Results 1 to 2 of 2

Thread: Spybot will not load, after fixing a Google redirect virus.

  1. #1
    Junior Member
    Join Date
    Aug 2009
    Posts
    2

    Angry Spybot will not load, after fixing a Google redirect virus.

    Hello all and thanks in advance, I am a very loyal Spybot user for many years.

    My problem started, I think, with a Google redirect virus. No matter what link I clicked on in a google search It took me to a shopping or other search page.

    I immediately went to spybot to run a scan, even before I went to my regular virus scan "CA security suite 2009". I figured if CA didn't catch it when it got in then I should try something else first.

    Spybot opened the first time I tried to run it after infection, but as soon as I hit check for problems, the spybot scan started and then spybot shut down.

    I tried to open spybot again and now it says "Windows cannot access the specified device, path or file. you may not have the appropriate permissions to access the item."

    I checked and found the spybot.exe was set as a read only and hidden file. I tried to remove the check marks to make it usable and I get the message "access is denied".

    I tried to uninstall and reinstall still wouldnt run. I then reinstalled and put in a different folder c:\program files\Spybot - Search & Destroy2. Adding the 2 to the folder allowed spybot to run but as soon as I started a scan it again quit and locked the file.

    I tried a scan with my CA Security Suite and found only some cookies and spyware no viruses. I tried to update the CA product and update would not work.

    I downloaded "Windows Defender" and "trend Micro" both installed, updated, but when a scan was started they shut down and I was locked out. I then tried an online scan at CA but as soon as it started IE8 shut down. So I tried another online scan but used Firefox browser. Scan started and then Firefox was shut down and I am locked out of Firefox. Almost laughable!

    On the reccomendation of a computer savy friend I downloaded "IObit Security 360" it scanned, and seemed to have fixed the google redirections.

    I then ran combofix thinking it might fix my access problems but it didn't. I will include its log.

    Current problems, Restore points are gone, I have no access privilages to many programs and such, I am unable to copy to my dvd burner, Norton ghost says "Unable to retrieve, Access Denied" . So I can't back up my work database to external hard drive.

    I ran "hijack this" and have a log file I am including. After it ran once I was locked out. I have reinstalled "hijack this" and now it seems to work.

    Please help.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:26:27 AM, on 8/21/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\IObit\IObit Security 360NEW\IS360srv.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Norton Ghost\Agent\VProTray.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
    C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
    C:\Program Files\IObit\IObit Security 360NEW\IS360tray.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IObit\Advanced SystemCare 3new\AWC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CAGlobal.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/USREL/1
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
    O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
    O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
    O4 - HKLM\..\Run: [EmbassySecurityCheck] "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"
    O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
    O4 - HKLM\..\Run: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe"
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
    O4 - HKLM\..\Run: [DCPstrApp] C:\Program Files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe
    O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\casc.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
    O4 - HKLM\..\Run: [CAPPActiveProtection] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe"
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe"
    O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan /startup
    O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
    O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
    O4 - HKLM\..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360NEW\IS360tray.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3new\AWC.exe" /startup
    O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
    O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\UmxSbxExw.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
    O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360NEW\IS360srv.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
    O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
    O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    O23 - Service: NTRU TSS v1.2.1.27 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 20113 bytes
    --------------------------------------------------------------------------------------------

  2. #2
    Junior Member
    Join Date
    Aug 2009
    Posts
    2

    Default

    ComboFix log wouldn't fit in first post so I include it here.

    Thanks again,
    Bodie

    ComboFix 09-08-20.02 - Bodie 08/20/2009 23:57.1.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2651 [GMT -5:00]
    Running from: c:\documents and settings\Bodie\Desktop\Combo-Fix.exe
    AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
    FW: CA Personal Firewall *enabled* {38102F93-1B6E-4922-90E1-A35D8DC6DAA3}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\-1709462746
    c:\documents and settings.\NetworkService\Favorites\Desktop.ini
    c:\windows\setup.exe
    c:\documents and settings.\NetworkService\Favorites\Desktop.ini . . . . failed to delete

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
    -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


    ((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
    .

    2009-08-21 02:37 . 2009-08-21 02:37 -------- d-----w- c:\program files\STOPzilla!
    2009-08-21 02:37 . 2009-08-21 02:37 -------- d-----w- c:\program files\Common Files\iS3
    2009-08-20 23:31 . 2009-08-20 23:31 -------- d-----w- c:\documents and settings\Bodie\Application Data\IObit
    2009-08-20 18:22 . 2008-06-19 22:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2009-08-20 18:22 . 2009-08-20 18:22 -------- d-----w- c:\program files\Panda Security
    2009-08-20 17:30 . 2009-07-16 23:12 161008 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
    2009-08-20 17:30 . 2009-07-16 23:12 880512 ----a-w- c:\windows\system32\drivers\vetefile.sys
    2009-08-20 17:30 . 2009-07-16 23:12 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
    2009-08-20 17:30 . 2009-07-16 23:12 108320 ----a-w- c:\windows\system32\drivers\veteboot.sys
    2009-08-20 17:30 . 2009-07-16 23:12 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys
    2009-08-20 17:30 . 2009-07-16 23:12 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys
    2009-08-20 17:30 . 2009-07-16 23:11 111856 ----a-w- c:\windows\system32\isafprod.dll
    2009-08-20 17:08 . 2009-08-20 17:16 -------- d-----w- c:\documents and settings\Bodie\Application Data\GetRightToGo
    2009-08-20 16:12 . 2009-08-20 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
    2009-08-20 16:12 . 2009-08-20 23:47 -------- d-----w- c:\program files\IObit
    2009-08-20 02:44 . 2009-08-20 02:45 -------- d-----w- c:\documents and settings\Bodie\.housecall6.6
    2009-08-20 02:36 . 2009-08-20 02:36 218736 ----a-w- c:\documents and settings\Bodie\Application Data\HouseCall 6.6\patch.exe
    2009-08-20 02:36 . 2009-08-20 02:36 189968 ----a-w- c:\documents and settings\Bodie\Application Data\HouseCall 6.6\ciussi32.dll
    2009-08-20 02:36 . 2009-08-20 02:36 170512 ----a-w- c:\documents and settings\Bodie\Application Data\HouseCall 6.6\PATCHW32.DLL
    2009-08-20 02:36 . 2009-08-20 02:36 1267320 ----a-w- c:\documents and settings\Bodie\Application Data\HouseCall 6.6\TmUpdate.dll
    2009-08-20 02:36 . 2009-08-20 02:36 61440 ----a-w- c:\documents and settings\Bodie\Application Data\HouseCall 6.6\Toolkit.dll
    2009-08-20 02:36 . 2009-08-20 02:36 832776 ----a-w- c:\documents and settings\Bodie\Application Data\HouseCall 6.6\lea.dll
    2009-08-20 02:36 . 2009-08-20 02:36 439560 ----a-w- c:\documents and settings\Bodie\Application Data\HouseCall 6.6\jlea.dll
    2009-08-20 02:36 . 2009-08-20 02:36 42320 ----a-w- c:\documents and settings\Bodie\Application Data\HouseCall 6.6\dsvout.dll
    2009-08-20 02:36 . 2009-08-20 02:36 183356 ----a-w- c:\documents and settings\Bodie\Application Data\HouseCall 6.6\Uninstaller.exe
    2009-08-20 02:36 . 2009-08-20 02:40 -------- d-----w- c:\documents and settings\Bodie\Application Data\HouseCall 6.6
    2009-08-20 00:59 . 2009-08-20 17:29 -------- d-----w- c:\program files\Windows Defender
    2009-08-19 23:13 . 2009-08-19 23:13 -------- d-----w- c:\documents and settings\Bodie\Application Data\Yahoo!
    2009-08-19 23:13 . 2009-08-21 04:51 -------- d-----w- c:\program files\Yahoo!
    2009-08-19 01:36 . 2009-08-19 23:33 -------- d-----w- c:\program files\Spybot - Search & Destroy2
    2009-08-19 00:19 . 2009-08-19 00:19 542945 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\a188c1bf-a7d5-42ec-9344-109090dc0306\PP\ppclean.exe
    2009-08-19 00:19 . 2009-08-19 00:19 820464 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\a188c1bf-a7d5-42ec-9344-109090dc0306\PP\ppctl.dll
    2009-08-19 00:19 . 2009-08-19 00:19 177392 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\a188c1bf-a7d5-42ec-9344-109090dc0306\PP\caAspyScan.dll
    2009-08-19 00:18 . 2009-08-19 00:18 296224 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\a188c1bf-a7d5-42ec-9344-109090dc0306\AV\arclib.dll
    2009-08-19 00:18 . 2009-08-19 00:18 247024 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\a188c1bf-a7d5-42ec-9344-109090dc0306\AV\CAAVScan.dll
    2009-08-19 00:18 . 2009-08-19 00:18 1353016 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\a188c1bf-a7d5-42ec-9344-109090dc0306\AV\vete.dll
    2009-08-19 00:07 . 2009-08-19 00:07 820464 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\fe4b8794-0e3c-41ac-af6a-04eedc207fab\PP\ppctl.dll
    2009-08-19 00:07 . 2009-08-19 00:07 542945 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\fe4b8794-0e3c-41ac-af6a-04eedc207fab\PP\ppclean.exe
    2009-08-19 00:07 . 2009-08-19 00:07 177392 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\fe4b8794-0e3c-41ac-af6a-04eedc207fab\PP\caAspyScan.dll
    2009-08-19 00:06 . 2009-08-19 00:06 296224 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\fe4b8794-0e3c-41ac-af6a-04eedc207fab\AV\arclib.dll
    2009-08-19 00:06 . 2009-08-19 00:06 247024 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\fe4b8794-0e3c-41ac-af6a-04eedc207fab\AV\CAAVScan.dll
    2009-08-19 00:06 . 2009-08-19 00:06 1353016 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\fe4b8794-0e3c-41ac-af6a-04eedc207fab\AV\vete.dll
    2009-08-19 00:04 . 2009-08-19 00:04 820464 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\d5d40ac8-117e-47ce-8f4a-f6dbeda4a23b\PP\ppctl.dll
    2009-08-19 00:04 . 2009-08-19 00:04 542945 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\d5d40ac8-117e-47ce-8f4a-f6dbeda4a23b\PP\ppclean.exe
    2009-08-19 00:04 . 2009-08-19 00:04 177392 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\d5d40ac8-117e-47ce-8f4a-f6dbeda4a23b\PP\caAspyScan.dll
    2009-08-19 00:03 . 2009-08-19 00:03 296224 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\d5d40ac8-117e-47ce-8f4a-f6dbeda4a23b\AV\arclib.dll
    2009-08-19 00:03 . 2009-08-19 00:03 247024 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\d5d40ac8-117e-47ce-8f4a-f6dbeda4a23b\AV\CAAVScan.dll
    2009-08-19 00:03 . 2009-08-19 00:03 1353016 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\d5d40ac8-117e-47ce-8f4a-f6dbeda4a23b\AV\vete.dll
    2009-08-19 00:01 . 2009-08-19 00:01 820464 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\890f2d72-41e8-4cb9-9be3-e05ed8c7a5c0\PP\ppctl.dll
    2009-08-19 00:01 . 2009-08-19 00:01 542945 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\890f2d72-41e8-4cb9-9be3-e05ed8c7a5c0\PP\ppclean.exe
    2009-08-19 00:01 . 2009-08-19 00:01 177392 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\890f2d72-41e8-4cb9-9be3-e05ed8c7a5c0\PP\caAspyScan.dll
    2009-08-19 00:00 . 2009-08-19 00:00 296224 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\890f2d72-41e8-4cb9-9be3-e05ed8c7a5c0\AV\arclib.dll
    2009-08-19 00:00 . 2009-08-19 00:00 247024 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\890f2d72-41e8-4cb9-9be3-e05ed8c7a5c0\AV\CAAVScan.dll
    2009-08-19 00:00 . 2009-08-19 00:00 1353016 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\890f2d72-41e8-4cb9-9be3-e05ed8c7a5c0\AV\vete.dll
    2009-08-18 23:26 . 2009-08-18 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-08-18 22:49 . 2009-08-18 22:49 -------- d-----w- c:\documents and settings\Bodie\Local Settings\Application Data\Easy CD-DA Extractor
    2009-08-18 22:48 . 2009-08-18 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Easy CD-DA Extractor
    2009-08-18 22:48 . 2009-08-18 22:48 -------- d-----w- c:\program files\Easy CD-DA Extractor 12
    2009-08-18 22:48 . 2009-08-18 22:48 -------- d-----w- c:\windows\Easy CD-DA Extractor 12.0.1
    2009-08-18 19:51 . 2009-08-18 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
    2009-08-17 22:58 . 2009-08-18 23:28 -------- d-----w- c:\documents and settings\Bodie\Application Data\IDM
    2009-08-17 22:58 . 2009-08-18 23:24 -------- d-----w- c:\documents and settings\Bodie\Application Data\DMCache
    2009-08-17 22:58 . 2009-08-18 23:28 -------- d-----w- c:\program files\Internet Download Manager
    2009-08-14 18:33 . 2009-08-14 18:38 -------- d-----w- c:\documents and settings\Bodie\Application Data\Argali
    2009-08-13 21:58 . 2009-08-13 21:58 -------- d-----w- c:\documents and settings\Bodie\Local Settings\Application Data\Activision
    2009-08-13 16:17 . 2009-08-13 22:32 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2009-08-13 16:17 . 2009-08-13 21:23 22328 ----a-w- c:\documents and settings\Bodie\Application Data\PnkBstrK.sys
    2009-08-13 16:17 . 2009-08-13 22:31 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
    2009-08-13 16:17 . 2009-08-13 21:23 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
    2009-08-13 16:17 . 2009-08-13 21:23 682280 ----a-w- c:\windows\system32\pbsvc.exe
    2009-08-13 05:37 . 2009-08-18 23:26 -------- d-----w- c:\program files\DAP
    2009-08-12 21:19 . 2009-08-12 21:19 17979 ----a-w- c:\program files\Common Files\qitum.pif
    2009-08-12 21:19 . 2009-08-12 21:19 12903 ----a-w- c:\documents and settings\Bodie\Local Settings\Application Data\uzosaz.bin
    2009-08-12 21:19 . 2009-08-12 21:19 12608 ----a-w- c:\documents and settings\Bodie\Local Settings\Application Data\vylasavad.pif
    2009-08-12 21:19 . 2009-08-12 21:19 12194 ----a-w- c:\windows\utupu.sys
    2009-08-12 21:19 . 2009-08-12 21:19 12185 ----a-w- c:\program files\Common Files\tufocucazi.exe
    2009-08-12 21:19 . 2009-08-12 21:19 11000 ----a-w- c:\windows\kafyqi.bin
    2009-08-12 21:19 . 2009-08-12 21:19 10278 ----a-w- c:\windows\system32\ozeficagu.bin
    2009-08-12 21:19 . 2009-08-12 21:19 10276 ----a-w- c:\documents and settings\Bodie\Application Data\yzypyxo.com
    2009-08-10 20:12 . 2009-08-10 20:12 -------- d-----w- c:\program files\LeeGTs Games
    2009-07-29 06:16 . 2009-07-29 06:16 -------- d-----w- c:\program files\iPod
    2009-07-29 06:16 . 2009-07-29 06:16 -------- d-----w- c:\program files\iTunes
    2009-07-29 06:08 . 2009-07-29 06:08 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
    2009-07-29 01:47 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2009-07-29 01:47 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2009-07-28 04:12 . 2009-08-19 02:10 -------- d-----w- c:\documents and settings\Bodie\Local Settings\Application Data\My Games
    2009-07-28 03:31 . 2009-07-28 03:31 -------- d-----w- c:\program files\2K Games
    2009-07-24 01:57 . 2009-07-24 01:57 41872 ----a-w- c:\windows\system32\xfcodec.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-21 05:08 . 2009-03-25 18:03 0 ----a-w- c:\documents and settings\Bodie\Local Settings\Application Data\WavXMapDrive.bat
    2009-08-21 04:53 . 2009-08-21 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
    2009-08-21 04:50 . 2009-03-28 03:12 -------- d-----w- c:\documents and settings\Bodie\Application Data\CallingID
    2009-08-21 02:46 . 2009-08-21 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
    2009-08-20 16:09 . 2009-03-18 05:16 31871 ----a-w- c:\windows\system32\nvModes.dat
    2009-08-20 02:44 . 2009-08-20 02:37 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2009-08-20 02:37 . 2009-08-20 02:37 90183 ----a-w- c:\documents and settings\Bodie\Application Data\HouseCall 6.6\TmEngDrv.dll
    2009-08-20 02:37 . 2009-08-20 02:37 98304 ----a-w- c:\documents and settings\Bodie\Application Data\HouseCall 6.6\getMac.exe
    2009-08-20 02:37 . 2009-08-20 02:37 69632 ----a-w- c:\documents and settings\Bodie\Application Data\HouseCall 6.6\mfcm80.dll
    2009-08-20 02:37 . 2009-08-20 02:37 626688 ----a-w- c:\documents and settings\Bodie\Application Data\HouseCall 6.6\msvcr80.dll
    2009-08-20 02:37 . 2009-08-20 02:37 57344 ----a-w- c:\documents and settings\Bodie\Application Data\HouseCall 6.6\mfcm80u.dll
    2009-08-20 02:37 . 2009-08-20 02:37 548864 ----a-w- c:\documents and settings\Bodie\Application Data\HouseCall 6.6\msvcp80.dll
    2009-08-20 02:37 . 2009-08-20 02:37 479232 ----a-w- c:\documents and settings\Bodie\Application Data\HouseCall 6.6\msvcm80.dll
    2009-08-20 02:37 . 2009-08-20 02:37 1093632 ----a-w- c:\documents and settings\Bodie\Application Data\HouseCall 6.6\mfc80.dll
    2009-08-20 02:37 . 2009-08-20 02:37 1079808 ----a-w- c:\documents and settings\Bodie\Application Data\HouseCall 6.6\mfc80u.dll
    2009-08-19 23:32 . 2009-06-01 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-08-19 02:10 . 2009-03-18 05:26 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-08-19 02:09 . 2009-07-14 05:59 -------- d-----w- c:\documents and settings\Bodie\Application Data\My Games
    2009-08-19 00:41 . 2009-06-01 03:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-08-19 00:39 . 2009-05-05 15:06 7804 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-08-18 23:58 . 2009-03-28 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
    2009-08-18 23:26 . 2009-03-28 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
    2009-08-18 22:59 . 2009-03-28 04:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-08-18 05:44 . 2009-06-10 08:41 -------- d-----w- c:\program files\Activision
    2009-08-13 08:03 . 2009-03-29 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-08-12 21:19 . 2009-08-12 21:19 19265 ----a-w- c:\program files\Common Files\eroj.ban
    2009-08-12 21:19 . 2009-08-12 21:19 16423 ----a-w- c:\program files\Common Files\hewanyb.lib
    2009-08-12 21:19 . 2009-08-12 21:19 15761 ----a-w- c:\documents and settings\Bodie\Application Data\itedeho.bin
    2009-08-12 21:14 . 2009-03-28 03:08 -------- d-----w- c:\program files\Common Files\Scanner
    2009-08-11 19:31 . 2009-03-28 03:08 -------- d-----w- c:\program files\ISSThirdParty
    2009-08-05 09:01 . 2008-04-25 16:16 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-08-03 20:49 . 2009-03-25 21:14 -------- d-----w- c:\documents and settings\Bodie\Application Data\Apple Computer
    2009-08-01 23:39 . 2009-03-18 05:59 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-07-30 14:37 . 2009-03-28 03:04 111856 ----a-w- c:\windows\system32\wbem\canvprov.dll
    2009-07-29 06:16 . 2009-03-25 21:13 -------- d-----w- c:\program files\Common Files\Apple
    2009-07-28 03:33 . 2009-04-08 06:31 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2009-07-28 03:09 . 2009-03-25 21:38 -------- d-----w- c:\program files\PokerStars
    2009-07-20 19:57 . 2009-07-20 19:57 17408 ----a-r- c:\windows\system32\SZIO5.dll
    2009-07-20 19:56 . 2009-07-20 19:56 311296 ----a-r- c:\windows\system32\SZBase5.dll
    2009-07-20 19:56 . 2009-07-20 19:56 540672 ----a-r- c:\windows\system32\SZComp5.dll
    2009-07-17 19:01 . 2008-04-25 16:16 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-16 23:11 . 2009-03-28 03:08 99568 ----a-w- c:\windows\system32\isafeif.dll
    2009-07-15 06:18 . 2009-07-15 06:18 -------- d-----w- c:\program files\Bethesda Softworks
    2009-07-14 05:10 . 2009-07-14 05:10 -------- d-----w- c:\program files\Firaxis Games
    2009-07-14 04:43 . 2008-04-25 16:16 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-14 02:52 . 2009-07-14 02:52 -------- d-----w- c:\program files\RVG Software
    2009-07-13 23:32 . 2009-07-10 00:14 -------- d-----w- c:\documents and settings\Bodie\Application Data\dvdcss
    2009-07-10 17:07 . 2009-03-25 19:54 -------- d-----w- c:\program files\XMLODBC
    2009-07-10 07:17 . 2009-07-10 07:12 -------- d-----w- c:\program files\mpb
    2009-07-09 20:52 . 2009-07-09 20:52 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
    2009-07-09 20:52 . 2009-07-09 20:52 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
    2009-07-09 20:51 . 2009-07-09 20:51 385024 ----a-r- c:\windows\system32\IS3UI5.dll
    2009-07-09 20:51 . 2009-07-09 20:51 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
    2009-07-09 20:51 . 2009-07-09 20:51 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
    2009-07-09 20:50 . 2009-07-09 20:50 225280 ----a-r- c:\windows\system32\IS3Win325.dll
    2009-07-09 20:50 . 2009-07-09 20:50 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
    2009-07-09 20:50 . 2009-07-09 20:50 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
    2009-07-09 20:47 . 2009-07-09 20:47 724992 ----a-r- c:\windows\system32\IS3Base5.dll
    2009-07-03 17:09 . 2008-04-25 16:16 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-06-25 08:25 . 2008-04-25 16:16 54272 ----a-w- c:\windows\system32\wdigest.dll
    2009-06-25 08:25 . 2008-04-25 16:16 56832 ----a-w- c:\windows\system32\secur32.dll
    2009-06-25 08:25 . 2008-04-25 16:16 147456 ----a-w- c:\windows\system32\schannel.dll
    2009-06-25 08:25 . 2008-04-25 16:16 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-06-25 08:25 . 2008-04-25 16:16 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2009-06-25 08:25 . 2008-04-25 16:16 301568 ----a-w- c:\windows\system32\kerberos.dll
    2009-06-24 22:40 . 2009-06-24 22:40 -------- d-----w- c:\documents and settings\Bodie\Application Data\vlc
    2009-06-24 11:18 . 2008-04-25 16:16 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2009-06-23 22:47 . 2009-06-23 22:47 -------- d-----w- c:\program files\QuickTime
    2009-06-16 14:36 . 2008-04-25 16:16 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-16 14:36 . 2008-04-25 16:16 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-12 12:31 . 2008-04-25 16:16 80896 ----a-w- c:\windows\system32\tlntsess.exe
    2009-06-12 12:31 . 2008-04-25 16:16 76288 ----a-w- c:\windows\system32\telnet.exe
    2009-06-10 15:46 . 2009-03-18 05:44 69648 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-06-10 15:43 . 2009-03-18 06:01 69648 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-06-10 14:19 . 2008-04-25 21:26 2066432 ----a-w- c:\windows\system32\mstscax.dll
    2009-06-10 14:13 . 2008-04-25 16:16 84992 ----a-w- c:\windows\system32\avifil32.dll
    2009-06-10 06:14 . 2008-04-25 16:16 132096 ----a-w- c:\windows\system32\wkssvc.dll
    2009-06-08 16:02 . 2009-06-08 16:02 145912 ----a-w- c:\windows\system32\drivers\KmxCF.sys
    2009-06-08 16:02 . 2009-06-08 16:02 115704 ----a-w- c:\windows\system32\drivers\KmxFw.sys
    2009-06-08 16:02 . 2009-06-08 16:02 108024 ----a-w- c:\windows\system32\drivers\KmxStart.sys
    2009-06-04 19:45 . 2009-06-04 19:45 128 ----a-w- c:\documents and settings\Bodie\Local Settings\Application Data\fusioncache.dat
    2009-06-03 19:09 . 2008-04-25 16:16 1291264 ----a-w- c:\windows\system32\quartz.dll
    2009-05-31 20:33 . 2009-05-31 20:29 96818 ----a-w- c:\windows\hpqins11.dat
    2009-05-31 20:21 . 2009-05-31 20:07 157641 ----a-w- c:\windows\hpoins27.dat
    2009-05-26 18:20 . 2009-06-05 20:26 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-26 18:19 . 2009-06-05 20:26 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{022F2F51-CDDA-4873-8A29-72C66C808A3F}"
    [HKEY_CLASSES_ROOT\CLSID\{022F2F51-CDDA-4873-8A29-72C66C808A3F}]
    2008-07-25 16:16 282112 ----a-w- c:\windows\system32\mscoree.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{661963C1-99A1-44e7-A671-1CF3768AE9D4}"
    [HKEY_CLASSES_ROOT\CLSID\{661963C1-99A1-44e7-A671-1CF3768AE9D4}]
    2008-07-25 16:16 282112 ----a-w- c:\windows\system32\mscoree.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-09-08 160592]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3new\AWC.exe" [2009-06-30 2329224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-05-14 105472]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-09-04 1343488]
    "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2008-06-24 243000]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-07 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-07 13594624]
    "Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-01-20 2245984]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-26 122368]
    "EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2008-06-24 79160]
    "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2008-08-18 598016]
    "DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2008-10-01 1454080]
    "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-10-17 442536]
    "DCPstrApp"="c:\program files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe" [2008-08-04 6656]
    "ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-05-30 180224]
    "cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2009-08-05 374000]
    "CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-07-16 271600]
    "CAPPActiveProtection"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe" [2009-06-23 333040]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-28 2220032]
    "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-16 729088]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-02-23 483420]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-21 177472]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
    "QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe" [2009-08-11 14064]
    "CaPPcl"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe" [2009-06-23 570608]
    "capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-07-16 636144]
    "capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-07-16 337136]
    "IObit Security 360"="c:\program files\IObit\IObit Security 360NEW\IS360tray.exe" [2009-08-20 943888]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-07 1657376]
    "NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2009-02-07 90112]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-09-08 160592]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2008-11-11 950048]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-3-18 50688]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2009-06-23 1422776]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
    2007-06-06 20:46 79368 ----a-w- c:\windows\system32\UmxWNP.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_Dlls"=1 (0x1)
    "AppInit_DLLs"=c:\windows\system32\UmxSbxExw.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 wvauth

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    "DownloadAccelerator"="c:\program files\DAP\DAP.EXE" /STARTUP
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe"
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
    "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
    "hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
    "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\SLWIN\\SQLANY8\\dbeng8.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\DAP\\DAP.exe"=
    "c:\\SLWIN\\Slw.exe"=
    "g:\\warez download game\\com_oh_op_fr\\my drive backup00678\\Company of Heroes Opposing Fronts\\RelicCOH.exe"=
    "c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
    "c:\\WINDOWS\\system32\\java.exe"=
    "g:\\Tom.Clancys.H.A.W.X-SKIDROW\\HAWX.exe"=
    "g:\\Tom.Clancys.H.A.W.X-SKIDROW\\HAWX_dx10.exe"=
    "g:\\warez download game\\worms\\Worms.4.Mayhem. max grab\\Worms.4.Mayhem.Multi\\WORMS 4 MAYHEM.EXE"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "c:\\Program Files\\AutoWatch Utility\\AWUtil.exe"=
    "c:\\Program Files\\Activision\\Prototype\\prototypef.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/8/2009 11:02 AM 108024]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/20/2009 1:22 PM 28544]
    R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [5/12/2009 2:13 PM 61328]
    R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [4/1/2009 10:45 AM 73720]
    R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [4/28/2009 10:52 AM 55288]
    R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/8/2009 11:02 AM 115704]
    R2 BCMWLNPF;Broadcom Netgroup Packet Filter;c:\windows\system32\drivers\BCMWLNPF.SYS [3/18/2009 12:49 AM 33664]
    R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [9/4/2008 5:28 PM 406808]
    R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [3/27/2009 10:04 PM 128240]
    R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [11/11/2008 4:35 PM 808296]
    R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [11/11/2008 4:35 PM 20840]
    R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [11/11/2008 3:00 PM 451872]
    R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360NEW\is360srv.exe [8/20/2009 11:13 PM 305936]
    R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/8/2009 11:02 AM 145912]
    R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [3/27/2009 4:27 PM 58872]
    R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [12/11/2008 7:08 AM 3575808]
    R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [4/25/2008 11:16 AM 5120]
    R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [4/1/2009 10:45 AM 875000]
    R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [6/15/2009 11:32 AM 760664]
    R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [4/1/2009 10:45 AM 207352]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [3/18/2009 2:09 AM 112512]
    R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [3/18/2009 12:35 AM 12840]
    R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [3/18/2009 2:09 AM 32808]
    R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [4/1/2009 10:45 AM 205304]
    R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [3/18/2009 2:09 AM 148056]
    R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [3/18/2009 2:09 AM 133632]
    R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [3/18/2009 2:09 AM 280096]
    R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [3/27/2009 10:08 PM 222448]
    S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [10/1/2008 4:28 AM 90112]
    S3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 5:13 PM 1553896]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-08-19 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    - c:\program files\Spybot - Search & Destroy2\SpybotSD.exe [2009-08-19 20:31]
    c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

    2009-08-21 c:\windows\Tasks\User_Feed_Synchronization-{153E6DC1-F6EE-4F9D-A248-016ABF9DEFFF}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-SITEguard - (no file)
    HKU-Default-Run-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn
    mDefault_Search_URL = hxxp://www.google.com/ie
    mSearch Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://www.google.com
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
    LSP: c:\windows\system32\VetRedir.dll
    DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
    FF - ProfilePath - c:\documents and settings\Bodie\Application Data\Mozilla\Firefox\Profiles\hcsrev6o.default\
    FF - prefs.js: browser.startup.homepage - hxxp://search.speedbit.com
    FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-21 00:08
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\windows\repair

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,93,e3,c8,d5,47,ae,49,af,32,21,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,93,e3,c8,d5,47,ae,49,af,32,21,\

    [HKEY_USERS\S-1-5-21-788179540-3239287152-3918983888-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:68,8b,6f,1a,02,39,8a,a5,ab,bd,11,a5,dc,b2,2d,40,70,ec,5e,0d,60,f1,f3,
    40,a7,da,46,df,00,80,3e,dc,3a,bd,0c,80,38,cb,1e,f2,60,ed,b1,4d,4a,0c,d1,5d,\
    "??"=hex:67,ea,fb,e5,01,92,e5,c7,bc,7e,05,f8,b8,23,92,24

    [HKEY_USERS\S-1-5-21-788179540-3239287152-3918983888-1005\Software\SecuROM\License information*]
    "datasecu"=hex:a5,9b,68,a8,60,86,cb,f1,13,b4,b7,47,3d,cd,7e,4a,10,92,d1,3b,0e,
    29,ee,7e,9a,37,cc,c7,48,fb,ae,9d,16,8c,44,0b,24,d1,26,ff,48,99,a1,4e,11,3b,\
    "rkeysecu"=hex:bc,b7,e0,46,e7,38,95,c1,e2,41,d3,40,fd,6c,1b,4e
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(920)
    c:\windows\system32\UmxWnp.Dll
    c:\windows\system32\msi.dll
    c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
    c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
    c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

    - - - - - - - > 'lsass.exe'(1196)
    c:\windows\system32\wvauth.dll
    c:\windows\system32\biolsp.dll

    - - - - - - - > 'explorer.exe'(4044)
    c:\windows\system32\WININET.dll
    c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
    c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
    c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
    c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmUserInterface.dll
    c:\program files\Google\Quick Search Box\bin\1.2.1137.3514\qsb.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Roxio\Drag-to-Disc\Shellex.dll
    c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
    c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    SystemRoot\System32\smss.exe [1032]
    ??\c:\windows\system32\csrss.exe [1316]
    ??\c:\windows\system32\winlogon.exe [920]
    c:\windows\system32\services.exe [1116]
    c:\windows\system32\lsass.exe [1196]
    c:\windows\system32\svchost.exe [924]
    c:\windows\system32\svchost.exe [1956]
    c:\windows\System32\svchost.exe [576]
    c:\windows\system32\svchost.exe [760]
    c:\windows\system32\svchost.exe [1364]
    c:\windows\system32\svchost.exe [1612]
    c:\windows\System32\WLTRYSVC.EXE [2028]
    c:\windows\System32\bcmwltry.exe [244]
    c:\windows\system32\spoolsv.exe [884]
    c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [1212]
    c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [168]
    c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [1848]
    c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [1952]
    c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe [1200]
    c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [804]
    c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1320]
    c:\windows\System32\SCardSvr.exe [1124]
    c:\windows\system32\svchost.exe [1984]
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [664]
    c:\program files\Bonjour\mDNSResponder.exe [1020]
    c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [1328]
    c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [1580]
    c:\windows\system32\svchost.exe [468]
    c:\windows\System32\svchost.exe [1332]
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [1644]
    c:\program files\IObit\IObit Security 360NEW\IS360srv.exe [852]
    c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [1676]
    c:\windows\System32\svchost.exe [2052]
    c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2432]
    c:\windows\system32\nvsvc32.exe [2520]
    c:\windows\System32\svchost.exe [2592]
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2996]
    c:\windows\system32\svchost.exe [3520]
    c:\windows\system32\dllhost.exe [3932]
    c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [320]
    c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [3448]
    c:\program files\Windows Media Player\WMPNetwk.exe [1484]
    c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [3936]
    c:\windows\system32\wbem\wmiprvse.exe [2280]
    c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [3412]
    c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe [2320]
    c:\windows\system32\dllhost.exe [2128]
    c:\program files\CA\CA Internet Security Suite\ccprovsp.exe [3652]
    c:\windows\System32\alg.exe [2652]
    c:\windows\system32\msdtc.exe [3772]
    c:\windows\system32\CF23474.exe [556]
    c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [2008]
    c:\program files\Synaptics\SynTP\SynTPEnh.exe [3044]
    c:\program files\Wave Systems Corp\SecureUpgrade.exe [3996]
    c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2124]
    c:\windows\system32\RUNDLL32.EXE [840]
    c:\windows\system32\rundll32.exe [2064]
    c:\program files\Norton Ghost\Agent\VProTray.exe [2084]
    c:\program files\Microsoft IntelliPoint\ipoint.exe [3620]
    c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe [3684]
    c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe [1760]
    c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [3180]
    c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [2704]
    c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2400]
    c:\windows\system32\WLTRAY.exe [4192]
    c:\windows\system32\AESTFltr.exe [4828]
    c:\program files\IDT\WDM\sttray.exe [5452]
    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [5904]
    c:\program files\iTunes\iTunesHelper.exe [4816]
    c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe [4980]
    c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [5624]
    c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe [6108]
    c:\program files\IObit\IObit Security 360NEW\IS360tray.exe [4520]
    c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [4728]
    c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [5028]
    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [5296]
    c:\program files\Microsoft ActiveSync\wcescomm.exe [5892]
    c:\program files\Windows Media Player\WMPNSCFG.exe [2928]
    c:\windows\system32\ctfmon.exe [4548]
    c:\program files\IObit\Advanced SystemCare 3new\AWC.exe [4964]
    c:\program files\iPod\bin\iPodService.exe [5960]
    c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [6116]
    c:\progra~1\MI3AA1~1\rapimgr.exe [4120]
    c:\windows\explorer.exe [4044]
    c:\combo-fix\catchme.cfxxe [2328]
    .
    **************************************************************************
    .
    Completion time: 2009-08-21 0:15 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-21 05:15

    Pre-Run: 108,379,017,216 bytes free
    Post-Run: 108,547,162,112 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    553 --- E O F --- 2009-08-20 16:03

    ------------------------------------------
    Do NOT run 'FIXES' before helpers have analyzed the HJT log
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
    Last edited by tashi; 2009-08-21 at 09:56. Reason: Posts too long to merge, added links to Forum FAQS as FYI

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •