br>r:ntAH0u7c5xXc3bnC6jC8BiFbTbiAP<br>
PEiD..: -
TrID..: File type identification<br>ZSoft PCX bitmap (90.5%)<br>Lumena CEL bitmap (5.6%)<br>Corel Photo Paint (3.7%)
PEInfo: -

#13 crisde23

crisde23
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 23 March 2009 - 04:37 PM

I could not find the third file to send

#14 crisde23

crisde23
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 23 March 2009 - 05:04 PM

ComboFix 09-03-19.02 - Owner 2009-03-23 17:41:37.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1270 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point

FILE ::
c:\windows\system32\biotcp.exe
c:\windows\system32\httpsme.dll
c:\windows\system32\macctrl.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\biotcp.exe
c:\windows\system32\httpsme.dll
c:\windows\system32\macctrl.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-23 to 2009-03-23 )))))))))))))))))))))))))))))))
.

2009-03-23 17:45 . 2009-03-23 17:45 456 --a------ c:\windows\system32\drivers\kgpcpy.cfg
2009-03-23 17:45 . 2009-03-23 17:45 344 --a------ c:\windows\system32\drivers\kgpfr2.cfg
2009-03-21 00:44 . 2009-03-21 00:44 <DIR> d-------- c:\documents and settings\Owner\Application Data\Roxio
2009-03-20 19:34 . 2009-03-09 15:06 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-20 19:18 . 2009-03-09 15:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-20 19:16 . 2009-03-20 19:16 <DIR> d-------- c:\program files\Lavasoft
2009-03-20 19:16 . 2009-03-20 19:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-20 19:16 . 2009-03-20 19:16 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-20 16:37 . 2009-03-20 16:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-03-11 13:22 . 2009-03-11 13:22 <DIR> d-------- c:\program files\Safer Networking
2009-03-08 18:31 . 2009-03-19 19:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2009-03-08 18:29 . 2009-03-08 18:29 <DIR> d-------- c:\program files\STOPzilla!
2009-03-08 18:29 . 2009-03-08 18:29 <DIR> d-------- c:\program files\Common Files\iS3
2009-03-08 18:29 . 2009-03-23 17:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-03-08 16:55 . 2009-03-08 16:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-08 16:55 . 2009-03-08 16:55 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-03-08 16:55 . 2009-03-08 16:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-08 16:55 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-08 16:55 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-08 14:39 . 2009-03-20 19:23 <DIR> d-------- c:\program files\Spyware Doctor
2009-03-08 14:39 . 2009-03-08 14:40 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-03-08 14:39 . 2009-03-08 14:39 <DIR> d-------- c:\documents and settings\Owner\Application Data\PC Tools
2009-03-08 14:39 . 2009-03-08 14:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2009-03-08 14:39 . 2008-12-11 08:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-03-08 14:39 . 2009-03-20 18:26 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-03-08 14:39 . 2008-12-18 12:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-08 14:39 . 2008-12-10 12:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys
2009-03-04 14:33 . 2009-03-04 14:33 17,408 -ra------ c:\windows\system32\SZIO5.dll
2009-03-04 14:32 . 2009-03-04 14:32 294,912 -ra------ c:\windows\system32\SZBase5.dll
2009-03-04 14:31 . 2009-03-04 14:31 540,672 -ra------ c:\windows\system32\SZComp5.dll
2009-02-26 16:39 . 2009-02-26 16:39 202,072 -ra------ c:\windows\system32\cpnprt2.cid
2009-02-25 18:59 . 2009-02-25 18:59 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-25 18:59 . 2009-02-25 18:59 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-25 18:21 . 2009-03-23 17:37 <DIR> d-------- c:\windows\system32\v2mod32
2009-02-25 14:29 . 2009-02-25 14:29 54,912 -ra------ c:\windows\system32\drivers\SZKG.sys
2009-02-24 14:45 . 2009-02-24 14:45 1,228 --a------ C:\CF-Submit.htm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 00:54 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-21 04:44 --------- d-----w c:\program files\Napster
2009-03-21 00:33 --------- d-----w c:\program files\Conference
2009-03-20 20:20 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-25 22:59 --------- d-----w c:\program files\Java
2009-02-17 00:09 --------- d-----w c:\program files\Trend Micro
2009-02-16 23:24 --------- d-----w c:\program files\Common
2009-02-16 16:41 --------- d-----w c:\program files\Panda Security
2009-02-16 04:03 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-23 00:17 --------- d-----w c:\program files\U.B. Funkeys
2008-07-27 17:26 0 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2006-04-19 16:26 774,144 ----a-w c:\program files\RngInterstitial.dll
2008-09-30 02:04 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092920080930\index.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-03-22_12.49.12.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-22 13:26:54 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-23 21:50:59 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-22 13:26:54 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-23 21:50:59 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-22 13:26:54 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-23 21:50:59 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{009CF973-717F-FF63-8C06-63FFFF1669FF}.dat
+ 2009-03-23 16:50:49 1,048,576 ----a-w c:\windows\system32\v2mod32\{009CF973-717F-FF63-8C06-63FFFF1669FF}.dat
- 2009-03-22 16:40:42 1,048,576 ----a-w c:\windows\system32\v2mod32\{07FC7AD1-852C-F803-2E85-03F85E8409F8}.dat
+ 2009-03-23 16:50:49 1,048,576 ----a-w c:\windows\system32\v2mod32\{07FC7AD1-852C-F803-2E85-03F85E8409F8}.dat
- 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{0F705C5B-9A98-F08F-A4A3-8FF0D75385F0}.dat
+ 2009-03-23 16:50:49 1,048,576 ----a-w c:\windows\system32\v2mod32\{0F705C5B-9A98-F08F-A4A3-8FF0D75385F0}.dat
- 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{1A9F27F7-65C9-E560-08D8-60E57CEE6AE5}.dat
+ 2009-03-23 16:50:49 2,097,152 ----a-w c:\windows\system32\v2mod32\{1A9F27F7-65C9-E560-08D8-60E57CEE6AE5}.dat
- 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{21556A22-8E67-DEAB-DD95-AADEADBCA0DE}.dat
+ 2009-03-23 16:50:49 1,048,576 ----a-w c:\windows\system32\v2mod32\{21556A22-8E67-DEAB-DD95-AADEADBCA0DE}.dat
- 2009-03-22 16:45:49 1,048,576 ----a-w c:\windows\system32\v2mod32\{287A0D60-DEB9-D784-9FF2-85D7EC998FD7}.dat
+ 2009-03-23 16:50:49 1,048,576 ----a-w c:\windows\system32\v2mod32\{287A0D60-DEB9-D784-9FF2-85D7EC998FD7}.dat
- 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{2F0C8FDE-5044-D0F2-2170-F3D05278F9D0}.dat
+ 2009-03-23 16:50:49 1,048,576 ----a-w c:\windows\system32\v2mod32\{2F0C8FDE-5044-D0F2-2170-F3D05278F9D0}.dat
- 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{34370469-B17F-CBC8-96FB-C8CBE20CC2CB}.dat
+ 2009-03-23 16:50:49 2,097,152 ----a-w c:\windows\system32\v2mod32\{34370469-B17F-CBC8-96FB-C8CBE20CC2CB}.dat
+ 2009-03-23 21:37:11 1,048,576 ----a-w c:\windows\system32\v2mod32\{3CA649F0-8B68-C358-0FB6-59C37C7153C3}.dat
+ 2009-03-23 16:50:49 2,097,152 ----a-w c:\windows\system32\v2mod32\{479B4792-8B2A-B865-6DB8-64B819986EB8}.dat
- 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{4A03DAE0-FE53-B5FC-1F25-FCB56CC6F6B5}.dat
+ 2009-03-23 16:50:49 1,048,576 ----a-w c:\windows\system32\v2mod32\{4A03DAE0-FE53-B5FC-1F25-FCB56CC6F6B5}.dat
- 2009-03-22 16:45:49 2,097,152 ----a-w c:\windows\system32\v2mod32\{565B80F0-5719-A9A5-0F7F-A4A97B7DAEA9}.dat
+ 2009-03-23 16:50:49 2,097,152 ----a-w c:\windows\system32\v2mod32\{565B80F0-5719-A9A5-0F7F-A4A97B7DAEA9}.dat
- 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{580B73B8-8F8F-A7F5-478C-F4A7339DFEA7}.dat
+ 2009-03-23 16:50:49 2,097,152 ----a-w c:\windows\system32\v2mod32\{580B73B8-8F8F-A7F5-478C-F4A7339DFEA7}.dat
- 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{62D707CF-F831-9D28-30F8-289D43F9229D}.dat
+ 2009-03-23 16:50:49 1,048,576 ----a-w c:\windows\system32\v2mod32\{62D707CF-F831-9D28-30F8-289D43F9229D}.dat
- 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{635621B5-F639-9CA8-4ADE-A99C3AD2A39C}.dat
+ 2009-03-23 17:28:51 1,048,576 ----a-w c:\windows\system32\v2mod32\{635621B5-F639-9CA8-4ADE-A99C3AD2A39C}.dat
- 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{645FFE9C-C6B6-9BA0-6301-A09B10ADAA9B}.dat
+ 2009-03-23 16:50:49 1,048,576 ----a-w c:\windows\system32\v2mod32\{645FFE9C-C6B6-9BA0-6301-A09B10ADAA9B}.dat
+ 2009-03-23 21:38:33 1,048,576 ----a-w c:\windows\system32\v2mod32\{64D586B8-43EF-9B2B-4779-2A9B37D2209B}.dat
- 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{68B4EA63-AF91-974B-9C15-4B97ECF84197}.dat
+ 2009-03-23 16:50:49 1,048,576 ----a-w c:\windows\system32\v2mod32\{68B4EA63-AF91-974B-9C15-4B97ECF84197}.dat
- 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{747C4F75-0A14-8B83-8AB0-838BF941898B}.dat
+ 2009-03-23 16:50:49 1,048,576 ----a-w c:\windows\system32\v2mod32\{747C4F75-0A14-8B83-8AB0-838BF941898B}.dat
- 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{8253DC42-F0B0-7DAC-BD23-AC7DC9ABA67D}.dat
+ 2009-03-23 16:50:49 2,097,152 ----a-w c:\windows\system32\v2mod32\{8253DC42-F0B0-7DAC-BD23-AC7DC9ABA67D}.dat
- 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{8B89369B-86F6-7476-64C9-767410F07C74}.dat
+ 2009-03-23 16:50:49 2,097,152 ----a-w c:\windows\system32\v2mod32\{8B89369B-86F6-7476-64C9-767410F07C74}.dat
+ 2009-03-23 20:37:10 2,097,152 ----a-w c:\windows\system32\v2mod32\{8B99733C-BB72-7467-C38C-6674B7046C74}.dat
- 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{96DA3743-09B6-6925-BCC8-2569CF4F2F69}.dat
+ 2009-03-23 16:50:49 1,048,576 ----a-w c:\windows\system32\v2mod32\{96DA3743-09B6-6925-BCC8-2569CF4F2F69}.dat
- 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{B81A9847-7D1D-47E4-B867-E547D141EF47}.dat
+ 2009-03-23 16:50:49 8,388,608 ----a-w c:\windows\system32\v2mod32\{B81A9847-7D1D-47E4-B867-E547D141EF47}.dat
+ 2009-03-23 21:37:11 1,048,576 ----a-w c:\windows\system32\v2mod32\{B9BBEF4E-2626-4645-B110-4446C2554E46}.dat
+ 2009-03-23 17:22:07 8,388,608 ----a-w c:\windows\system32\v2mod32\{BEF2C6F4-0023-410C-0B39-0D41629A0741}.dat
- 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{C278021C-D490-3D87-E3FD-873D97F18D3D}.dat
+ 2009-03-23 16:50:51 2,097,152 ----a-w c:\windows\system32\v2mod32\{C278021C-D490-3D87-E3FD-873D97F18D3D}.dat
- 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{C5B13AED-E5C7-3A4F-12C5-4E3A66CF443A}.dat
+ 2009-03-23 16:50:51 2,097,152 ----a-w c:\windows\system32\v2mod32\{C5B13AED-E5C7-3A4F-12C5-4E3A66CF443A}.dat
- 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{CCFD1A59-F2DD-3303-A6E5-0233D6F10833}.dat
+ 2009-03-23 16:50:51 1,048,576 ----a-w c:\windows\system32\v2mod32\{CCFD1A59-F2DD-3303-A6E5-0233D6F10833}.dat
- 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{CE42F069-2F02-31BC-960F-BD31FF06B731}.dat
+ 2009-03-23 16:50:51 8,388,608 ----a-w c:\windows\system32\v2mod32\{CE42F069-2F02-31BC-960F-BD31FF06B731}.dat
+ 2009-03-23 16:50:51 8,388,608 ----a-w c:\windows\system32\v2mod32\{CE9D3A13-F1B7-3163-ECC5-623185EA6831}.dat
- 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{CFF743BE-AB5E-3009-41BC-083028AF0230}.dat
+ 2009-03-23 16:50:51 8,388,608 ----a-w c:\windows\system32\v2mod32\{CFF743BE-AB5E-3009-41BC-083028AF0230}.dat
- 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{D52494EC-BB68-2ADB-136B-DB2A6337D12A}.dat
+ 2009-03-23 16:50:51 1,048,576 ----a-w c:\windows\system32\v2mod32\{D52494EC-BB68-2ADB-136B-DB2A6337D12A}.dat
- 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{D5385958-6078-2AC7-A7A6-C72AD30ECD2A}.dat
+ 2009-03-23 16:50:51 2,097,152 ----a-w c:\windows\system32\v2mod32\{D5385958-6078-2AC7-A7A6-C72AD30ECD2A}.dat
+ 2009-03-23 21:37:11 2,097,152 ----a-w c:\windows\system32\v2mod32\{D541A314-60E9-2ABF-EB5C-BE2A9F9CB42A}.dat
- 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{D76FF087-DA42-2890-780F-902811CE9A28}.dat
+ 2009-03-23 16:50:51 8,388,608 ----a-w c:\windows\system32\v2mod32\{D76FF087-DA42-2890-780F-902811CE9A28}.dat
- 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{DC941229-2A95-236B-D6ED-6B23BF476123}.dat
+ 2009-03-23 16:50:51 8,388,608 ----a-w c:\windows\system32\v2mod32\{DC941229-2A95-236B-D6ED-6B23BF476123}.dat
- 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{DF68F217-D993-2097-E80D-97209BB09D20}.dat
+ 2009-03-23 16:50:51 1,048,576 ----a-w c:\windows\system32\v2mod32\{DF68F217-D993-2097-E80D-97209BB09D20}.dat
- 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{DFA320AC-660B-205C-53DF-5C2027355620}.dat
+ 2009-03-23 16:50:51 2,097,152 ----a-w c:\windows\system32\v2mod32\{DFA320AC-660B-205C-53DF-5C2027355620}.dat
- 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{E09CB9D7-63D3-1F62-2846-631F4148691F}.dat
+ 2009-03-23 16:50:51 8,388,608 ----a-w c:\windows\system32\v2mod32\{E09CB9D7-63D3-1F62-2846-631F4148691F}.dat
- 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{E331E88F-DF4E-1CCE-7017-CE1C19A3C41C}.dat
+ 2009-03-23 16:50:51 8,388,608 ----a-w c:\windows\system32\v2mod32\{E331E88F-DF4E-1CCE-7017-CE1C19A3C41C}.dat
+ 2009-03-23 21:37:11 8,388,608 ----a-w c:\windows\system32\v2mod32\{EA9B16C7-D533-1565-38E9-641551296E15}.dat
- 2009-03-22 16:40:43 8,388,608 ----a-w c:\windows\system32\v2mod32\{EB9C8F25-C928-1463-DA70-6314B39C6914}.dat
+ 2009-03-23 16:50:51 8,388,608 ----a-w c:\windows\system32\v2mod32\{EB9C8F25-C928-1463-DA70-6314B39C6914}.dat
- 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{ECC75935-72AB-1338-CAA6-3813BD633213}.dat
+ 2009-03-23 16:50:51 1,048,576 ----a-w c:\windows\system32\v2mod32\{ECC75935-72AB-1338-CAA6-3813BD633213}.dat
- 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{F254D858-E108-0DAB-A727-AB0DCC80A10D}.dat
+ 2009-03-23 21:34:38 1,048,576 ----a-w c:\windows\system32\v2mod32\{F254D858-E108-0DAB-A727-AB0DCC80A10D}.dat
- 2009-03-22 16:40:43 2,097,152 ----a-w c:\windows\system32\v2mod32\{F524EAC8-9D2F-0ADB-3715-DB0A4367D10A}.dat
+ 2009-03-23 16:50:51 2,097,152 ----a-w c:\windows\system32\v2mod32\{F524EAC8-9D2F-0ADB-3715-DB0A4367D10A}.dat
+ 2009-03-23 16:50:51 8,388,608 ----a-w c:\windows\system32\v2mod32\{F79B4972-83C4-0865-8DB6-6408E48F6E08}.dat
- 2009-03-22 16:40:43 1,048,576 ----a-w c:\windows\system32\v2mod32\{F8754E5E-FE20-078A-A1B1-8A07CA888007}.dat
+ 2009-03-23 16:50:51 1,048,576 ----a-w c:\windows\system32\v2mod32\{F8754E5E-FE20-078A-A1B1-8A07CA888007}.dat
- 2009-03-22 16:40:45 2,097,152 ----a-w c:\windows\system32\v2mod32\{FF003F76-C088-00FF-89C0-FF00FDC1F500}.dat
+ 2009-03-23 16:50:51 2,097,152 ----a-w c:\windows\system32\v2mod32\{FF003F76-C088-00FF-89C0-FF00FDC1F500}.dat
+ 2009-03-23 21:45:13 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_184.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-07 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"nwiz"="nwiz.exe" [2005-09-18 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-24 218496]

c:\documents and settings\Alexandra\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\Deja Aleecia\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2006-02-16 81920]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Conference\\Conference.dll"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\soundman.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=
"c:\\Program Files\\McAfee\\MSC\\mcuimgr.exe"=
"c:\\Program Files\\McAfee\\MSC\\mcmscsvc.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcsysmon.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\WINDOWS\\ehome\\ehmsas.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-20 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-16 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-08 130424]
R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-02-25 54912]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-11-11 24652]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-08 348752]
.
Contents of the 'Scheduled Tasks' folder

2009-03-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:06]

2009-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-03-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: &Search - ?p=ZJxdm128MHUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
Trusted Zone: adobe.com\get
Trusted Zone: bleepingcomputer.com\download
Trusted Zone: internet
Trusted Zone: macromedia.com\fpdownload
Trusted Zone: mcafee.com
Trusted Zone: pctools.com\www
Trusted Zone: safer-networking.org\www
DPF: RaptisoftGameLoader - hxxp://real.gamehouse.com/games/raptisoft/raptisoftgameloader.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3l098nko.default\
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3l098nko.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3l098nko.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 17:47:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\windows\TEMP\ver22.tmp 1608 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(788)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\MBK\MBackMonitor.exe
c:\program files\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\program files\Common Files\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee\MSC\mcupdmgr.exe
c:\progra~1\McAfee\MSC\mcupdui.exe
c:\program files\McAfee\VirusScan\mcinsupd.exe
c:\program files\STOPzilla!\STOPzilla.exe
.
**************************************************************************
.
Completion time: 2009-03-23 17:55:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-23 21:55:20
ComboFix2.txt 2009-03-22 16:50:23
ComboFix3.txt 2009-02-24 18:48:22
ComboFix4.txt 2009-02-18 21:52:48
ComboFix5.txt 2009-03-23 21:41:02

Pre-Run: 209,072,467,968 bytes free
Post-Run: 208,985,047,040 bytes free

350 --- E O F --- 2009-03-13 07:01:40

#15 crisde23

crisde23
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 23 March 2009 - 10:02 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, March 23, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, March 23, 2009 23:13:13
Records in database: 1958593
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 92456
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:47:53


File name / Threat name / Threats count
C:\Documents and Settings\Owner\Desktop\David Music\busty-jessica-difeo-washes-her-pussy.htm Infected: Trojan.JS.Agent.hg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\macctrl.dll.vir Infected: not-a-virus:Monitor.Win32.PCPandora.a 1
C:\WINDOWS\system32\utilwiz.dll Infected: not-a-virus:Monitor.Win32.PCPandora.a 1

The selected area was scanned.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users