Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

USB virus infection


  • This topic is locked This topic is locked
11 replies to this topic

#1 HyBriD54

HyBriD54

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 17 June 2009 - 02:43 AM

Completely unable to remove it, despite all attempts. No software I have can remove this persistent virus.

Safe mode CANNOT be used at all. I receive a BSOD when I attempt to enter Safe Mode.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Tony at 17:37:42.04 on Wed 17/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1022.451 [GMT 10:00]

FW: F-Secure Anti-Virus 2006 6.10 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\DOCUMENTS AND SETTINGS\TONY\MY DOCUMENTS\APPLICATIONS\FRAPS\FRAPS.EXE
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\TEMP\wintasxm.exe
C:\Documents and Settings\Tony\Desktop\AV\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.microsoft.com
uDefault_Search_URL = hxxp://ie.search.msn.com
udefault_page_url = hxxp://www.microsoft.com
uWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = hxxp://www.microsoft.com
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [SRS Audio Sandbox] "c:\program files\srs labs\audio sandbox\SRSSSC.exe" /hideme
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Fraps] c:\documents and settings\tony\my documents\applications\fraps\FRAPS.EXE
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver2\LVCOMS.EXE
mRun: [LogitechGalleryRepair] c:\program files\logitech\imagestudio\ISStart.exe
mRun: [LogitechImageStudioTray] c:\program files\logitech\imagestudio\LogiTray.exe
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio 10\uvPL.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Visualware Security Suite] "c:\program files\visualware security suite\tscore.exe" -autostartup
mRun: [L2 Rage Patch] """"""""""""""""""""""""""""""""""""""""""""" silent"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [WindowBlinds] c:\progra~1\stardock\object~1\window~1\wbload.exe auto
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [OODefragTray] c:\windows\system32\oodtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [USBScan.exe] c:\program files\usbscan\USBScan.exe -Hide
mRun: [USB Antivirus] c:\program files\usb disk security\USBGuard.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\tony\startm~1\programs\startup\cyber-~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\tony\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\documents and settings\tony\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} - hxxp://www.bardownload.com/prompt/cabs/website.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153214301718
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {4C614652-2D27-4EC7-A96B-750C661672EA} = 203.2.75.132,198.142.0.51
Notify: LMIinit - LMIinit.dll
Notify: WB - c:\progra~1\stardock\object~1\window~1\fastload.dll
Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll
AppInit_DLLs: wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\dokajihe.dll c:\windows\system32\wohupuda.dll c:\windows\system32\vufipuye.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\bjpeo509.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-25 64160]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2006-9-3 6097]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-19 1005904]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-6-5 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-5 47640]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\mmlohi.sys --> c:\windows\system32\drivers\mmlohi.sys [?]
S3 gsplittm;gsplittm;\??\c:\docume~1\tony\locals~1\temp\gsplittm.sys --> c:\docume~1\tony\locals~1\temp\gsplittm.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [2009-5-7 29184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-7 34064]
S3 npkycryp;npkycryp;\??\c:\documents and settings\tony\my documents\lily\new folder\npkycryp.sys --> c:\documents and settings\tony\my documents\lily\new folder\npkycryp.sys [?]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\H10USB.sys [2004-6-24 7552]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2006-9-3 299923]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-06-17 17:17 477 a------- c:\windows\SHRED.INI
2009-06-17 17:08 <DIR> --d----- c:\program files\USB Disk Security
2009-06-08 21:39 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-06-08 21:38 <DIR> --d----- c:\program files\World of Warcraft
2009-05-23 22:37 54,156 a---h--- c:\windows\QTFont.qfn
2009-05-23 22:37 1,409 a------- c:\windows\QTFont.for

==================== Find3M ====================

2009-05-30 23:18 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-28 19:02 110,584 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-04-23 00:47 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-07 13:54 20,648 a------- c:\windows\system32\dopdfmn6.dll
2009-04-07 13:54 18,088 a------- c:\windows\system32\dopdfmi6.dll
2009-03-22 15:23 44,968 ac------ c:\windows\War3Unin.dat
2008-07-02 22:16 0 ac------ c:\documents and settings\tony\jagex_runescape_preferences.dat
2008-05-07 22:29 59,744 ac------ c:\docume~1\tony\applic~1\GDIPFONTCACHEV1.DAT
2007-11-01 17:07 604 ac--h--- c:\program files\STLL Notifier
2004-08-04 22:00 2 ---sh--- c:\program files\desktop.ini
2006-05-03 20:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 21:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 23:30 216,064 ---shr-- c:\windows\system32\nbDX.dll
2008-09-04 22:50 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat
2008-12-21 09:39 16,384 ac-sh--- c:\windows\temp\cookies\index.dat
2008-12-21 09:39 16,384 ac-sh--- c:\windows\temp\history\history.ie5\index.dat
2008-12-21 09:39 32,768 ac-sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 17:38:34.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 23 June 2009 - 08:21 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 HyBriD54

HyBriD54
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  

Posted 25 June 2009 - 01:17 AM

Hello :thumbup2:. Thanks for the reply.



DDS (Ver_09-05-14.01) - NTFSx86
Run by Tony at 16:14:53.00 on Thu 25/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1022.490 [GMT 10:00]

FW: F-Secure Anti-Virus 2006 6.10 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\DOCUMENTS AND SETTINGS\TONY\MY DOCUMENTS\APPLICATIONS\FRAPS\FRAPS.EXE
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tony\Desktop\AV\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uDefault_Search_URL = hxxp://ie.search.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [SRS Audio Sandbox] "c:\program files\srs labs\audio sandbox\SRSSSC.exe" /hideme
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Fraps] c:\documents and settings\tony\my documents\applications\fraps\FRAPS.EXE
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver2\LVCOMS.EXE
mRun: [LogitechGalleryRepair] c:\program files\logitech\imagestudio\ISStart.exe
mRun: [LogitechImageStudioTray] c:\program files\logitech\imagestudio\LogiTray.exe
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio 10\uvPL.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Visualware Security Suite] "c:\program files\visualware security suite\tscore.exe" -autostartup
mRun: [L2 Rage Patch] """"""""""""""""""""""""""""""""""""""""""""" silent"
mRun: [WindowBlinds] c:\progra~1\stardock\object~1\window~1\wbload.exe auto
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [OODefragTray] c:\windows\system32\oodtray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\tony\startm~1\programs\startup\cyber-~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\tony\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\documents and settings\tony\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} - hxxp://www.bardownload.com/prompt/cabs/website.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153214301718
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {4C614652-2D27-4EC7-A96B-750C661672EA} = 203.2.75.132,198.142.0.51
Notify: LMIinit - LMIinit.dll
Notify: WB - c:\progra~1\stardock\object~1\window~1\fastload.dll
Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll
AppInit_DLLs: wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\dokajihe.dll c:\windows\system32\wohupuda.dll c:\windows\system32\vufipuye.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\bjpeo509.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-21 64160]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2006-9-3 6097]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-6-5 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-5 47640]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\mmlohi.sys --> c:\windows\system32\drivers\mmlohi.sys [?]
S3 gsplittm;gsplittm;\??\c:\docume~1\tony\locals~1\temp\gsplittm.sys --> c:\docume~1\tony\locals~1\temp\gsplittm.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-19 1003344]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [2009-5-7 29184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-7 34064]
S3 npkycryp;npkycryp;\??\c:\documents and settings\tony\my documents\lily\new folder\npkycryp.sys --> c:\documents and settings\tony\my documents\lily\new folder\npkycryp.sys [?]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\H10USB.sys [2004-6-24 7552]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2006-9-3 299923]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-06-21 18:28 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-21 14:36 <DIR> --d----- c:\docume~1\tony\applic~1\EndNote
2009-06-21 14:35 <DIR> --d----- c:\program files\common files\Thomson ResearchSoft
2009-06-21 14:28 <DIR> --d----- c:\program files\common files\Risxtd
2009-06-21 14:26 <DIR> --d----- c:\program files\EndNote X1
2009-06-21 12:36 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-21 12:34 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-21 12:21 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-06-21 12:20 <DIR> --d----- c:\program files\World of Warcraft
2009-06-17 18:33 <DIR> --d----- C:\AUTORUN.INF
2009-06-17 17:08 <DIR> --d----- c:\program files\USB Disk Security

==================== Find3M ====================

2009-04-28 19:02 110,584 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-04-07 13:54 20,648 a------- c:\windows\system32\dopdfmn6.dll
2009-04-07 13:54 18,088 a------- c:\windows\system32\dopdfmi6.dll
2008-07-02 22:16 0 ac------ c:\documents and settings\tony\jagex_runescape_preferences.dat
2008-05-07 22:29 59,744 ac------ c:\docume~1\tony\applic~1\GDIPFONTCACHEV1.DAT
2007-11-01 17:07 604 ac--h--- c:\program files\STLL Notifier
2004-08-04 22:00 2 ---sh--- c:\program files\desktop.ini
2006-05-03 20:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 21:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 23:30 216,064 ---shr-- c:\windows\system32\nbDX.dll
2008-09-04 22:50 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat
2008-12-21 09:39 16,384 ac-sh--- c:\windows\temp\cookies\index.dat
2008-12-21 09:39 16,384 ac-sh--- c:\windows\temp\history\history.ie5\index.dat
2008-12-21 09:39 32,768 ac-sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 16:15:43.78 ===============

Attached Files


Edited by HyBriD54, 25 June 2009 - 01:18 AM.


#4 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:09:12 AM

Posted 25 June 2009 - 11:02 AM

Hello, HyBriD54

Welcome to the Bleeping Computer Forums. My name is Jat, and I will be helping you with your situation.

If you do not make a reply in 5 days, we will have to close your topic.


You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.



ComboFix

Please download ComboFix from one of these locations (If you already have it, delete it and download again):

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be found here
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Note** ComboFix was designed only to be used under the supervision of a helper, not for general use.

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#5 HyBriD54

HyBriD54
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 26 June 2009 - 02:49 AM

Hi Jat90. Thanks for the quick response. Much appreciated :thumbup2:.

ComboFix 09-06-25.01 - Tony 26/06/2009 17:05.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1022.286 [GMT 10:00]
Running from: c:\documents and settings\Tony\Desktop\TEMP\ComboFix.exe
FW: F-Secure Anti-Virus 2006 6.10 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\windows\system32\AutoRun.inf
c:\windows\system32\omilakas.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3360PR
-------\Service_asc3360pr


((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-06-26 )))))))))))))))))))))))))))))))
.

2009-06-26 06:18 . 2009-06-26 06:18 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-26 06:16 . 2009-06-26 06:16 -------- d-----w- c:\program files\Common Files\Control Panels
2009-06-21 08:28 . 2009-06-21 02:35 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-21 04:36 . 2009-06-22 14:06 -------- d-----w- c:\documents and settings\Tony\Application Data\EndNote
2009-06-21 04:35 . 2009-06-21 04:35 -------- d-----w- c:\program files\Common Files\Thomson ResearchSoft
2009-06-21 04:28 . 2009-06-21 04:28 -------- d-----w- c:\program files\Common Files\Risxtd
2009-06-21 04:26 . 2009-06-21 04:32 -------- d-----w- c:\program files\EndNote X1
2009-06-21 02:36 . 2009-06-21 02:35 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-21 02:34 . 2009-06-21 02:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-21 02:34 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-06-21 02:20 . 2009-06-21 02:20 -------- d-----w- c:\program files\World of Warcraft
2009-06-17 07:08 . 2009-06-21 02:13 -------- d-----w- c:\program files\USB Disk Security
2009-06-08 07:46 . 2009-03-24 04:43 43008 ----a-w- c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\bjpeo509.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-06-08 07:46 . 2009-03-24 04:43 43008 ----a-w- c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\bjpeo509.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-06-08 07:46 . 2009-03-24 04:43 338432 ----a-w- c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\bjpeo509.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-06-08 07:46 . 2009-03-24 04:42 345088 ----a-w- c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\bjpeo509.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-06-08 07:46 . 2009-03-24 04:43 235520 ----a-w- c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\bjpeo509.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-06-08 07:46 . 2009-03-24 04:42 235008 ----a-w- c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\bjpeo509.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 06:23 . 2009-06-21 02:35 387928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-26 06:23 . 2009-06-21 02:35 93512 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-26 06:23 . 2009-06-21 02:35 146432 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-26 06:23 . 2009-06-21 02:35 638840 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-26 06:23 . 2009-06-21 02:35 642920 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-26 06:23 . 2009-06-21 02:35 2431304 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-26 06:23 . 2009-06-21 02:35 705360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-26 06:17 . 2006-07-12 06:41 -------- d-----w- c:\documents and settings\Tony\Application Data\uTorrent
2009-06-26 06:12 . 2007-05-12 12:28 -------- d-----r- c:\program files\LogMeIn
2009-06-25 12:47 . 2006-07-06 08:31 -------- d-----w- c:\program files\Warcraft III
2009-06-25 08:03 . 2006-07-06 08:16 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-21 02:35 . 2009-06-21 02:35 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-21 02:35 . 2009-06-21 02:35 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-21 02:35 . 2009-06-21 02:35 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-21 02:35 . 2009-06-21 02:35 296800 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-21 02:35 . 2009-06-21 02:35 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-21 02:35 . 2009-06-21 02:35 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-21 02:35 . 2009-06-21 02:35 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-21 02:35 . 2009-06-21 02:35 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-21 02:35 . 2009-06-21 02:35 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-21 02:35 . 2009-06-21 02:35 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-21 02:35 . 2009-06-21 02:35 588120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-21 02:35 . 2009-06-21 02:35 1077072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-21 02:33 . 2009-01-25 01:41 -------- d-----w- c:\program files\Lavasoft
2009-06-21 02:33 . 2009-01-25 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-21 02:20 . 2007-02-26 05:40 -------- d-----r- c:\program files\Messenger Plus! Live
2009-06-18 07:38 . 2008-11-06 09:04 -------- d-----w- c:\program files\StepMania
2009-06-17 09:28 . 2007-04-06 09:32 497 -c--a-w- c:\windows\War3Unin.dat
2009-06-15 09:08 . 2006-07-06 08:27 -------- d-----w- c:\program files\Java
2009-05-17 07:22 . 2007-06-01 08:24 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-05-13 06:03 . 2008-01-27 07:30 -------- d-----w- c:\program files\Gravity
2009-05-13 06:03 . 2006-07-06 06:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-09 03:24 . 2006-12-29 11:22 -------- d-----w- c:\documents and settings\Tony\Application Data\dvdcss
2009-05-07 07:36 . 2009-05-07 07:36 -------- d-----w- c:\program files\DIFX
2009-04-28 09:02 . 2009-03-13 10:01 110584 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-04-07 03:54 . 2009-04-20 11:10 20648 ----a-w- c:\windows\system32\dopdfmn6.dll
2009-04-07 03:54 . 2009-04-20 11:10 18088 ----a-w- c:\windows\system32\dopdfmi6.dll
2009-04-04 00:15 . 2009-04-04 00:15 152576 -c--a-w- c:\documents and settings\Tony\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-03 10:05 . 2006-07-08 02:45 110584 -c--a-w- c:\documents and settings\Tony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-11-01 07:07 . 2007-11-01 07:07 604 -c-ha-w- c:\program files\STLL Notifier
2007-05-22 09:14 . 2007-05-12 12:52 8784 -c--a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-05-22 09:17 . 2007-05-12 12:52 245408 -c--a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2006-05-03 10:06 . 2009-02-13 07:48 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2007-11-13 09:52 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-02-13 07:48 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3959136]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-10-26 4354048]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 391296]
"Fraps"="c:\documents and settings\TONY\MY DOCUMENTS\APPLICATIONS\FRAPS\FRAPS.EXE" [2007-07-12 3176621]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L2 Rage Patch"="silent" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-09 417792]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 290816]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-10 69632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-06 180269]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-09 360448]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 90112]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 225280]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-09-11 122880]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 110592]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"WindowBlinds"="c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbload.exe" [2005-01-25 504320]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-03-15 127037]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2630912]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-21 588120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\Tony\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-10-27 225280]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-4-18 576000]
PowerReg Scheduler V3.exe [2006-11-7 294912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-7-6 183296]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 103424]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 161184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 13:34 24576 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-18 09:23 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0OODBS\0lsdelete

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Tony\\My Documents\\SNES\\zsnesw.exe"=
"c:\\Program Files\\LittleFighter2\\LF2_v1.9c\\lf2.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=
"c:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"c:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"=
"c:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"c:\\Program Files\\uTorrent\\utorrent(2).exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Counter-Strike 1.5 Extreme edition\\Half-Life\\hl.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires\\Empires.exe"=
"c:\\Program Files\\SRS Labs\\Audio Sandbox\\SRSSSC.exe"=
"c:\\Program Files\\Stardock\\Object Desktop\\WindowBlinds\\wbload.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe"=
"c:\\Program Files\\Common Files\\Logitech\\QCDriver2\\LVComS.exe"= c:\\Program Files\\Common Files\\Logitech\\QCDriver2\\LVCOMS.EXE
"c:\\Documents and Settings\\Tony\\My Documents\\Applications\\Fraps\\fraps.exe"=
"c:\\WINDOWS\\system32\\jview.exe"=
"c:\\Program Files\\LogMeIn\\x86\\LogMeIn.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=
"c:\\WINDOWS\\system32\\dla\\tfswctrl.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe"=
"c:\\Program Files\\Logitech\\ImageStudio\\LogiTray.exe"=
"c:\\Program Files\\DAEMON Tools\\daemon.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\LogMeIn\\x86\\LMIGuardian.exe"=
"c:\\Program Files\\Ulead Systems\\Ulead VideoStudio 10\\uvPL.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\agent.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Tony\\My Documents\\Applications\\aawsepersonal.exe"=
"c:\\Documents and Settings\\Tony\\My Documents\\Applications\\Ad-AwareAE.exe"=
"c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=
"c:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-AwareAdmin.exe"=
"c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=
"c:\\WINDOWS\\system32\\oodtray.exe"=
"c:\\Program Files\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWService.exe"=
"c:\\WINDOWS\\TEMP\\winouudt.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:SC BW TCP
"6112:UDP"= 6112:UDP:SC BW UDP
"6113:TCP"= 6113:TCP:War3
"6113:UDP"= 6113:UDP:war3 i

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21/06/2009 12:36 PM 64160]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [3/09/2006 4:30 PM 6097]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [19/01/2009 7:34 AM 1072976]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [5/06/2007 8:03 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [5/06/2007 8:03 PM 47640]
S3 gsplittm;gsplittm;\??\c:\docume~1\Tony\LOCALS~1\Temp\gsplittm.sys --> c:\docume~1\Tony\LOCALS~1\Temp\gsplittm.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [7/05/2009 5:36 PM 29184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/11/2007 6:22 AM 34064]
S3 npkycryp;npkycryp;\??\c:\documents and settings\Tony\My Documents\Lily\New Folder\npkycryp.sys --> c:\documents and settings\Tony\My Documents\Lily\New Folder\npkycryp.sys [?]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\H10USB.sys [24/06/2004 2:52 PM 7552]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [3/09/2006 4:30 PM 299923]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASC3360PR

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18B0E5C0-4FCB-11CF-AAX5-004016608512}]
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1113\iuhi32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18B0E5C2-99CB-11CF-AYX5-00401C648513}]
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
.
Contents of the 'Scheduled Tasks' folder

2009-06-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 06:23]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Visualware Security Suite - c:\program files\Visualware Security Suite\tscore.exe
Notify-WBSrv - c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uDefault_Search_URL = hxxp://ie.search.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {4C614652-2D27-4EC7-A96B-750C661672EA} = 203.2.75.132,198.142.0.51
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} - hxxp://www.bardownload.com/prompt/cabs/website.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 17:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-299502267-2025429265-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="443AD8DA506B0F58F0E440FB51297E615A849CCDCDC5284A43571A207A55BCB81BE69005C787AA64B16C5D4DFED1A1113D3F108BAEA7649E2C5CDB3067C8632C4C71E629C896B5BC3D89DC1ADB86D101B5B5DBA74392A01C1A57ABC8334AE28B5C6CC3AD42EDD80BB4F62AB90415499B246B9287736A508E48365F7EB2F97F25844EE67C18034DBC6E540987856CD81119C71C989B3AF68527CAA5F13017920A3070DD8320F0E38572A40DDF6622E453DB1833C88D2E2E5559C8FBC16A898D9080130F332676FE5A80CFA2A79E6C669AE68CE48D0F16A296B6CB371213D9EFCF4AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98085D575E7D6A3B9808FEBC9E127BECC74C822313EACFE76CC8C476B76004CEE05721737F61CF1B3279C658D61C329D02163B677BE9042A334E2499CC4682FA52E215A9B31E675CFD6AF1ED1BE998AEE7D467FE769CDD395F40E2B0D5DFAC47F71A32DA0F9E0499AF99197271E1D7ABB0008C6E0E80053A222E72879018E42D8209F2B79FD9E1C398B0DD1B59292396F0FC1912548647656EDBA73DBD4C31BBE5F137C477BBDD5C4E8B49F1D357D2097E66DD965B9396897DC1BBC4214F3B94DC47405A2BA27CFB2CBD45D5E97862AE758A0D80BA0185074A0ACBE703E6D16FE3B336A55561E2CCD08CA277248D73C7356CC1A50E9B4FD316155A4131CC65943C12A0A792BF5E8F1D70935C928847A95FC2F6B1F524CE78E4764CC07C300C636B736F358578DA16B797B0DEC6D247BADC780CA2165086127E746BAA38B0014F399BF47653B96EC78B63742E58C800F8572A474B94481BD2EE8BE317BEE6A05CB384676826A6CDA0C56ABEC962399FF3BEAC50539EA9547F866BC76FEBDBEDA5ACD962DC2BD7D4AFD7F4D28702E8FB50C605B3B4E2859F71D9778DF59F8C0E5AB8FB6277145802987900D7135B118B4565EEE1BD95DF8E9640C60D3DBEECCB3BB0804BB016A4F712A43E59E893DAE921D5D7AE13ED34D56FD626842EB261142132AE62D66C327EE69695C6DB566858C1186253A9286CCD117D9394836845F9739E035388D2667FF6521EF310D24D3A1D6F656BCC04EBF4A4D7C244CC4F6532B09AAFABBC8C1D0BB51D2717FE3A91973AE16BF89BC486E968CE9C7B6E5D84166D8E97DDBA5E26D2AA02AFCCF8C3B19B37BB33DD08320572AD8DBA88A0895926CEA8D3BF2091C22EF04F70151E2A9C96420BAEE3DA172677D705EE1C6ED18B020EDA300D5D742C1937165051E42D36FC21A385382CC41907E2683ACA38B73B70F958AEE3B6598AB0C12CEDCA168D58E5AB9D11696C0D04505A31D510B03D7ADAF51C82C5C6147F3966AE1B2B5013CD0E4E52DFEDDD497FA9DF9A2D49616CCECF77E1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\LMIinit.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(4428)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\temp\winouudt.exe
.
**************************************************************************
.
Completion time: 2009-06-26 17:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-26 07:44
ComboFix2.txt 2008-10-03 01:22
ComboFix3.txt 2008-10-01 03:26
ComboFix4.txt 2007-01-07 01:42

Pre-Run: 18,071,388,160 bytes free
Post-Run: 17,902,686,208 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=6 Sets=1,2,3,4,5,6
314 --- E O F --- 2008-11-14 05:40

#6 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:09:12 AM

Posted 27 June 2009 - 02:45 AM

Before we continue I must inform you of this:

:thumbup2: Backdoor Threat

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#7 HyBriD54

HyBriD54
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 27 June 2009 - 10:10 AM

Hello again Jat90,

I still need this computer and its files until the middle of next month so any help right now will be immensely useful.

I have already decided weeks back that I will reinstall Windows XP once the school term ends.

So I will take instructions to attempt to remove the threat from the PC.

#8 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:09:12 AM

Posted 28 June 2009 - 06:46 AM

SafeBoot Key Repair

We need to repair Safe Mode
  • Please download Safe Boot Key Repair and save it to your desktop.
  • Run Posted Image by double clicking on it or Right-click on it and click Open
  • Copy and paste the resultant log here in your next reply.
CFScript

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\documents and settings\Tony\My Documents\Lily\New Folder\npkycryp.sys
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1113\iuhi32.exe
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\TEMP\\winouudt.exe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18B0E5C0-4FCB-11CF-AAX5-004016608512}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18B0E5C2-99CB-11CF-AYX5-00401C648513}]

Driver::
npkycryp
ASC3360PR

Reglockdel::
[HKEY_USERS\S-1-5-21-299502267-2025429265-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


In your next reply, please post:
  • SafeBoot log
  • ComboFix log

Edited by Jat90, 28 June 2009 - 06:47 AM.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#9 HyBriD54

HyBriD54
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 28 June 2009 - 07:55 AM

The Safeboot log

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PEVSystemStart]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\procexp90.Sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PEVSystemStart]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\procexp90.Sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PEVSystemStart
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\procexp90.Sys


The ComboFix Log

ComboFix 09-06-25.01 - Tony 28/06/2009 22:32.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1022.662 [GMT 10:00]
Running from: c:\documents and settings\Tony\Desktop\TEMP\ComboFix.exe
Command switches used :: c:\documents and settings\Tony\Desktop\CFScript.txt
FW: F-Secure Anti-Virus 2006 6.10 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

FILE ::
"c:\documents and settings\Tony\My Documents\Lily\New Folder\npkycryp.sys"
"c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe"
"c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1113\iuhi32.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3360PR
-------\Service_asc3360pr
-------\Service_npkycryp


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.

2009-06-26 07:31 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-06-26 07:31 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-06-26 07:31 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-06-26 07:31 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-26 07:31 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-26 07:28 . 2009-06-26 07:28 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-26 07:25 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-06-26 07:25 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-06-26 06:18 . 2009-06-26 06:18 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-26 06:16 . 2009-06-26 06:16 -------- d-----w- c:\program files\Common Files\Control Panels
2009-06-21 08:28 . 2009-06-21 02:35 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-21 04:36 . 2009-06-27 11:49 -------- d-----w- c:\documents and settings\Tony\Application Data\EndNote
2009-06-21 04:35 . 2009-06-21 04:35 -------- d-----w- c:\program files\Common Files\Thomson ResearchSoft
2009-06-21 04:28 . 2009-06-21 04:28 -------- d-----w- c:\program files\Common Files\Risxtd
2009-06-21 04:26 . 2009-06-21 04:32 -------- d-----w- c:\program files\EndNote X1
2009-06-21 02:36 . 2009-06-21 02:35 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-21 02:34 . 2009-06-21 02:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-21 02:34 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-06-17 07:08 . 2009-06-21 02:13 -------- d-----w- c:\program files\USB Disk Security
2009-06-08 07:46 . 2009-03-24 04:43 43008 ----a-w- c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\bjpeo509.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-06-08 07:46 . 2009-03-24 04:43 43008 ----a-w- c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\bjpeo509.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-06-08 07:46 . 2009-03-24 04:43 338432 ----a-w- c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\bjpeo509.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-06-08 07:46 . 2009-03-24 04:42 345088 ----a-w- c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\bjpeo509.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-06-08 07:46 . 2009-03-24 04:43 235520 ----a-w- c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\bjpeo509.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-06-08 07:46 . 2009-03-24 04:42 235008 ----a-w- c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\bjpeo509.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 12:20 . 2006-07-06 08:31 -------- d-----w- c:\program files\Warcraft III
2009-06-28 02:35 . 2009-06-21 02:35 387928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-28 02:35 . 2009-06-21 02:35 93512 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-28 02:35 . 2009-06-21 02:35 146432 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-28 02:35 . 2009-06-21 02:35 630648 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-28 02:35 . 2009-06-21 02:35 634728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-28 02:35 . 2009-06-21 02:35 2423112 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-28 02:35 . 2009-06-21 02:35 697168 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-28 02:35 . 2009-06-21 02:35 600408 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-28 02:35 . 2009-06-21 02:35 1081168 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-28 01:18 . 2006-07-08 02:45 111400 -c--a-w- c:\documents and settings\Tony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-27 15:29 . 2007-05-12 12:28 -------- d-----r- c:\program files\LogMeIn
2009-06-26 14:31 . 2008-05-16 06:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-26 06:17 . 2006-07-12 06:41 -------- d-----w- c:\documents and settings\Tony\Application Data\uTorrent
2009-06-25 08:03 . 2006-07-06 08:16 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-21 02:35 . 2009-06-21 02:35 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-21 02:35 . 2009-06-21 02:35 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-21 02:35 . 2009-06-21 02:35 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-21 02:35 . 2009-06-21 02:35 296800 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-21 02:35 . 2009-06-21 02:35 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-21 02:35 . 2009-06-21 02:35 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-21 02:35 . 2009-06-21 02:35 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-21 02:35 . 2009-06-21 02:35 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-21 02:35 . 2009-06-21 02:35 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-21 02:35 . 2009-06-21 02:35 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-21 02:33 . 2009-01-25 01:41 -------- d-----w- c:\program files\Lavasoft
2009-06-21 02:33 . 2009-01-25 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-21 02:20 . 2007-02-26 05:40 -------- d-----r- c:\program files\Messenger Plus! Live
2009-06-18 07:38 . 2008-11-06 09:04 -------- d-----w- c:\program files\StepMania
2009-06-17 09:28 . 2007-04-06 09:32 497 -c--a-w- c:\windows\War3Unin.dat
2009-06-15 09:08 . 2006-07-06 08:27 -------- d-----w- c:\program files\Java
2009-05-17 07:22 . 2007-06-01 08:24 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-05-13 06:03 . 2008-01-27 07:30 -------- d-----w- c:\program files\Gravity
2009-05-13 06:03 . 2006-07-06 06:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-09 03:24 . 2006-12-29 11:22 -------- d-----w- c:\documents and settings\Tony\Application Data\dvdcss
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 07:36 . 2009-05-07 07:36 -------- d-----w- c:\program files\DIFX
2009-04-29 04:56 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 09:02 . 2009-03-13 10:01 110584 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-07 03:54 . 2009-04-20 11:10 20648 ----a-w- c:\windows\system32\dopdfmn6.dll
2009-04-07 03:54 . 2009-04-20 11:10 18088 ----a-w- c:\windows\system32\dopdfmi6.dll
2009-04-04 00:15 . 2009-04-04 00:15 152576 -c--a-w- c:\documents and settings\Tony\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2007-11-01 07:07 . 2007-11-01 07:07 604 -c-ha-w- c:\program files\STLL Notifier
2007-05-22 09:14 . 2007-05-12 12:52 8784 -c--a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-05-22 09:17 . 2007-05-12 12:52 245408 -c--a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2006-05-03 10:06 . 2009-02-13 07:48 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2007-11-13 09:52 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-02-13 07:48 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-26_07.17.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-28 12:38 . 2009-06-28 12:38 16384 c:\windows\temp\Perflib_Perfdata_5b0.dat
+ 2006-11-27 08:45 . 2008-10-23 10:06 62976 c:\windows\system32\tzchange.exe
- 2006-07-07 15:21 . 2007-08-10 10:46 26488 c:\windows\system32\spupdsvc.exe
+ 2006-07-07 15:21 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
- 2006-11-18 23:30 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2006-11-18 23:30 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2004-08-04 12:00 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
+ 2004-08-04 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
+ 2004-08-04 12:00 . 2009-04-29 04:56 44544 c:\windows\system32\pngfilt.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-04 12:00 . 2009-06-27 01:10 62460 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2009-04-06 09:03 62460 c:\windows\system32\perfc009.dat
+ 2006-07-06 06:42 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2006-07-06 06:42 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-04 12:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
+ 2007-08-13 07:54 . 2009-04-29 04:55 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 07:54 . 2008-08-26 07:24 52224 c:\windows\system32\msfeedsbs.dll
- 2006-07-06 06:42 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
+ 2006-07-06 06:42 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 27648 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 27648 c:\windows\system32\jsproxy.dll
+ 2007-08-13 07:39 . 2009-04-28 09:05 13824 c:\windows\system32\ieudinit.exe
- 2007-08-13 07:39 . 2008-08-25 08:38 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-04 12:00 . 2009-04-29 04:55 44544 c:\windows\system32\iernonce.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 44544 c:\windows\system32\iernonce.dll
- 2004-08-04 12:00 . 2008-08-25 08:37 70656 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-04-28 09:05 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 07:36 . 2009-04-29 04:55 63488 c:\windows\system32\icardie.dll
- 2007-08-13 07:36 . 2008-08-26 07:24 63488 c:\windows\system32\icardie.dll
+ 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-04 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
+ 2004-08-04 12:00 . 2009-04-29 04:56 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2008-01-12 05:02 . 2009-04-29 04:55 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-01-12 05:02 . 2008-08-26 07:24 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-01-12 05:02 . 2009-04-28 09:05 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2008-01-12 05:02 . 2008-08-25 08:38 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2004-08-04 12:00 . 2008-08-26 07:24 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-04 12:00 . 2009-04-28 09:05 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-04 12:00 . 2008-08-25 08:37 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-01-12 05:02 . 2009-04-29 04:55 63488 c:\windows\system32\dllcache\icardie.dll
- 2008-01-12 05:02 . 2008-08-26 07:24 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-06-26 07:28 . 2008-10-16 03:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-26 07:28 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-26 07:28 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-26 07:28 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-26 07:28 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-26 07:28 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-26 07:28 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-26 07:28 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-26 07:28 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-26 07:28 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2006-07-06 08:07 . 2009-06-26 14:32 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2006-07-06 08:07 . 2008-10-15 11:35 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2006-07-06 08:07 . 2008-10-15 11:35 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2006-07-06 08:07 . 2009-06-26 14:32 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2006-07-06 08:07 . 2009-06-26 14:32 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2006-07-06 08:07 . 2008-10-15 11:35 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2006-07-06 08:07 . 2009-06-26 14:32 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2006-07-06 08:07 . 2008-10-15 11:35 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2006-07-06 08:07 . 2009-06-26 14:32 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2006-07-06 08:07 . 2008-10-15 11:35 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2006-07-06 08:07 . 2008-10-15 11:35 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2006-07-06 08:07 . 2009-06-26 14:32 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2006-07-06 08:07 . 2008-10-15 11:35 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2006-07-06 08:07 . 2009-06-26 14:32 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2009-06-26 14:31 . 2009-06-26 14:31 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-11-13 11:33 . 2008-11-13 11:33 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-05-16 06:45 . 2009-06-26 14:31 35088 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-16 06:45 . 2008-11-13 11:34 35088 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-16 06:45 . 2009-06-26 14:31 18704 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-16 06:45 . 2008-11-13 11:34 18704 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-16 06:45 . 2008-11-13 11:34 20240 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-05-16 06:45 . 2009-06-26 14:31 20240 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-02-17 06:02 . 2009-02-17 06:02 35088 c:\windows\Installer\{90120000-0019-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-17 06:02 . 2009-06-26 14:29 35088 c:\windows\Installer\{90120000-0019-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-02-17 06:02 . 2009-02-17 06:02 18704 c:\windows\Installer\{90120000-0019-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-17 06:02 . 2009-06-26 14:29 18704 c:\windows\Installer\{90120000-0019-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-02-17 06:02 . 2009-02-17 06:02 20240 c:\windows\Installer\{90120000-0019-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-17 06:02 . 2009-06-26 14:29 20240 c:\windows\Installer\{90120000-0019-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-16 07:16 . 2008-11-13 11:34 35088 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-16 07:16 . 2009-06-26 14:31 35088 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-16 07:16 . 2008-11-13 11:34 18704 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-16 07:16 . 2009-06-26 14:31 18704 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-16 07:16 . 2009-06-26 14:31 20240 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-16 07:16 . 2008-11-13 11:34 20240 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-16 06:53 . 2008-11-13 11:34 35088 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-16 06:53 . 2009-06-26 14:30 35088 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-16 06:53 . 2009-06-26 14:30 18704 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-16 06:53 . 2008-11-13 11:34 18704 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-16 06:53 . 2008-11-13 11:34 20240 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-05-16 06:53 . 2009-06-26 14:30 20240 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-08-20 12:26 . 2009-06-26 14:28 35088 c:\windows\Installer\{90120000-0015-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-08-20 12:26 . 2008-11-13 11:33 35088 c:\windows\Installer\{90120000-0015-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-08-20 12:26 . 2008-11-13 11:33 18704 c:\windows\Installer\{90120000-0015-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-08-20 12:26 . 2009-06-26 14:28 18704 c:\windows\Installer\{90120000-0015-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-08-20 12:26 . 2009-06-26 14:28 20240 c:\windows\Installer\{90120000-0015-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-08-20 12:26 . 2008-11-13 11:33 20240 c:\windows\Installer\{90120000-0015-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-06-26 14:23 . 2008-08-26 07:24 44544 c:\windows\ie7updates\KB969897-IE7\pngfilt.dll
+ 2009-06-26 14:23 . 2008-08-26 07:24 52224 c:\windows\ie7updates\KB969897-IE7\msfeedsbs.dll
+ 2009-06-26 14:23 . 2008-08-26 07:24 27648 c:\windows\ie7updates\KB969897-IE7\jsproxy.dll
+ 2009-06-26 14:23 . 2008-08-25 08:38 13824 c:\windows\ie7updates\KB969897-IE7\ieudinit.exe
+ 2009-06-26 14:23 . 2008-08-26 07:24 44544 c:\windows\ie7updates\KB969897-IE7\iernonce.dll
+ 2009-06-26 14:23 . 2008-04-14 00:11 81920 c:\windows\ie7updates\KB969897-IE7\ieencode.dll
+ 2009-06-26 14:23 . 2008-08-25 08:37 70656 c:\windows\ie7updates\KB969897-IE7\ie4uinit.exe
+ 2009-06-26 14:23 . 2008-08-26 07:24 63488 c:\windows\ie7updates\KB969897-IE7\icardie.dll
+ 2006-07-06 08:07 . 2009-06-26 14:32 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2006-07-06 08:07 . 2008-10-15 11:35 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2006-07-06 08:07 . 2009-06-26 14:32 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2006-07-06 08:07 . 2008-10-15 11:35 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2006-07-06 08:07 . 2008-10-15 11:35 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2006-07-06 08:07 . 2009-06-26 14:32 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2004-08-04 12:00 . 2008-06-17 19:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2004-08-04 12:00 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 233472 c:\windows\system32\webcheck.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 233472 c:\windows\system32\webcheck.dll
+ 2006-07-06 06:41 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2006-07-06 06:41 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2006-07-06 06:41 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 105984 c:\windows\system32\url.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2008-10-03 10:02 247326 c:\windows\system32\strmdll.dll
+ 2004-08-04 12:00 . 2009-02-06 11:11 110592 c:\windows\system32\services.exe
+ 2004-08-04 12:00 . 2008-12-05 06:54 144896 c:\windows\system32\schannel.dll
+ 2004-08-04 12:00 . 2009-02-09 12:10 401408 c:\windows\system32\rpcss.dll
- 2004-08-04 12:00 . 2009-04-06 09:03 401372 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2009-06-27 01:10 401372 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2008-04-14 00:12 284160 c:\windows\system32\pdh.dll
+ 2004-08-04 12:00 . 2009-03-06 14:22 284160 c:\windows\system32\pdh.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 102912 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 102912 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2009-02-09 12:10 714752 c:\windows\system32\ntdll.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 671232 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 671232 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 193024 c:\windows\system32\msrating.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 193024 c:\windows\system32\msrating.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 477696 c:\windows\system32\mshtmled.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 07:54 . 2008-08-26 07:24 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 07:54 . 2009-04-29 04:55 459264 c:\windows\system32\msfeeds.dll
- 2006-07-06 06:42 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
+ 2006-07-06 06:42 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2006-07-06 06:42 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
+ 2006-07-06 06:42 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
+ 2006-07-06 06:42 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-04 12:00 . 2009-02-09 12:10 729088 c:\windows\system32\lsasrv.dll
+ 2004-08-04 12:00 . 2008-06-17 15:09 100864 c:\windows\system32\logagent.exe
- 2004-08-04 12:00 . 2006-10-18 09:03 100864 c:\windows\system32\logagent.exe
+ 2004-08-04 12:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll
+ 2007-08-13 07:34 . 2009-04-29 04:55 268288 c:\windows\system32\iertutil.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 385024 c:\windows\system32\iedkcs32.dll
- 2007-07-11 01:27 . 2008-08-26 07:24 383488 c:\windows\system32\ieapfltr.dll
+ 2007-07-11 01:27 . 2009-04-29 04:55 383488 c:\windows\system32\ieapfltr.dll
+ 2004-08-04 12:00 . 2009-04-25 05:26 161792 c:\windows\system32\ieakui.dll
- 2004-08-04 12:00 . 2008-08-23 05:54 161792 c:\windows\system32\ieakui.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 230400 c:\windows\system32\ieaksie.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 230400 c:\windows\system32\ieaksie.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-04 12:00 . 2008-10-23 12:36 286720 c:\windows\system32\gdi32.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 133120 c:\windows\system32\extmgr.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 214528 c:\windows\system32\dxtrans.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2008-12-11 10:57 333952 c:\windows\system32\drivers\srv.sys
+ 2004-08-04 12:00 . 2008-06-17 19:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 827392 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 12:00 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-15 05:43 . 2008-12-11 10:57 333952 c:\windows\system32\dllcache\srv.sys
+ 2004-08-04 12:00 . 2008-12-05 06:54 144896 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2009-02-09 12:10 714752 c:\windows\system32\dllcache\ntdll.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2008-01-12 05:02 . 2008-08-26 07:24 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-01-12 05:02 . 2009-04-29 04:55 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2004-08-04 12:00 . 2009-02-09 12:10 729088 c:\windows\system32\dllcache\lsasrv.dll
- 2004-08-04 12:00 . 2006-10-18 09:03 100864 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-04 12:00 . 2008-06-17 15:09 100864 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-04 12:00 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2004-08-04 12:00 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 989696 c:\windows\system32\dllcache\kernel32.dll
+ 2006-07-06 06:43 . 2009-04-25 05:27 636088 c:\windows\system32\dllcache\iexplore.exe
+ 2008-01-12 05:02 . 2009-04-29 04:55 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-01-12 05:02 . 2009-04-29 04:55 383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2008-01-12 05:02 . 2008-08-26 07:24 383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2004-08-04 12:00 . 2008-08-23 05:54 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 12:00 . 2009-04-25 05:26 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 12:00 . 2008-10-23 12:36 286720 c:\windows\system32\dllcache\gdi32.dll
+ 2006-07-06 06:41 . 2009-02-09 12:10 473600 c:\windows\system32\dllcache\fastprox.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-06-26 07:28 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-26 07:28 . 2008-08-26 07:24 826368 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-26 07:28 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-26 07:28 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-26 07:28 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-26 07:28 . 2008-04-14 00:12 108544 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-26 07:28 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-26 07:28 . 2008-04-14 00:11 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-26 07:28 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 12:00 . 2009-02-09 12:10 617472 c:\windows\system32\dllcache\advapi32.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 617472 c:\windows\system32\dllcache\advapi32.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 124928 c:\windows\system32\advpack.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 124928 c:\windows\system32\advpack.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 617472 c:\windows\system32\advapi32.dll
+ 2004-08-04 12:00 . 2009-02-09 12:10 617472 c:\windows\system32\advapi32.dll
+ 2006-07-06 08:07 . 2009-06-26 14:32 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2006-07-06 08:07 . 2008-10-15 11:35 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2006-07-06 08:07 . 2008-10-15 11:35 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2006-07-06 08:07 . 2009-06-26 14:32 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2008-05-16 06:45 . 2008-11-13 11:34 888080 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-05-16 06:45 . 2009-06-26 14:31 888080 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-16 06:45 . 2008-11-13 11:34 217864 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-16 06:45 . 2009-06-26 14:31 217864 c:\windows\Installer\{90120000-001B-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-17 06:02 . 2009-06-26 14:29 272648 c:\windows\Installer\{90120000-0019-0000-0000-0000000FF1CE}\pubs.exe
- 2009-02-17 06:02 . 2009-02-17 06:02 272648 c:\windows\Installer\{90120000-0019-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-17 06:02 . 2009-06-26 14:29 217864 c:\windows\Installer\{90120000-0019-0000-0000-0000000FF1CE}\misc.exe
- 2009-02-17 06:02 . 2009-02-17 06:02 217864 c:\windows\Installer\{90120000-0019-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-16 07:16 . 2008-11-13 11:34 922384 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-16 07:16 . 2009-06-26 14:31 922384 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-16 07:16 . 2009-06-26 14:31 217864 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-16 07:16 . 2008-11-13 11:34 217864 c:\windows\Installer\{90120000-0018-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-16 06:53 . 2009-06-26 14:30 217864 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-16 06:53 . 2008-11-13 11:34 217864 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\misc.exe
- 2008-08-20 12:26 . 2008-11-13 11:33 217864 c:\windows\Installer\{90120000-0015-0000-0000-0000000FF1CE}\misc.exe
+ 2008-08-20 12:26 . 2009-06-26 14:28 217864 c:\windows\Installer\{90120000-0015-0000-0000-0000000FF1CE}\misc.exe
+ 2009-06-26 14:23 . 2008-08-26 07:24 826368 c:\windows\ie7updates\KB969897-IE7\wininet.dll
+ 2009-06-26 14:23 . 2008-08-26 07:24 233472 c:\windows\ie7updates\KB969897-IE7\webcheck.dll
+ 2009-06-26 14:23 . 2008-08-26 07:24 105984 c:\windows\ie7updates\KB969897-IE7\url.dll
+ 2009-06-26 14:24 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB969897-IE7\spuninst\updspapi.dll
+ 2009-06-26 14:24 . 2008-07-09 07:38 231288 c:\windows\ie7updates\KB969897-IE7\spuninst\spuninst.exe
+ 2009-06-26 14:23 . 2008-08-26 07:24 102912 c:\windows\ie7updates\KB969897-IE7\occache.dll
+ 2009-06-26 14:23 . 2008-08-26 07:24 671232 c:\windows\ie7updates\KB969897-IE7\mstime.dll
+ 2009-06-26 14:23 . 2008-08-26 07:24 193024 c:\windows\ie7updates\KB969897-IE7\msrating.dll
+ 2009-06-26 14:23 . 2008-08-26 07:24 477696 c:\windows\ie7updates\KB969897-IE7\mshtmled.dll
+ 2009-06-26 14:23 . 2008-08-26 07:24 459264 c:\windows\ie7updates\KB969897-IE7\msfeeds.dll
+ 2009-06-26 14:23 . 2008-08-23 05:56 635848 c:\windows\ie7updates\KB969897-IE7\iexplore.exe
+ 2009-06-26 14:23 . 2008-08-26 07:24 267776 c:\windows\ie7updates\KB969897-IE7\iertutil.dll
+ 2009-06-26 14:23 . 2008-08-26 07:24 384512 c:\windows\ie7updates\KB969897-IE7\iedkcs32.dll
+ 2009-06-26 14:23 . 2008-08-26 07:24 383488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dll
+ 2009-06-26 14:23 . 2008-08-23 05:54 161792 c:\windows\ie7updates\KB969897-IE7\ieakui.dll
+ 2009-06-26 14:23 . 2008-08-26 07:24 230400 c:\windows\ie7updates\KB969897-IE7\ieaksie.dll
+ 2009-06-26 14:23 . 2008-08-26 07:24 153088 c:\windows\ie7updates\KB969897-IE7\ieakeng.dll
+ 2009-06-26 14:23 . 2008-08-26 07:24 133120 c:\windows\ie7updates\KB969897-IE7\extmgr.dll
+ 2009-06-26 14:23 . 2008-08-26 07:24 214528 c:\windows\ie7updates\KB969897-IE7\dxtrans.dll
+ 2009-06-26 14:23 . 2008-08-26 07:24 347136 c:\windows\ie7updates\KB969897-IE7\dxtmsft.dll
+ 2009-06-26 14:23 . 2008-08-26 07:24 124928 c:\windows\ie7updates\KB969897-IE7\advpack.dll
+ 2009-06-26 14:28 . 2009-06-26 14:28 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2004-08-04 12:00 . 2008-06-17 19:03 2458112 c:\windows\system32\WMVCore.dll
- 2004-08-04 12:00 . 2008-08-26 07:24 1159680 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 1159680 c:\windows\system32\urlmon.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 8461312 c:\windows\system32\shell32.dll
+ 2004-08-04 12:00 . 2008-06-17 19:02 8461312 c:\windows\system32\shell32.dll
+ 2004-08-04 12:00 . 2008-12-20 22:14 1288192 c:\windows\system32\quartz.dll
- 2004-08-04 12:00 . 2008-05-07 05:12 1288192 c:\windows\system32\quartz.dll
+ 2004-08-04 12:00 . 2009-02-06 11:06 2145280 c:\windows\system32\ntoskrnl.exe
- 2004-08-04 12:00 . 2008-08-14 10:09 2145280 c:\windows\system32\ntoskrnl.exe
+ 2004-08-03 22:59 . 2009-02-06 10:32 2023936 c:\windows\system32\ntkrnlpa.exe
- 2004-08-03 22:59 . 2008-08-14 09:33 2023936 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 12:00 . 2009-04-29 04:56 3596288 c:\windows\system32\mshtml.dll
- 2007-08-13 07:54 . 2008-10-03 17:41 6066176 c:\windows\system32\ieframe.dll
+ 2007-08-13 07:54 . 2009-04-29 04:55 6066176 c:\windows\system32\ieframe.dll
+ 2007-02-12 05:10 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat
- 2007-02-12 05:10 . 2007-07-01 03:31 2455488 c:\windows\system32\ieapfltr.dat
+ 2006-07-06 16:35 . 2009-06-28 01:18 1660408 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 12:00 . 2008-06-17 19:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-10-15 05:43 . 2009-04-17 12:26 1847168 c:\windows\system32\dllcache\win32k.sys
- 2004-08-04 12:00 . 2008-08-26 07:24 1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2008-06-17 19:02 8461312 c:\windows\system32\dllcache\shell32.dll
+ 2008-05-07 05:12 . 2008-12-20 22:14 1288192 c:\windows\system32\dllcache\quartz.dll
- 2008-05-07 05:12 . 2008-05-07 05:12 1288192 c:\windows\system32\dllcache\quartz.dll
+ 2008-10-15 05:43 . 2009-02-06 11:08 2189056 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-15 05:43 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 05:43 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-15 05:43 . 2008-08-14 09:33 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-15 05:43 . 2009-02-07 09:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2004-08-04 12:00 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2004-08-04 12:00 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-04 12:00 . 2009-04-29 04:56 3596288 c:\windows\system32\dllcache\mshtml.dll
- 2008-01-12 05:02 . 2008-10-03 17:41 6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2008-01-12 05:02 . 2009-04-29 04:55 6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2008-01-12 05:02 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat
- 2008-01-12 05:02 . 2007-07-01 03:31 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-06-26 07:28 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-26 07:28 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-26 07:28 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-26 07:28 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe
+ 2008-05-16 06:53 . 2009-06-26 14:30 1172240 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-05-16 06:53 . 2008-11-13 11:34 1172240 c:\windows\Installer\{90120000-0016-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-08-20 12:26 . 2009-06-26 14:28 1165584 c:\windows\Installer\{90120000-0015-0000-0000-0000000FF1CE}\accicons.exe
- 2008-08-20 12:26 . 2008-11-13 11:33 1165584 c:\windows\Installer\{90120000-0015-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-06-26 14:23 . 2008-08-26 07:24 1159680 c:\windows\ie7updates\KB969897-IE7\urlmon.dll
+ 2009-06-26 14:23 . 2008-08-27 08:24 3593216 c:\windows\ie7updates\KB969897-IE7\mshtml.dll
+ 2009-06-26 14:23 . 2008-10-03 17:41 6066176 c:\windows\ie7updates\KB969897-IE7\ieframe.dll
+ 2009-06-26 14:23 . 2007-07-01 03:31 2455488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dat
+ 2008-10-15 05:43 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-15 05:43 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 05:43 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 05:43 . 2009-02-07 09:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-15 05:43 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-15 05:43 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-15 05:43 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2004-08-04 12:00 . 2008-11-11 08:34 10838016 c:\windows\system32\wmp.dll
+ 2009-06-26 14:24 . 2009-05-31 23:51 23635392 c:\windows\system32\MRT.exe
+ 2004-08-04 12:00 . 2008-11-11 08:34 10838016 c:\windows\system32\dllcache\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3959136]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-10-26 4354048]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 391296]
"Fraps"="c:\documents and settings\TONY\MY DOCUMENTS\APPLICATIONS\FRAPS\FRAPS.EXE" [2007-07-12 3176621]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L2 Rage Patch"="silent" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1474560]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-09 417792]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 290816]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-10 69632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-06 180269]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-09 360448]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 90112]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 225280]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-09-11 122880]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 110592]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"WindowBlinds"="c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbload.exe" [2005-01-25 504320]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-03-15 127037]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2630912]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-28 518488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\Tony\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-10-27 225280]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-4-18 576000]
PowerReg Scheduler V3.exe [2006-11-7 294912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-7-6 183296]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 103424]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 161184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 13:34 24576 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-18 09:23 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Tony\\My Documents\\SNES\\zsnesw.exe"=
"c:\\Program Files\\LittleFighter2\\LF2_v1.9c\\lf2.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=
"c:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"c:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"=
"c:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"c:\\Program Files\\uTorrent\\utorrent(2).exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Counter-Strike 1.5 Extreme edition\\Half-Life\\hl.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires\\Empires.exe"=
"c:\\Program Files\\SRS Labs\\Audio Sandbox\\SRSSSC.exe"=
"c:\\Program Files\\Stardock\\Object Desktop\\WindowBlinds\\wbload.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe"=
"c:\\Program Files\\Common Files\\Logitech\\QCDriver2\\LVComS.exe"= c:\\Program Files\\Common Files\\Logitech\\QCDriver2\\LVCOMS.EXE
"c:\\Documents and Settings\\Tony\\My Documents\\Applications\\Fraps\\fraps.exe"=
"c:\\WINDOWS\\system32\\jview.exe"=
"c:\\Program Files\\LogMeIn\\x86\\LogMeIn.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=
"c:\\WINDOWS\\system32\\dla\\tfswctrl.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe"=
"c:\\Program Files\\Logitech\\ImageStudio\\LogiTray.exe"=
"c:\\Program Files\\DAEMON Tools\\daemon.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\LogMeIn\\x86\\LMIGuardian.exe"=
"c:\\Program Files\\Ulead Systems\\Ulead VideoStudio 10\\uvPL.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\agent.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= c:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe
"c:\\Documents and Settings\\Tony\\My Documents\\Applications\\aawsepersonal.exe"=
"c:\\Documents and Settings\\Tony\\My Documents\\Applications\\Ad-AwareAE.exe"=
"c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=
"c:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-AwareAdmin.exe"=
"c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=
"c:\\WINDOWS\\system32\\oodtray.exe"=
"c:\\Program Files\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:SC BW TCP
"6112:UDP"= 6112:UDP:SC BW UDP
"6113:TCP"= 6113:TCP:War3
"6113:UDP"= 6113:UDP:war3 i

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21/06/2009 12:36 PM 64160]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [3/09/2006 4:30 PM 6097]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [19/01/2009 7:34 AM 1003344]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [5/06/2007 8:03 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [5/06/2007 8:03 PM 47640]
S3 gsplittm;gsplittm;\??\c:\docume~1\Tony\LOCALS~1\Temp\gsplittm.sys --> c:\docume~1\Tony\LOCALS~1\Temp\gsplittm.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [7/05/2009 5:36 PM 29184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/11/2007 6:22 AM 34064]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\H10USB.sys [24/06/2004 2:52 PM 7552]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [3/09/2006 4:30 PM 299923]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASC3360PR
.
Contents of the 'Scheduled Tasks' folder

2009-06-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 02:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uDefault_Search_URL = hxxp://ie.search.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {4C614652-2D27-4EC7-A96B-750C661672EA} = 203.2.75.132,198.142.0.51
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} - hxxp://www.bardownload.com/prompt/cabs/website.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-28 22:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="443AD8DA506B0F58F0E440FB51297E615A849CCDCDC5284A43571A207A55BCB81BE69005C787AA64B16C5D4DFED1A1113D3F108BAEA7649E2C5CDB3067C8632C4C71E629C896B5BC3D89DC1ADB86D101B5B5DBA74392A01C1A57ABC8334AE28B5C6CC3AD42EDD80BB4F62AB90415499B246B9287736A508E48365F7EB2F97F25844EE67C18034DBC6E540987856CD81119C71C989B3AF68527CAA5F13017920A3070DD8320F0E38572A40DDF6622E453DB1833C88D2E2E5559C8FBC16A898D9080130F332676FE5A80CFA2A79E6C669AE68CE48D0F16A296B6CB371213D9EFCF4AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98085D575E7D6A3B9808FEBC9E127BECC74C822313EACFE76CC8C476B76004CEE05721737F61CF1B3279C658D61C329D02163B677BE9042A334E2499CC4682FA52E215A9B31E675CFD6AF1ED1BE998AEE7D467FE769CDD395F40E2B0D5DFAC47F71A32DA0F9E0499AF99197271E1D7ABB0008C6E0E80053A222E72879018E42D8209F2B79FD9E1C398B0DD1B59292396F0FC1912548647656EDBA73DBD4C31BBE5F137C477BBDD5C4E8B49F1D357D2097E66DD965B9396897DC1BBC4214F3B94DC47405A2BA27CFB2CBD45D5E97862AE758A0D80BA0185074A0ACBE703E6D16FE3B336A55561E2CCD08CA277248D73C7356CC1A50E9B4FD316155A4131CC65943C12A0A792BF5E8F1D70935C928847A95FC2F6B1F524CE78E4764CC07C300C636B736F358578DA16B797B0DEC6D247BADC780CA2165086127E746BAA38B0014F399BF47653B96EC78B63742E58C800F8572A474B94481BD2EE8BE317BEE6A05CB384676826A6CDA0C56ABEC962399FF3BEAC50539EA9547F866BC76FEBDBEDA5ACD962DC2BD7D4AFD7F4D28702E8FB50C605B3B4E2859F71D9778DF59F8C0E5AB8FB6277145802987900D7135B118B4565EEE1BD95DF8E9640C60D3DBEECCB3BB0804BB016A4F712A43E59E893DAE921D5D7AE13ED34D56FD626842EB261142132AE62D66C327EE69695C6DB566858C1186253A9286CCD117D9394836845F9739E035388D2667FF6521EF310D24D3A1D6F656BCC04EBF4A4D7C244CC4F6532B09AAFABBC8C1D0BB51D2717FE3A91973AE16BF89BC486E968CE9C7B6E5D84166D8E97DDBA5E26D2AA02AFCCF8C3B19B37BB33DD08320572AD8DBA88A0895926CEA8D3BF2091C22EF04F70151E2A9C96420BAEE3DA172677D705EE1C6ED18B020EDA300D5D742C1937165051E42D36FC21A385382CC41907E2683ACA38B73B70F958AEE3B6598AB0C12CEDCA168D58E5AB9D11696C0D04505A31D510B03D7ADAF51C82C5C6147F3966AE1B2B5013CD0E4E52DFEDDD497FA9DF9A2D49616CCECF77E1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\LMIinit.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(3804)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2009-06-28 22:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-28 12:48
ComboFix2.txt 2009-06-26 07:44
ComboFix3.txt 2008-10-03 01:22
ComboFix4.txt 2008-10-01 03:26
ComboFix5.txt 2009-06-28 12:31

Pre-Run: 15,172,210,688 bytes free
Post-Run: 15,029,133,312 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=6 Sets=1,2,3,4,5,6
654 --- E O F --- 2009-06-26 14:32



#10 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:09:12 AM

Posted 29 June 2009 - 05:59 PM

On closer inspection this looks to be the Sality virus. This is a file infector and is thus incurable:

:thumbup2: SALITY :)

Your System is infected with Sality!!
Sality is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix this. You will need to format/reinstall the operating system on this machine.

I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc..
Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.

Read here for instructions how to format and reinstall Windows:

http://web.mit.edu/ist/products/winxp/adva...all-format.html

Edited by Jat90, 29 June 2009 - 05:59 PM.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#11 HyBriD54

HyBriD54
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 30 June 2009 - 07:44 AM

So there's no cure huh?

Okay, I'll have to reformat it soon then...

Thanks for the help Jat90 :thumbup2:.

#12 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:09:12 AM

Posted 01 July 2009 - 05:07 AM

Yes it is incurable as it infects legitimate files which have to be replaced, as so many files become infected a clean reformat would solve the problem. If we tried to disinfect there's a chance we could miss one file which could then go onto reinfect. Reformatting ensures this does not occur.

Since the problem appears to be resolved, this topic is now Closed. Glad I could help.
If you need this topic reopened, please send me a message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users