so i was googling and found this: http://forums.spybot.info/showthread.php?t=23391
And followed it as best i could for my pc, but since i know that ther will be too many differences between the pcs i figured i'd post my own hijack this log and have a more direct help for what's going on with my pc.
I have a fresh DL of combofix, have run vundofix as well and got nothing to show up on it. and it is the same problem as before cannot delete the core.cache.dsk. it also has been teaming up with something called right media around thre same time, not sure if they are truly related though.
hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:23 PM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Saitek\Software\ProfilerU.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\Silicon Image\3132-W-I32-S SATARAID5\SATARaid5ConfigService.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\Program Files\Hamachi\hamachi.exe
D:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\wolgon\Desktop\HiJackThis.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: nextads browser optimizer - {d3d85b50-863b-c602-dd37-e23c14c9dfb4} - C:\WINDOWS\system32\{7c15529c-3f62-80f7-b948-524a7a34cbae}.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{7c15529c-3f62-80f7-b948-524a7a34cbae}.dll" DllInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: hamachi.lnk = D:\Program Files\Hamachi\hamachi.exe
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
O4 - Global Startup: SATARaid5Manager.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SATARaid5 Configuration Service (SATARaid5 Config Service) - Unknown owner - C:\Program Files\Silicon Image\3132-W-I32-S SATARAID5\SATARaid5ConfigService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 7631 bytes
and just got the spybot log
--- Search result list ---
Smitfraud-C.CoreService: [SBI $9C656B9A] Data (File, fixed)
C:\WINDOWS\system32\drivers\core.cache.dsk
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-04-07 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-04-16 Includes\Adware.sbi (*)
2008-04-17 Includes\AdwareC.sbi (*)
2008-04-17 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-04-17 Includes\DialerC.sbi (*)
2008-04-17 Includes\HeavyDuty.sbi (*)
2008-03-19 Includes\Hijackers.sbi (*)
2008-04-17 Includes\HijackersC.sbi (*)
2008-02-27 Includes\Keyloggers.sbi (*)
2008-04-17 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-03-26 Includes\Malware.sbi (*)
2008-04-17 Includes\MalwareC.sbi (*)
2008-03-26 Includes\PUPS.sbi (*)
2008-04-17 Includes\PUPSC.sbi (*)
2008-04-17 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-04-17 Includes\SecurityC.sbi (*)
2008-04-16 Includes\Spybots.sbi (*)
2008-04-17 Includes\SpybotsC.sbi (*)
2008-04-16 Includes\Spyware.sbi (*)
2008-04-17 Includes\SpywareC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-04-16 Includes\Trojans.sbi (*)
2008-04-17 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2008-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: High Definition Audio Driver Package - KB888111
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901190)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911164)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921503)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Update for Windows XP (KB933360)
/ Windows XP / SP3: Security Update for Windows XP (KB933729)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Security Update for Windows XP (KB936021)
/ Windows XP / SP3: Security Update for Windows XP (KB938127)
/ Windows XP / SP3: Update for Windows XP (KB938828)
/ Windows XP / SP3: Security Update for Windows XP (KB938829)
/ Windows XP / SP3: Security Update for Windows XP (KB939653)
/ Windows XP / SP3: Security Update for Windows XP (KB941202)
/ Windows XP / SP3: Security Update for Windows XP (KB941568)
/ Windows XP / SP3: Security Update for Windows XP (KB941644)
/ Windows XP / SP3: Security Update for Windows XP (KB941693)
/ Windows XP / SP3: Update for Windows XP (KB942763)
/ Windows XP / SP3: Security Update for Windows XP (KB943055)
/ Windows XP / SP3: Security Update for Windows XP (KB943460)
/ Windows XP / SP3: Security Update for Windows XP (KB943485)
/ Windows XP / SP3: Security Update for Windows XP (KB944653)
/ Windows XP / SP3: Security Update for Windows XP (KB945553)
/ Windows XP / SP3: Security Update for Windows XP (KB946026)
/ Windows XP / SP3: Security Update for Windows XP (KB948590)
/ Windows XP / SP3: Security Update for Windows XP (KB948881)
--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: E28D00EC675F5F5A5A0555E7A4523A6E
Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1177368
MD5: 3D10C5AD7B66C1D89888677A84527D66
Located: HK_LM:Run, C-Media Mixer
command: Mixer.exe /startup
file: C:\WINDOWS\Mixer.exe
size: 1818624
MD5: F83709D0BACBA84D297183825F089D98
Located: HK_LM:Run, CmPCIaudio
command: RunDll32 CMICNFG3.CPL,CMICtrlWnd
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, IMJPMIG8.1
command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
size: 208952
MD5: 7BBE4CF421AECC7F0226EDD75F12079F
Located: HK_LM:Run, Lexmark 1200 Series
command: "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
file: C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
size: 57344
MD5: CBDA2D5F8338812923B92D80F410AD5E
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1626112
MD5: 9493BFFB9F82EFEC742F5C56A279BD5B
Located: HK_LM:Run, PHIME2002A
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024DC0F68DF5FD6AE9DD82DFBAF479D6
Located: HK_LM:Run, PHIME2002ASync
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024DC0F68DF5FD6AE9DD82DFBAF479D6
Located: HK_LM:Run, Profiler
command: C:\Program Files\Saitek\Software\ProfilerU.exe
file: C:\Program Files\Saitek\Software\ProfilerU.exe
size: 163840
MD5: B3D05E6EC43FCA41583142CB683D3D22
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 413696
MD5: 6DF76965A0FB8237E9C3B3CAB9815EC2
Located: HK_LM:Run, SaiMfd
command: C:\Program Files\Saitek\Software\SaiMfd.exe
file: C:\Program Files\Saitek\Software\SaiMfd.exe
size: 126976
MD5: 0D94EF26919CFC285F5AC90225C8CE34
Located: HK_LM:Run, spa_start
command: C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{7c15529c-3f62-80f7-b948-524a7a34cbae}.dll" DllInit
file: C:\WINDOWS\System32\Rundll32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
Located: HK_LM:Run, Zboard
command: C:\Program Files\Ideazon\ZEngine\Zboard.exe
file: C:\Program Files\Ideazon\ZEngine\Zboard.exe
size: 57344
MD5: 80415652792E4EAADE84CEAC9A30FFA5
Located: HK_LM:RunOnce, SpybotDeletingA584
command: command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingC8090
command: cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6
Located: HK_CU:Run, ctfmon.exe
where: PE_C_ATOKADA...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, SpybotSD TeaTimer
where: PE_C_ATOKADA...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F
Located: HK_CU:Run, Uniblue RegistryBooster 2
where: PE_C_ATOKADA...
command: C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Uniblue SpeedUpMyPC
where: PE_C_ATOKADA...
command: C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, updateMgr
where: PE_C_ATOKADA...
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
size: 313472
MD5: 43F3F6D33C793089A7C32B45DA16094B
Located: HK_CU:Run, Yahoo! Pager
where: PE_C_ATOKADA...
command: "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
file: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
size: 4670704
MD5: C7048E3DD4D9FA3AF7BC2747EF5C433F
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1214440339-1682526488-682003330-1004...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, DAEMON Tools Lite
where: S-1-5-21-1214440339-1682526488-682003330-1004...
command: "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
file: D:\Program Files\DAEMON Tools Lite\daemon.exe
size: 486856
MD5: 4DDC9855F979205414FCD9F7D1D65B7F
Located: HK_CU:Run, Skype
where: S-1-5-21-1214440339-1682526488-682003330-1004...
command: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
file: C:\Program Files\Skype\Phone\Skype.exe
size: 21686568
MD5: 8D7A6AB6665530A90C00FABD30136D4A
Located: HK_CU:Run, Yahoo! Pager
where: S-1-5-21-1214440339-1682526488-682003330-1004...
command: "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
file: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
size: 4670704
MD5: C7048E3DD4D9FA3AF7BC2747EF5C433F
Located: HK_CU:RunOnce, SpybotDeletingB6689
where: S-1-5-21-1214440339-1682526488-682003330-1004...
command: command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingD9134
where: S-1-5-21-1214440339-1682526488-682003330-1004...
command: cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6
Located: Startup (common), ASUS WiFi-AP Solo.lnk
where: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup...
command: C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
file: C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
size: 995328
MD5: 491467588D2F646219B4F1BB895B7690
Located: Startup (common), SATARaid5Manager.lnk
where: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup...
command: C:\WINDOWS\Installer\{4DC2A589-2010-4A5A-80D6-B0F2102FABEE}\_30291c08.exe
file: C:\WINDOWS\Installer\{4DC2A589-2010-4A5A-80D6-B0F2102FABEE}\_30291c08.exe
size: 1206
MD5: 852DD76A6624F91119915E771C9CF477
Located: Startup (user), hamachi.lnk
where: C:\Documents and Settings\wolgon\Start Menu\Programs\Startup...
command: D:\Program Files\Hamachi\hamachi.exe
file: D:\Program Files\Hamachi\hamachi.exe
size: 624416
MD5: 2B132EF3B8D7815198D1B5BC9C72C26C
Located: Startup (user), MagicDisc.lnk
where: C:\Documents and Settings\wolgon\Start Menu\Programs\Startup...
command: D:\Program Files\MagicDisc\MagicDisc.exe
file: D:\Program Files\MagicDisc\MagicDisc.exe
size: 557568
MD5: F03CF56CAA358BD3E31C73B040EE67F5
Located: Startup (disabled), Xfire (DISABLED)
command: E:\PROGRA~1\Xfire\xfire.exe
file: E:\PROGRA~1\Xfire\xfire.exe
size: 2858832
MD5: 15902A060D7ECC7B89FFB981FA498EC0
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: &Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\
Long name: yt.dll
Short name:
Date (created): 9/5/2007 5:48:58 PM
Date (last access): 4/20/2008 7:47:42 PM
Date (last write): 9/5/2007 5:48:58 PM
Filesize: 816400
Attributes: archive
MD5: C1B2B3EF8AC5C8C32670D4EC7D524964
CRC32: AB11046B
Version: 2007.9.5.1
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 10/23/2006 12:08:42 AM
Date (last access): 4/20/2008 7:04:52 PM
Date (last write): 10/23/2006 12:08:42 AM
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456
{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} (Winamp Toolbar BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Winamp Toolbar BHO
CLSID name: Winamp Toolbar BHO
Path: C:\Program Files\Winamp Toolbar\
Long name: winamptb.dll
Short name:
Date (created): 10/4/2007 4:06:22 PM
Date (last access): 4/20/2008 7:04:52 PM
Date (last write): 10/4/2007 4:06:22 PM
Filesize: 1135968
Attributes: archive
MD5: C39F62709E6E154FD64847BC84D41337
CRC32: 12B5D234
Version: 5.1.6.2
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files\AVG\AVG8\
Long name: avgssie.dll
Short name:
Date (created): 4/20/2008 12:05:30 AM
Date (last access): 4/20/2008 7:04:54 PM
Date (last write): 4/20/2008 12:05:30 AM
Filesize: 419096
Attributes: archive
MD5: DA81132E88295813BDD4F8F681560160
CRC32: 73B399CD
Version: 8.0.0.90
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 9/16/2007 12:14:56 AM
Date (last access): 4/20/2008 7:00:38 PM
Date (last write): 1/28/2008 11:43:28 AM
Filesize: 1554256
Attributes: archive
MD5: 5248E02EFBCB64D328647CD00E384B85
CRC32: C1B426A9
Version: 1.5.0.11
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Yahoo! IE Services Button
Path: C:\Program Files\Yahoo!\Common\
Long name: yiesrvc.dll
Short name:
Date (created): 10/31/2006 4:33:52 PM
Date (last access): 4/20/2008 7:36:26 PM
Date (last write): 10/31/2006 4:33:52 PM
Filesize: 198136
Attributes: archive
MD5: F8981F09E8DA4FDB7F6B6E2B5361AEAE
CRC32: 2CDBBB6C
Version: 2006.10.31.3
{d3d85b50-863b-c602-dd37-e23c14c9dfb4} (nextads browser optimizer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: nextads browser optimizer
Path: C:\WINDOWS\system32\
Long name: {7c15529c-3f62-80f7-b948-524a7a34cbae}.dll
Short name: {7C155~1.DLL
Date (created): 4/4/2008 8:41:44 AM
Date (last access): 4/20/2008 7:36:26 PM
Date (last write): 4/4/2008 8:41:44 AM
Filesize: 329216
Attributes: archive
MD5: 1C66C0EC6B71C5B21B9D7944DE8DD50E
CRC32: 050688A9
Version: 2.0.0.0
--- ActiveX list ---
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support)
DPF name:
CLSID name: Installation Support
Installer:
Codebase: C:\Program Files\Yahoo!\Common\Yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\Common\
Long name: YInstHelper.dll
Short name: YINSTH~1.DLL
Date (created): 3/15/2007 10:13:06 PM
Date (last access): 4/20/2008 7:36:26 PM
Date (last write): 3/15/2007 10:13:06 PM
Filesize: 209448
Attributes: archive
MD5: 4380A4799E826AF03FD975B4A71E9268
CRC32: 423BF1F7
Version: 2007.3.15.1
{31435657-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf
Codebase: http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_05
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\j2re1.4.2_05\bin\
Long name: NPJPI142_05.dll
Short name: NPJPI1~1.DLL
Date (created): 6/4/2068 2:05:12 AM
Date (last access): 4/20/2008 7:36:26 PM
Date (last write): 6/4/2004 2:05:06 AM
Filesize: 65650
Attributes: archive
MD5: 174488C8877FA852448D1937C322AABB
CRC32: 62C2460D
Version: 1.4.2.50
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_05
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
description:
classification: Legitimate
known filename: NPJPI142_05.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.2_05\bin\
Long name: NPJPI142_05.dll
Short name: NPJPI1~1.DLL
Date (created): 6/4/2068 2:05:12 AM
Date (last access): 4/20/2008 7:36:26 PM
Date (last write): 6/4/2004 2:05:06 AM
Filesize: 65650
Attributes: archive
MD5: 174488C8877FA852448D1937C322AABB
CRC32: 62C2460D
Version: 1.4.2.50
--- Process list ---
PID: 0 ( 0) [System]
PID: 480 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 700 ( 480) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 728 ( 480) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 800 ( 728) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 812 ( 728) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 988 ( 800) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1044 ( 800) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1400 ( 800) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1512 ( 800) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1648 ( 800) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1984 ( 800) C:\WINDOWS\system32\LEXBCES.EXE
size: 311296
MD5: A1043645D16915DF12A6F2E049922A18
PID: 2008 (1984) C:\WINDOWS\system32\LEXPPS.EXE
size: 174592
MD5: AF31E60B6BF71BD74B16DDF5C679FBA3
PID: 2016 ( 800) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1104 ( 864) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
PID: 1344 (1104) C:\Program Files\Ideazon\ZEngine\Zboard.exe
size: 57344
MD5: 80415652792E4EAADE84CEAC9A30FFA5
PID: 1352 (1104) C:\Program Files\Saitek\Software\ProfilerU.exe
size: 163840
MD5: B3D05E6EC43FCA41583142CB683D3D22
PID: 1380 (1104) C:\Program Files\Saitek\Software\SaiMfd.exe
size: 126976
MD5: 0D94EF26919CFC285F5AC90225C8CE34
PID: 1508 (1104) C:\WINDOWS\Mixer.exe
size: 1818624
MD5: F83709D0BACBA84D297183825F089D98
PID: 1584 (1104) C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
size: 57344
MD5: CBDA2D5F8338812923B92D80F410AD5E
PID: 1620 (1584) C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
size: 53248
MD5: 6041683BD131110B462D41263DCDB4F9
PID: 1716 ( 800) C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
size: 282904
MD5: D6320CC11021419D249D1271459E33F2
PID: 1752 (1104) C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1177368
MD5: 3D10C5AD7B66C1D89888677A84527D66
PID: 1760 ( 800) C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
size: 20543
MD5: B81F8778F5BB485F3B75114F0C99A49F
PID: 1804 (1104) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 368 ( 800) C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
size: 65599
MD5: 68C060CE0BD72DD66313356BA698BFF2
PID: 1364 (1104) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
size: 4670704
MD5: C7048E3DD4D9FA3AF7BC2747EF5C433F
PID: 1248 (1104) C:\Program Files\Mozilla Firefox\firefox.exe
size: 7660656
MD5: B366BB8334CDCFB5C2A58DCF5121B6BC
PID: 272 (1104) D:\Program Files\DAEMON Tools Lite\daemon.exe
size: 486856
MD5: 4DDC9855F979205414FCD9F7D1D65B7F
PID: 1032 ( 800) C:\WINDOWS\system32\nvsvc32.exe
size: 155716
MD5: 472A00D2183C9E5EDB3E076272741812
PID: 172 (1104) C:\Program Files\Skype\Phone\Skype.exe
size: 21686568
MD5: 8D7A6AB6665530A90C00FABD30136D4A
PID: 1560 ( 800) C:\Program Files\Silicon Image\3132-W-I32-S SATARAID5\SATARaid5ConfigService.exe
size: 131072
MD5: F6321D6505EBDD699F7DBBEB996127C8
PID: 1616 (1760) C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
size: 20543
MD5: B81F8778F5BB485F3B75114F0C99A49F
PID: 1928 ( 800) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1536 (1716) C:\PROGRA~1\AVG\AVG8\avgam.exe
size: 658200
MD5: 7744857AE435988C61FC400B7A5CA3C7
PID: 316 ( 800) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 2148 (1716) C:\Program Files\AVG\AVG8\avgrsx.exe
size: 311576
MD5: 622C0B028C6ABD0AFE4BD4AD70BC632E
PID: 2164 ( 800) C:\WINDOWS\system32\UAService7.exe
size: 126976
MD5: 0EDFE36E05A62888EFF6D97AE494B2A5
PID: 2212 (1716) C:\PROGRA~1\AVG\AVG8\avgnsx.exe
size: 437016
MD5: DCAFCE63F4D986891CE89F706BB76F09
PID: 3064 ( 800) C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
size: 172032
MD5: AF65875403A3BC39F299390387651C4F
PID: 3412 (1104) C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
size: 995328
MD5: 491467588D2F646219B4F1BB895B7690
PID: 3680 ( 800) C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
size: 135227
MD5: 4D864C3526C573E54FBDA663A7855FE2
PID: 2196 ( 800) C:\PROGRA~1\AVG\AVG8\avgemc.exe
size: 902424
MD5: 06DCDA534F189867D84B22D9AFF51F52
PID: 2644 (1104) D:\Program Files\Hamachi\hamachi.exe
size: 624416
MD5: 2B132EF3B8D7815198D1B5BC9C72C26C
PID: 2796 (1104) D:\Program Files\MagicDisc\MagicDisc.exe
size: 557568
MD5: F03CF56CAA358BD3E31C73B040EE67F5
PID: 3500 ( 800) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3216 ( 172) C:\Program Files\Skype\Plugin Manager\skypePM.exe
size: 2051016
MD5: 8A4177883F756B18B50366B3B1878E5F
PID: 644 (2320) C:\WINDOWS\system32\CF16346.exe
PID: 2844 (1104) D:\Program Files\Trillian\trillian.exe
size: 1873280
MD5: 99F7CCC74F57EFD0F366FCF61C0DD04B
PID: 1812 (1104) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 4 ( 0) System
PID: 1884 (1104) D:\VundoFix.exe
size: 147456
MD5: 1E270E3BD9BA83C0D556CE5BCCD6AB8C
PID: 16116 (1400) C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
size: 743936
MD5: B719C7D08847D3C9EFD63732E1072A40
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 4/20/2008 7:48:10 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: NVIDIA App Filter over [MSAFD Tcpip [TCP/IP]]
GUID: {F63EE5EE-4792-454D-86FE-45362E11D7F5}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll
Protocol 1: NVIDIA App Filter over [MSAFD Tcpip [UDP/IP]]
GUID: {F63EE5EE-4792-454D-86FE-45362E11D7F5}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll
Protocol 2: NVIDIA App Filter over [MSAFD Tcpip [RAW/IP]]
GUID: {F63EE5EE-4792-454D-86FE-45362E11D7F5}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll
Protocol 3: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 4: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 5: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 6: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: NVIDIA App Filter
GUID: {561A1E9F-D78B-40E3-866D-4CE5CF6BB83F}
Filename: %SYSTEMROOT%\system32\nvappfilter.dll
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{14478B34-A537-4853-A315-39D45A76C75C}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{14478B34-A537-4853-A315-39D45A76C75C}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C7C6AD52-D2A5-48CE-B09D-EA1DAD25C82E}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C7C6AD52-D2A5-48CE-B09D-EA1DAD25C82E}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{94427C91-1A86-4183-B65D-A6982E30C7E7}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{94427C91-1A86-4183-B65D-A6982E30C7E7}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E2167FCA-EE91-4504-AE38-3DD24C5A0F6B}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E2167FCA-EE91-4504-AE38-3DD24C5A0F6B}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{11EA74E4-6443-4B7C-989A-0B0983F85F83}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{11EA74E4-6443-4B7C-989A-0B0983F85F83}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C3C4A4D8-592B-46EE-A384-5D4B5BDE0DE0}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C3C4A4D8-592B-46EE-A384-5D4B5BDE0DE0}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D445DBE4-40BE-41B1-BE89-20C05DE7A21B}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D445DBE4-40BE-41B1-BE89-20C05DE7A21B}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
i think it fixed with one run of combofix but i'll post the log in case ther eis something i cannot see in it.
ComboFix 08-04-20.2 - wolgon 2008-04-20 20:04:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1519 [GMT -4:00]
Running from: C:\Documents and Settings\wolgon\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\SiWinAccc.sys
C:\WINDOWS\system32\pac.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SiWinAccc
-------\Legacy_SiWinAccc
-------\Service_SiWinAccc
((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))
.
2008-04-20 20:04 . 2008-04-20 20:04 1,024 --ah----- C:\Documents and Settings\Default User.WINDOWS\ntuser.dat.LOG
2008-04-20 18:16 . 2008-04-20 18:16 <DIR> d--h-c--- C:\$AVG8.VAULT$
2008-04-20 00:05 . 2008-04-20 00:09 <DIR> d----c--- C:\WINDOWS\system32\drivers\Avg
2008-04-20 00:05 . 2008-04-20 00:05 <DIR> d----c--- C:\Program Files\AVG
2008-04-20 00:05 . 2008-04-20 00:05 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-04-20 00:05 . 2008-04-20 00:05 96,520 --a--c--- C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-20 00:05 . 2008-04-20 00:05 75,272 --a--c--- C:\WINDOWS\system32\drivers\avgtdix.sys
2008-04-20 00:05 . 2008-04-20 00:05 12,424 --a--c--- C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-04-20 00:05 . 2008-04-20 00:05 10,520 --a--c--- C:\WINDOWS\system32\avgrsstx.dll
2008-04-19 06:10 . 2008-04-20 16:26 3,410 --a--c--- C:\WINDOWS\system32\tmp.reg
2008-04-18 23:43 . 2008-04-19 00:27 <DIR> d----c--- C:\Program Files\Enigma Software Group
2008-04-17 13:49 . 2008-04-17 13:49 <DIR> d----c--- C:\Documents and Settings\wolgon\Application Data\Turbine
2008-04-17 05:29 . 2008-04-20 19:47 482 --a--c--- C:\WINDOWS\wininit.ini
2008-04-17 05:02 . 2008-04-17 13:49 <DIR> d----c--- C:\WINDOWS\system32\xcsDd01
2008-04-17 05:02 . 2008-04-17 05:03 <DIR> d----c--- C:\WINDOWS\system32\Vb1
2008-04-17 05:02 . 2008-04-17 05:03 <DIR> d----c--- C:\WINDOWS\system32\trcTMP
2008-04-17 05:02 . 2008-04-17 05:02 <DIR> d----c--- C:\WINDOWS\system32\slNew
2008-04-17 05:02 . 2008-04-17 05:02 <DIR> d----c--- C:\WINDOWS\system32\NFi
2008-04-17 05:02 . 2008-04-17 05:03 <DIR> d----c--- C:\WINDOWS\system32\iTmp
2008-04-17 05:02 . 2008-04-17 05:02 <DIR> d----c--- C:\Temp\berDrv11
2008-04-17 05:02 . 2008-04-17 05:02 63,839 --a--c--- C:\WINDOWS\system32\{7c15529c-3f62-80f7-b948-524a7a34cbae}.dll-uninst.exe
2008-04-13 18:54 . 2008-04-13 18:54 <DIR> d----c--- C:\Documents and Settings\wolgon\Application Data\Ubisoft
2008-04-13 18:53 . 2008-04-13 18:53 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft
2008-04-07 17:03 . 2008-04-07 16:59 691,545 --a--c--- C:\WINDOWS\unins000.exe
2008-04-07 17:03 . 2008-04-07 17:03 2,551 --a--c--- C:\WINDOWS\unins000.dat
2008-04-07 04:16 . 2008-04-07 04:16 <DIR> d----c--- C:\Program Files\VstPlugins
2008-04-07 04:16 . 2002-07-07 18:14 1,294,336 --a--c--- C:\WINDOWS\system32\vorbis.acm
2008-04-07 04:16 . 2006-06-20 04:56 225,280 --a--c--- C:\WINDOWS\system32\rewire.dll
2008-04-05 15:03 . 2008-04-05 15:03 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-04-04 08:41 . 2008-04-04 08:41 329,216 --a--c--- C:\WINDOWS\system32\{7c15529c-3f62-80f7-b948-524a7a34cbae}.dll
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a--c--- C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a--c--- C:\WINDOWS\system32\QuickTime.qts
2008-03-25 12:13 . 2008-03-25 12:13 <DIR> d----c--- C:\Logs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 00:04 --------- dc----w C:\Documents and Settings\wolgon\Application Data\Skype
2008-04-21 00:04 --------- dc----w C:\Documents and Settings\wolgon\Application Data\Hamachi
2008-04-20 22:42 --------- dc----w C:\Documents and Settings\wolgon\Application Data\skypePM
2008-04-20 22:14 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-04-19 08:06 --------- dc----w C:\Documents and Settings\wolgon\Application Data\Azureus
2008-04-17 17:48 --------- dc----w C:\Documents and Settings\wolgon\Application Data\GetRightToGo
2008-04-11 06:08 --------- dc----w C:\Documents and Settings\wolgon\Application Data\gtk-2.0
2008-04-10 04:25 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-04-10 04:24 --------- dc----w C:\Program Files\Spybot - Search & Destroy
2008-04-05 19:04 --------- dc----w C:\Program Files\QuickTime
2008-03-12 17:20 --------- dc----w C:\Documents and Settings\wolgon\Application Data\GarageGames
2008-03-06 20:33 --------- dc----w C:\Program Files\Lexmark 1200 Series
2008-02-26 16:57 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Dragon's Eye Productions
2008-02-05 02:17 32 -c--a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
2008-01-17 18:35 1,126 -c--a-w C:\Documents and Settings\wolgon\DropTeamSettings.dat
2008-01-17 18:34 43 -c--a-w C:\Documents and Settings\wolgon\DropTeamTips.dat
2008-01-17 18:29 0 -c--a-w C:\Documents and Settings\wolgon\DropTeamServerExtras.dat
1999-07-07 00:00 6 -csh--r C:\WINDOWS\@@desktop.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 16:06 1135968 --a--c--- C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d3d85b50-863b-c602-dd37-e23c14c9dfb4}]
2008-04-04 08:41 329216 --a--c--- C:\WINDOWS\system32\{7c15529c-3f62-80f7-b948-524a7a34cbae}.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 16:06 1135968]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 16:06 1135968]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 18:43 4670704]
"DAEMON Tools Lite"="D:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 12:51 486856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-01-17 19:10 21686568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-02-28 08:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-02-28 08:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-02-28 08:00 455168]
"Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [2007-09-24 17:57 57344]
"Profiler"="C:\Program Files\Saitek\Software\ProfilerU.exe" [2005-10-18 15:34 163840]
"SaiMfd"="C:\Program Files\Saitek\Software\SaiMfd.exe" [2005-11-03 12:09 126976]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"CmPCIaudio"="CMICNFG3.CPL" []
"C-Media Mixer"="Mixer.exe" [2002-10-15 19:00 1818624 C:\WINDOWS\mixer.exe]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 14:22 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-20 00:05 1177368]
C:\Documents and Settings\wolgon\Start Menu\Programs\Startup\
hamachi.lnk - D:\Program Files\Hamachi\hamachi.exe [2008-01-09 02:33:11 624416]
MagicDisc.lnk - D:\Program Files\MagicDisc\MagicDisc.exe [2007-12-16 08:48:27 557568]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
ASUS WiFi-AP Solo.lnk - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe [2007-09-12 19:02:08 995328]
SATARaid5Manager.lnk - C:\WINDOWS\Installer\{4DC2A589-2010-4A5A-80D6-B0F2102FABEE}\_30291c08.exe [2007-12-09 03:21:45 1206]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^wolgon^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\wolgon\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
-----c--- 2006-07-13 11:12 729088 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a--c--- 2008-03-31 19:28 1271032 D:\Program Files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a--c--- 2007-10-10 01:28 36352 D:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"D:\\Program Files\\Azureus\\Azureus.exe"=
"G:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"E:\\Program Files\\Xfire\\xfire.exe"=
"D:\\Program Files\\Trillian\\trillian.exe"=
"D:\\Program Files\\Steam\\SteamApps\\gamestar295\\the ship\\ship.exe"=
"E:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"D:\\Savage\\savage.exe"=
"C:\\ijji\\ENGLISH\\u_goonzu.exe"=
"E:\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"D:\\WoW-BurningCrusade-enUS-Installer-downloader.exe"=
"C:\\Documents and Settings\\wolgon\\Application Data\\GarageGames\\IAPlayer\\products\\6000\\install\\cyclomite.exe"=
"C:\\Documents and Settings\\wolgon\\Application Data\\GarageGames\\IAPlayer\\products\\5000\\install\\ScrewjumperPC.exe"=
"E:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"E:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"C:\\Documents and Settings\\wolgon\\Application Data\\GarageGames\\IAPlayer\\products\\7000\\install\\Zap.exe"=
"D:\\Program Files\\Steam\\steamapps\\gamestar295\\rag doll kung fu\\Rag_Doll_Kung_Fu_Steam.exe"=
"E:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"E:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"E:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-04-20 00:05]
R0 Si3132r5;SiI-3132 SoftRaid 5 Controller;C:\WINDOWS\system32\DRIVERS\Si3132r5.sys [2005-10-18 16:03]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-20 00:05]
R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2007-12-31 17:01]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-20 00:05]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-20 00:05]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-20 00:05]
R2 SATARaid5 Config Service;SATARaid5 Configuration Service;"C:\Program Files\Silicon Image\3132-W-I32-S SATARAID5\SATARaid5ConfigService.exe" [2005-10-05 21:19]
R2 X4HSX32;X4HSX32;E:\Program Files\GameTap\bin\Release\X4HSX32.Sys [2008-04-16 00:36]
R3 Alpham1;Ideazon ZBoard USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 11:56]
R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 13:49]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-09-05 07:27]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-06-23 14:35]
S3 oflpydin;oflpydin;C:\DOCUME~1\wolgon\LOCALS~1\Temp\oflpydin.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a64593e-61c2-11dc-9263-806d6172696f}]
\Shell\AutoRun\command - F:\.\Bin\Assetup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-19 15:17:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 20:07:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\Apache.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\Apache.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-04-20 20:09:46 - machine was rebooted [wolgon]
ComboFix-quarantined-files.txt 2008-04-21 00:09:43
Pre-Run: 16,928,796,672 bytes free
Post-Run: 17,037,279,232 bytes free
229 --- E O F --- 2008-04-13 03:39:08