View Full Version : Windows update turned off alert balloon will not go away
I'm having an issue with not being able to turn on the Automatic Updates. An
alert balloon is on all the time telling me that my Automatic updates are not
turned on and if I click on "Turn on Automatic Updates" in the security
center I get the following message "We're sorry. The Security Center could
not chage your Automatic Update setting. To try changing these settings
yourself, go to System n Ctrl Panel. On the Automatic Updates tab, select
Automatic and then click Ok."
The ironic thing is when I did that the "Automatic" option is selected
already. Nothing is grayed out or abnormal. If I click on it and close I
still get the alert balloon.
More searching led me to checking the Services (services.msc) and check the
Automatic Updates and ensure it's enabled and started. It wasn't it was
disabled. I set it to Automatic and clicked Appy, then clicked on Start in
the Automatic Updates Properties. I got an error. "Could not start the
Automatic Updates service on Local Computer. Error 1058: The service cannot
be started, either because it is disabled ro because it has no enabled
devices associated with it."
Additionally, in other searches I've found reference to a Key in the
registery that I don't have "HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \
Microsoft \ Windows \ WindowsUpdate \ AU" I don't know why it's not there or
how to get it.
I'm running Windows XP Professional and Norton 360.
I also had a Trojan.Pandex virus which I've "cleaned and killed". Or so I'm told.
Here is my Highjack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:20 PM, on 5/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\BOINC\boincmgr.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\luall.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [806788f8] rundll32.exe "C:\WINDOWS\system32\lmpxiivt.dll",b
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211170065375
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199331003109
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5189/mcfscan.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 14204 bytes
Any advice or assistance on how to resolve this would be greatly appreciated.
Thank you
Rorschach112
2008-05-20, 17:13
Hello
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Please visit this web page for instructions for downloading and running ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
This includes installing the Windows XP Recovery Console in case you have not installed it yet.
For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.
Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.
Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
Thanks for the reply.
I used ATF and installed the Recovery Console and ran Combofix. Below is the Combofix and the Highjackthis.log.
Thanks for you help!
ComboFix 08-05-20.4 - Dad 2008-05-20 21:35:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1262 [GMT -7:00]
Running from: C:\Documents and Settings\Dad\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\ODCTOOLS
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\aatlqlit.ini
C:\WINDOWS\system32\jmxjskko.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mpfhryme.ini
C:\WINDOWS\system32\rqRIcdDs.dll
C:\WINDOWS\system32\sDdcIRqr.ini
C:\WINDOWS\system32\sDdcIRqr.ini2
C:\WINDOWS\system32\tviixpml.ini
F:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DRIVER
((((((((((((((((((((((((( Files Created from 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))
.
2008-05-20 21:59 . 2008-05-20 21:59 14,336 --a------ C:\WINDOWS\system32\WinCtrl32.dl_
2008-05-20 21:08 . 2008-05-20 21:08 91,264 --a------ C:\WINDOWS\system32\tilqltaa.dll
2008-05-18 20:36 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-05-18 20:36 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-05-18 20:36 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-05-18 20:36 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-05-18 20:36 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-05-18 20:35 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-05-18 20:35 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-05-18 20:35 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-05-18 20:35 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-05-18 20:35 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-05-18 20:35 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-05-18 20:35 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-05-18 20:35 . 2004-08-03 23:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-05-18 20:35 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-05-18 20:33 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-05-18 20:32 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-05-18 20:31 . 2001-08-17 14:56 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
2008-05-18 20:30 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-05-18 20:29 . 2001-08-17 22:36 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
2008-05-18 20:28 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-05-18 20:27 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-05-18 20:26 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-05-18 20:25 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-05-18 20:24 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-18 20:23 . 2004-08-04 00:56 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-05-18 20:22 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2008-05-18 20:21 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-05-18 20:20 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-05-18 20:19 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-05-18 20:18 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-05-18 20:17 . 2001-08-17 22:36 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
2008-05-18 20:16 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-05-18 20:15 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-05-18 20:14 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
2008-05-18 20:13 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-05-18 20:12 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-05-18 20:11 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-05-18 20:10 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-05-18 20:09 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-05-18 20:08 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-05-18 12:33 . 2008-05-18 12:33 <DIR> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-05-18 12:33 . 2008-05-18 12:39 <DIR> d-------- C:\Documents and Settings\Dad\SecurityScans
2008-05-18 12:25 . 2008-05-18 12:25 <DIR> d-------- C:\Program Files\Sun
2008-05-18 11:53 . 2008-05-18 11:57 5,024 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-18 11:14 . 2008-05-18 11:14 <DIR> d-------- C:\Documents and Settings\Dad\DoctorWeb
2008-05-18 10:43 . 2008-05-18 10:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 23:05 . 2008-05-17 23:05 <DIR> d-------- C:\kav
2008-05-17 21:52 . 2008-05-17 21:52 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-17 21:47 . 2008-05-17 22:35 <DIR> d-------- C:\SDFix
2008-05-17 21:11 . 2008-05-17 21:12 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-05-17 21:03 . 2008-05-17 21:03 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\TmpRecentIcons
2008-05-17 17:08 . 2006-05-03 14:31 1,019,904 --a------ C:\WINDOWS\system32\cmdvdpak.cpl
2008-05-17 14:57 . 2008-05-17 14:57 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\TmpRecentIcons
2008-05-17 10:54 . 2008-05-17 10:54 29,824 --a------ C:\WINDOWS\system32\khfEUljg.dll
2008-05-17 10:54 . 2008-05-20 21:26 14,336 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-05-17 10:53 . 2008-05-17 10:53 29,824 --a------ C:\WINDOWS\system32\pmnlkJyY.dll
2008-05-14 19:18 . 2008-05-14 19:18 0 --a------ C:\pspbrwse.jbf
2008-05-08 17:54 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-05-08 17:54 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-05-08 17:53 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-08 17:53 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-29 19:04 . 2008-01-08 17:16 25,272 --a------ C:\WINDOWS\system32\drivers\purendis.sys
2008-04-29 19:04 . 2008-01-08 17:16 23,992 --a------ C:\WINDOWS\system32\drivers\pnarp.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 05:00 --------- d-----w C:\Program Files\BOINC
2008-05-21 04:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-21 02:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-18 19:25 --------- d-----w C:\Program Files\Java
2008-05-18 02:30 --------- d-----w C:\Program Files\Norton Security Scan
2008-05-18 00:08 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-05-17 21:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-17 17:29 --------- d-----w C:\Program Files\Agent
2008-05-16 03:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-04-30 02:04 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2008-04-29 00:08 --------- d-----w C:\Program Files\Safari
2008-04-29 00:07 --------- d-----w C:\Program Files\Apple Software Update
2008-04-22 22:55 --------- d-----w C:\Program Files\Norton 360
2008-04-20 00:56 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-19 19:40 --------- d-----w C:\Program Files\LimeWire
2008-04-16 04:16 --------- d-----w C:\Documents and Settings\Dad\Application Data\LimeWire
2008-04-08 03:27 --------- d-----w C:\Program Files\iTunes
2008-04-08 03:27 --------- d-----w C:\Program Files\iPod
2008-04-08 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-07 00:00 --------- d-----w C:\Program Files\QuickTime
2008-04-05 07:11 --------- d-----w C:\Documents and Settings\Dad\Application Data\Apple Computer
2008-04-05 05:34 --------- d-----w C:\Program Files\Palm
2008-04-05 00:56 --------- d-----w C:\Program Files\BFVCC Server Manager
2008-04-05 00:55 737,280 -c--a-w C:\WINDOWS\iun6002.exe
2008-04-05 00:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 00:44 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-01 01:01 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-30 01:59 --------- d-----w C:\Program Files\Documents To Go
2008-03-28 02:13 --------- d-----w C:\Program Files\FirstClass
2008-03-22 00:18 --------- d-----w C:\Program Files\Maxis
2008-03-13 01:50 4,063,800 ----a-w C:\office2003-KB948073-ENU.exe
2007-11-15 00:00 560 -c--a-w C:\Documents and Settings\Dad\Application Data\ViewerApp.dat
2006-05-30 23:52 496,749 -c--a-w C:\Program Files\elevatorsuck1.rm
2006-04-14 17:44 104 --sha-r C:\WINDOWS\system32\1E179C0C29.sys
2006-07-05 18:25 88 --sha-r C:\WINDOWS\system32\290C9C171E.sys
2007-12-06 03:04 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18F4FBD5-CDE8-492C-9365-1912378EECFE}]
2008-05-17 10:53 29824 --a------ C:\WINDOWS\system32\pmnlkJyY.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCB2FF38-FD1A-4FFF-8D4A-303556A31CC9}]
2008-05-20 22:04 319360 --a------ C:\WINDOWS\system32\rqRJAtuS.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 20:25 81920]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-02 21:49 68856]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 13:09 460784]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 17:25 49152]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 10:34 122880]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2005-07-22 15:02 126464]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-08 17:20 451896]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-18 10:32 451896]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 04:07 19968 C:\WINDOWS\system32\Ctxfihlp.exe]
"CTHelper"="CTHELPER.EXE" [2006-12-12 11:46 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 00:00 45056]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-14 20:10 116328]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 18:54 166304]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 15:53 169264]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 17:19 29744]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"806788f8"="C:\WINDOWS\system32\tilqltaa.dll" [2008-05-20 21:08 91264]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.exe" [2005-09-20 09:51 25600 C:\WINDOWS\MIDIDEF.EXE]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 04:00 44544]
C:\Documents and Settings\Dad\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2003-07-25 17:29:32 299008]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2007-03-01 11:19:50 3604480]
DataViz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe [2003-07-01 22:16:46 24576]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-05 01:02:54 784912]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{18F4FBD5-CDE8-492C-9365-1912378EECFE}"= C:\WINDOWS\system32\pmnlkJyY.dll [2008-05-17 10:53 29824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlkJyY]
pmnlkJyY.dll 2008-05-17 10:53 29824 C:\WINDOWS\system32\pmnlkJyY.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll 2008-05-20 21:26 14336 C:\WINDOWS\system32\WinCtrl32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\rqRJAtuS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bbF88.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bdL08.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\crV50.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dgL71.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dgW14.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dwR47.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\egJ48.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eoV73.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fwF18.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gkN72.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gmT16.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\huC00.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lbL30.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\otL10.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\phL55.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qtY84.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rhY40.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\suL66.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmD23.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vwN12.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vyR14.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xdN48.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\yqK76.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Palm\\HOTSYNC.EXE"=
"C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 02:00]
R2 Maxtor Sync Service;Maxtor Service;"C:\Program Files\Maxtor\Sync\SyncServices.exe" [2007-09-28 13:24]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
R2 ZuneBusEnum;Zune Bus Enumerator;C:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 18:54]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 09:36]
S0 bbF88;bbF88;C:\WINDOWS\system32\Drivers\bbF88.sys []
S0 bdL08;bdL08;C:\WINDOWS\system32\Drivers\bdL08.sys []
S0 dgL71;dgL71;C:\WINDOWS\system32\Drivers\dgL71.sys []
S0 egJ48;egJ48;C:\WINDOWS\system32\Drivers\egJ48.sys []
S0 fwF18;fwF18;C:\WINDOWS\system32\Drivers\fwF18.sys []
S0 gkN72;gkN72;C:\WINDOWS\system32\Drivers\gkN72.sys []
S0 gmT16;gmT16;C:\WINDOWS\system32\Drivers\gmT16.sys []
S0 lbL30;lbL30;C:\WINDOWS\system32\Drivers\lbL30.sys []
S0 otL10;otL10;C:\WINDOWS\system32\Drivers\otL10.sys []
S0 phL55;phL55;C:\WINDOWS\system32\Drivers\phL55.sys []
S0 qtY84;qtY84;C:\WINDOWS\system32\Drivers\qtY84.sys []
S0 suL66;suL66;C:\WINDOWS\system32\Drivers\suL66.sys []
S0 vmD23;vmD23;C:\WINDOWS\system32\Drivers\vmD23.sys []
S0 vwN12;vwN12;C:\WINDOWS\system32\Drivers\vwN12.sys []
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 17:19]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2005-02-14 15:10]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;C:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-17 18:05:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-21 04:45:21 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 21:59:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\TEMP\TMP0000002955604107134E5826
C:\WINDOWS\system32\aatlqlit.ini 294 bytes
C:\Documents and Settings\Dad\Local Settings\Application Data\ApplicationHistory\dsca.exe.cf6b816f.ini.inuse
scan completed successfully
hidden files: 3
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\pmnlkJyY.dll
-> C:\WINDOWS\system32\WinCtrl32.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
-> C:\WINDOWS\system32\tilqltaa.dll
-> C:\WINDOWS\system32\rqRJAtuS.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\CTxfispi.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-05-20 22:05:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-21 05:05:16
Pre-Run: 370,964,545,536 bytes free
Post-Run: 370,870,185,984 bytes free
358 --- E O F --- 2008-05-21 04:45:34
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:45 PM, on 5/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\BOINC\boincmgr.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [806788f8] rundll32.exe "C:\WINDOWS\system32\tilqltaa.dll",b
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211170065375
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199331003109
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5189/mcfscan.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 14247 bytes
Rorschach112
2008-05-21, 12:53
Hello
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:
KillAll::
File::
C:\WINDOWS\system32\khfEUljg.dll
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\pmnlkJyY.dll
D:\Autorun.exe
Rootkit::
C:\WINDOWS\system32\aatlqlit.ini
Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{18F4FBD5-CDE8-492C-9365-1912378EECFE}"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bbF88.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bdL08.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\crV50.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dgL71.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dgW14.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dwR47.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\egJ48.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eoV73.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fwF18.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gkN72.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gmT16.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\huC00.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lbL30.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\otL10.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\phL55.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qtY84.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rhY40.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\suL66.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmD23.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vwN12.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vyR14.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xdN48.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\yqK76.sys]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
Driver::
bbF88
bdL08
dgL71
egJ48
fwF18
gkN72
gmT16
lbL30
otL10
phL55
qtY84
vmD23
suL66
vwN12
Save this as CFScript.txt, in the same location as ComboFix.exe
http://i266.photobucket.com/albums/ii277/sUBs_/Combo-Do.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Please download and unzip Icesword (http://mail.ustc.edu.cn/~jfpan/download/IceSword122en.zip)to its own folder on your desktop
If you get a lot of "red entries" in an IceSword log, don't panic.
Step 1 : Close all windows and run IceSword. Click the Processes tab and watch for processes displayed in red color. A red colored process in this list indicates that it's hidden. Write down the PathName of any processes in red color. Then click on LOG at the top left. It will prompt you to save the log, call this Processes and save it to your desktop.
Step 2 : Click the Win32 Services tab and look out for red colored entries in the services list. Write down the Module name of any services in red color, you will need to expand out the Module tab to see the full name. Then click on LOG. It will prompt you to save the log, call this Services and save it to your desktop.
Step 3 : Click the Startup tab and look out for red colored entries in the startup list. Write down the Path of any startup entries in red color. Then click on LOG. It will prompt you to save the log, call this Startup and save it to your desktop.
Step 4 : Click the SSDT tab and check for red colored entries. If there are any, write down the KModule name.
Step 5 : Click the Message Hooks tab and check for any entries that are underneath Type and labelled WH_KEYBOARD. Write down the Process Path of these entries if present.
Now post all of the data collected under the headings for :
Processes
Win32 Services
Startup
SSDT
Message Hooks
Hopefully I did this correctly. Here is the data. Thanks for your help!
ComboFix 08-05-20.4 - Dad 2008-05-22 16:56:49.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1195 [GMT -7:00]
Running from: C:\Documents and Settings\Dad\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ageyfrgy.ini
C:\WINDOWS\system32\SutAJRqr.ini
C:\WINDOWS\system32\SutAJRqr.ini2
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
.
2008-05-22 17:35 . 2008-05-22 17:35 294 ---hs---- C:\WINDOWS\system32\ageyfrgy.ini
2008-05-22 17:34 . 2008-05-22 17:34 14,336 --a------ C:\WINDOWS\system32\WinCtrl32.dl_
2008-05-21 22:01 . 2008-05-21 22:01 90,112 --a------ C:\WINDOWS\system32\ygrfyega.dll
2008-05-21 21:54 . 2008-05-21 21:59 354 ---hs---- C:\WINDOWS\system32\xlfbgern.ini
2008-05-21 21:51 . 2008-05-22 16:21 14,336 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-05-21 21:27 . 2008-05-21 21:27 <DIR> d-------- C:\VundoFix Backups
2008-05-20 22:32 . 2008-05-20 22:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-20 22:32 . 2008-05-20 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-20 22:04 . 2008-05-20 22:04 319,360 --a------ C:\WINDOWS\system32\rqRJAtuS.dll
2008-05-18 20:36 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-05-18 20:36 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-05-18 20:36 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-05-18 20:36 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-05-18 20:36 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-05-18 20:35 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-05-18 20:35 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-05-18 20:35 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-05-18 20:35 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-05-18 20:35 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-05-18 20:35 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-05-18 20:35 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-05-18 20:35 . 2004-08-03 23:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-05-18 20:35 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-05-18 20:33 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-05-18 20:32 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-05-18 20:31 . 2001-08-17 14:56 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
2008-05-18 20:30 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-05-18 20:29 . 2001-08-17 22:36 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
2008-05-18 20:28 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-05-18 20:27 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-05-18 20:26 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-05-18 20:25 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-05-18 20:24 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-18 20:23 . 2004-08-04 00:56 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-05-18 20:22 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2008-05-18 20:21 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-05-18 20:20 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-05-18 20:19 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-05-18 20:18 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-05-18 20:17 . 2001-08-17 22:36 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
2008-05-18 20:16 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-05-18 20:15 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-05-18 20:14 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
2008-05-18 20:13 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-05-18 20:12 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-05-18 20:11 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-05-18 20:10 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-05-18 20:09 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-05-18 20:08 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-05-18 12:33 . 2008-05-18 12:33 <DIR> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-05-18 12:33 . 2008-05-18 12:39 <DIR> d-------- C:\Documents and Settings\Dad\SecurityScans
2008-05-18 12:25 . 2008-05-18 12:25 <DIR> d-------- C:\Program Files\Sun
2008-05-18 11:53 . 2008-05-18 11:57 5,024 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-18 11:14 . 2008-05-18 11:14 <DIR> d-------- C:\Documents and Settings\Dad\DoctorWeb
2008-05-18 10:43 . 2008-05-18 10:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 23:05 . 2008-05-17 23:05 <DIR> d-------- C:\kav
2008-05-17 21:52 . 2008-05-17 21:52 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-17 21:47 . 2008-05-17 22:35 <DIR> d-------- C:\SDFix
2008-05-17 21:11 . 2008-05-17 21:12 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-05-17 21:03 . 2008-05-17 21:03 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\TmpRecentIcons
2008-05-17 17:08 . 2006-05-03 14:31 1,019,904 --a------ C:\WINDOWS\system32\cmdvdpak.cpl
2008-05-17 14:57 . 2008-05-17 14:57 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\TmpRecentIcons
2008-05-14 19:18 . 2008-05-14 19:18 0 --a------ C:\pspbrwse.jbf
2008-05-08 17:54 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-05-08 17:54 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-05-08 17:53 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-08 17:53 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-29 19:04 . 2008-01-08 17:16 25,272 --a------ C:\WINDOWS\system32\drivers\purendis.sys
2008-04-29 19:04 . 2008-01-08 17:16 23,992 --a------ C:\WINDOWS\system32\drivers\pnarp.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 00:36 --------- d-----w C:\Program Files\BOINC
2008-05-22 05:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-22 03:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-22 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-21 05:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 05:20 --------- d-----w C:\Program Files\WildTangent
2008-05-18 19:25 --------- d-----w C:\Program Files\Java
2008-05-18 02:30 --------- d-----w C:\Program Files\Norton Security Scan
2008-05-18 00:08 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-05-17 17:29 --------- d-----w C:\Program Files\Agent
2008-05-16 03:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-04-30 02:04 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2008-04-29 00:08 --------- d-----w C:\Program Files\Safari
2008-04-29 00:07 --------- d-----w C:\Program Files\Apple Software Update
2008-04-22 22:55 --------- d-----w C:\Program Files\Norton 360
2008-04-20 00:56 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-19 19:40 --------- d-----w C:\Program Files\LimeWire
2008-04-16 04:16 --------- d-----w C:\Documents and Settings\Dad\Application Data\LimeWire
2008-04-08 03:27 --------- d-----w C:\Program Files\iTunes
2008-04-08 03:27 --------- d-----w C:\Program Files\iPod
2008-04-08 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-07 00:00 --------- d-----w C:\Program Files\QuickTime
2008-04-05 07:11 --------- d-----w C:\Documents and Settings\Dad\Application Data\Apple Computer
2008-04-05 05:34 --------- d-----w C:\Program Files\Palm
2008-04-05 00:56 --------- d-----w C:\Program Files\BFVCC Server Manager
2008-04-05 00:55 737,280 -c--a-w C:\WINDOWS\iun6002.exe
2008-04-05 00:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 00:44 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-01 01:01 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-30 01:59 --------- d-----w C:\Program Files\Documents To Go
2008-03-28 02:13 --------- d-----w C:\Program Files\FirstClass
2008-03-13 01:50 4,063,800 ----a-w C:\office2003-KB948073-ENU.exe
2007-11-15 00:00 560 -c--a-w C:\Documents and Settings\Dad\Application Data\ViewerApp.dat
2006-05-30 23:52 496,749 -c--a-w C:\Program Files\elevatorsuck1.rm
2006-04-14 17:44 104 --sha-r C:\WINDOWS\system32\1E179C0C29.sys
2006-07-05 18:25 88 --sha-r C:\WINDOWS\system32\290C9C171E.sys
2007-12-06 03:04 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-20_22.04.54.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-21 04:42:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-23 00:03:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-21 05:32:12 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-05-21 05:32:12 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-05-21 05:32:12 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-05-21 05:32:12 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
- 2008-05-20 15:24:54 215,616 ----a-w C:\WINDOWS\SoftwareDistribution\Download\Install\mpas-d.exe
- 2008-05-21 04:45:40 2,868 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{AB70612D-302F-497B-8CB9-2BA24B87D6E5}.bin
+ 2008-05-23 00:10:05 2,866 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{AB70612D-302F-497B-8CB9-2BA24B87D6E5}.bin
+ 2007-07-11 21:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 20:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 20:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2007-12-14 19:32:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
+ 2008-05-23 00:03:40 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2a0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF179F55-67A6-4C26-8EEE-0BE42EBAF340}]
2008-05-20 22:04 319360 --a------ C:\WINDOWS\system32\rqRJAtuS.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 20:25 81920]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-02 21:49 68856]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 13:09 460784]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 17:25 49152]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 10:34 122880]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2005-07-22 15:02 126464]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-08 17:20 451896]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-18 10:32 451896]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 04:07 19968 C:\WINDOWS\system32\Ctxfihlp.exe]
"CTHelper"="CTHELPER.EXE" [2006-12-12 11:46 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 00:00 45056]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-14 20:10 116328]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 18:54 166304]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 15:53 169264]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 17:19 29744]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"806788f8"="C:\WINDOWS\system32\ygrfyega.dll" [2008-05-21 22:01 90112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.exe" [2005-09-20 09:51 25600 C:\WINDOWS\MIDIDEF.EXE]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 04:00 44544]
C:\Documents and Settings\Dad\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2003-07-25 17:29:32 299008]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2007-03-01 11:19:50 3604480]
DataViz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe [2003-07-01 22:16:46 24576]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-05 01:02:54 784912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlkJyY]
pmnlkJyY.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll 2008-05-22 16:21 14336 C:\WINDOWS\system32\WinCtrl32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\byH31.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dkA71.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gvM56.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gvY04.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nuK16.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ouO65.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vbH21.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Palm\\HOTSYNC.EXE"=
"C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 02:00]
R2 Maxtor Sync Service;Maxtor Service;"C:\Program Files\Maxtor\Sync\SyncServices.exe" [2007-09-28 13:24]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
R2 ZuneBusEnum;Zune Bus Enumerator;C:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 18:54]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 09:36]
S0 byH31;byH31;C:\WINDOWS\system32\Drivers\byH31.sys []
S0 dkA71;dkA71;C:\WINDOWS\system32\Drivers\dkA71.sys []
S0 gvY04;gvY04;C:\WINDOWS\system32\Drivers\gvY04.sys []
S0 nuK16;nuK16;C:\WINDOWS\system32\Drivers\nuK16.sys []
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 17:19]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2005-02-14 15:10]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;C:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]
.
Contents of the 'Scheduled Tasks' folder
"2008-05-17 18:05:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-23 00:06:26 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 17:35:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WinCtrl32.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
-> C:\WINDOWS\system32\ygrfyega.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTxfispi.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_5.27_windows_intelx86.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_5.27_windows_intelx86.exe
.
**************************************************************************
.
Completion time: 2008-05-22 17:40:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-23 00:40:28
ComboFix2.txt 2008-05-22 04:59:03
ComboFix3.txt 2008-05-21 05:05:24
Pre-Run: 370,727,669,760 bytes free
Post-Run: 370,698,264,576 bytes free
314 --- E O F --- 2008-05-23 00:10:00
PROCESSES
Process:
System Idle Process
System
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Documents and Settings\Dad\Desktop\IceSword122en\IceSword.exe
C:\WINDOWS\system32\smss.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\csrss.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTxfispi.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\CtHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BOINC\boinc.exe
C:\WINDOWS\explorer.exe
WIN32 SERVICES
Started Service:
Service Name:aawservice Display Name:Ad-Aware 2007 Service
Service Name:ALG Display Name:Application Layer Gateway Service
Service Name:Apple Mobile Device Display Name:Apple Mobile Device
Service Name:AudioSrv Display Name:Windows Audio
Service Name:bgsvcgen Display Name:B's Recorder GOLD Library General Service
Service Name:BITS Display Name:Background Intelligent Transfer Service
Service Name:Browser Display Name:Computer Browser
Service Name:ccEvtMgr Display Name:Symantec Event Manager
Service Name:ccProxy Display Name:Symantec Network Proxy
Service Name:ccSetMgr Display Name:Symantec Settings Manager
Service Name:CLTNetCnService Display Name:Symantec Lic NetConnect service
Service Name:Creative Service for CDROM Access Display Name:Creative Service for CDROM Access
Service Name:CryptSvc Display Name:Cryptographic Services
Service Name:DcomLaunch Display Name:DCOM Server Process Launcher
Service Name:Dhcp Display Name:DHCP Client
Service Name:dmserver Display Name:Logical Disk Manager
Service Name:Dnscache Display Name:DNS Client
Service Name:ERSvc Display Name:Error Reporting Service
Service Name:Eventlog Display Name:Event Log
Service Name:EventSystem Display Name:COM+ Event System
Service Name:FastUserSwitchingCompatibility Display Name:Fast User Switching Compatibility
Service Name:gusvc Display Name:Google Updater Service
Service Name:helpsvc Display Name:Help and Support
Service Name:HidServ Display Name:HID Input Service
Service Name:HTTPFilter Display Name:HTTP SSL
Service Name:iPod Service Display Name:iPod Service
Service Name:lanmanserver Display Name:Server
Service Name:lanmanworkstation Display Name:Workstation
Service Name:LiveUpdate Notice Ex Display Name:LiveUpdate Notice Service Ex
Service Name:LmHosts Display Name:TCP/IP NetBIOS Helper
Service Name:Maxtor Sync Service Display Name:Maxtor Service
Service Name:MDM Display Name:Machine Debug Manager
Service Name:MSSQL$MICROSOFTSMLBIZ Display Name:MSSQL$MICROSOFTSMLBIZ
Service Name:Netman Display Name:Network Connections
Service Name:Nla Display Name:Network Location Awareness (NLA)
Service Name:nmservice Display Name:Pure Networks Platform Service
Service Name:nTuneService Display Name:nTune Service
Service Name:NVSvc Display Name:NVIDIA Display Driver Service
Service Name:PlugPlay Display Name:Plug and Play
Service Name:PnkBstrA Display Name:PnkBstrA
Service Name:PolicyAgent Display Name:IPSEC Services
Service Name:ProtectedStorage Display Name:Protected Storage
Service Name:RasMan Display Name:Remote Access Connection Manager
Service Name:RemoteRegistry Display Name:Remote Registry
Service Name:RpcSs Display Name:Remote Procedure Call (RPC)
Service Name:SamSs Display Name:Security Accounts Manager
Service Name:Schedule Display Name:Task Scheduler
Service Name:seclogon Display Name:Secondary Logon
Service Name:SENS Display Name:System Event Notification
Service Name:SharedAccess Display Name:Windows Firewall/Internet Connection Sharing (ICS)
Service Name:ShellHWDetection Display Name:Shell Hardware Detection
Service Name:Spooler Display Name:Print Spooler
Service Name:sprtsvc_dellsupportcenter Display Name:SupportSoft Sprocket Service (dellsupportcenter)
Service Name:srservice Display Name:System Restore Service
Service Name:SSDPSRV Display Name:SSDP Discovery Service
Service Name:stisvc Display Name:Windows Image Acquisition (WIA)
Service Name:TapiSrv Display Name:Telephony
Service Name:TermService Display Name:Terminal Services
Service Name:Themes Display Name:Themes
Service Name:TrkWks Display Name:Distributed Link Tracking Client
Service Name:UPHClean Display Name:User Profile Hive Cleanup
Service Name:upnphost Display Name:Universal Plug and Play Device Host
Service Name:w32time Display Name:Windows Time
Service Name:WebClient Display Name:WebClient
Service Name:WinDefend Display Name:Windows Defender
Service Name:winmgmt Display Name:Windows Management Instrumentation
Service Name:WMPNetworkSvc Display Name:Windows Media Player Network Sharing Service
Service Name:wscsvc Display Name:Security Center
Service Name:wuauserv Display Name:Automatic Updates
Service Name:WudfSvc Display Name:Windows Driver Foundation - User-mode Driver Framework
Service Name:WZCSVC Display Name:Wireless Zero Configuration
Service Name:ZuneBusEnum Display Name:Zune Bus Enumerator
STARTUP
Startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AudioDrvEmulator
"C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Symantec PIF AlertEng
"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows Defender
"C:\Program Files\Windows Defender\MSASCui.exe" -hide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
VolPanel
"C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
UpdReg
C:\WINDOWS\UpdReg.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateSched
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
nwiz
nwiz.exe /install
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NVRaidService
C:\WINDOWS\system32\nvraidservice.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvMediaCenter
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
nmctxth
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
nmapp
"C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LVCOMS
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ISUSScheduler
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ISUSPM Startup
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DellSupportCenter
"C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp
CTXFIHLP.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTHelper
CTHELPER.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTDVDDET
"C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccApp
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Zune Launcher
"C:\Program Files\Zune\ZuneLauncher.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickTime Task
"C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
mxomssmenu
"C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Google Desktop Search
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
dscactivate
"C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe Reader Speed Launcher
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
806788f8
rundll32.exe "C:\WINDOWS\system32\ygrfyega.dll",b
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
NVIDIA nTune
"C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
swg
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
DellSupport
"C:\Program Files\DellSupport\DSAgnt.exe" /startup
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
WMPNSCFG
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BOINC Manager.lnk
C:\Program Files\BOINC\boincmgr.exe (Remark£ºAllows you to control the core client, attach to new projects, detach from old projects, and otherwise maintain the health of the BOINC system)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
DataViz Messenger.lnk
C:\WINDOWS\DvzCommon\DvzMsgr.exe (Remark£ºDataViz Messenger component)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk
C:\Program Files\Logitech\SetPoint\SetPoint.exe (Remark£º)
C:\Documents and Settings\Dad\Start Menu\Programs\Startup
desktop.ini
C:\Documents and Settings\Dad\Start Menu\Programs\Startup
HotSync Manager.lnk
C:\Program Files\Palm\HOTSYNC.EXE (Remark£º)
SSDT
Unknown
Unknown
Unknown
Unknown
\??\C:\Windows\system32\drivers\symevent.sys
Unknown
Unknown
\??\C:\Windows\system32\drivers\symevent.sys
\??\C:\Windows\system32\drivers\symevent.sys
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
\??\C:\Windows\system32\drivers\symevent.sys
Unknown
Unknown
Unknown
Unknown
\??\C:\Windows\system32\drivers\uphcleanhlp.sys
Unknown
Unknown
MESSAGE HOOKS
C:\ Windows\explorer.exe
C:\ Windows\explorer.exe
C:\ Windows\explorer.exe
C:\ Windows\DvzCommon\DvzMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Google\googletoolbarnotifier\googletoolbarnotifier.exe
C:\Windows\system32\ctxfispi.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\common files\logitech\QCDriver3\LVComS.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
C:\Program Files\Google\googletoolbarnotifier\googletoolbarnotifier.exe
C:\Windows\system32\CTHelper.exe
C:\Program Files\common files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Boinc\boincmgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Boinc\boincmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\ Windows\explorer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\ Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
Rorschach112
2008-05-23, 14:07
Hello
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:
KillAll::
File::
C:\WINDOWS\system32\ageyfrgy.ini
C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\ygrfyega.dll
C:\WINDOWS\system32\xlfbgern.ini
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\rqRJAtuS.dll
Folder::
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\byH31.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dkA71.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gvM56.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gvY04.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nuK16.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ouO65.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vbH21.sys]
Driver::
byH31
dkA71
gvY04
nuK16
SysRst::
Save this as CFScript.txt, in the same location as ComboFix.exe
http://i266.photobucket.com/albums/ii277/sUBs_/Combo-Do.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html)
Click on Kaspersky Online Scanner and click Accept
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.
Also post a new HijackThis log
I'm not sure if I saved the Kaspersky data correctly, but here is the Combofix.txt file and the display from the Kaspersky online scanner.
When Kaspersky finished with the scan there was no prompt to save a report, and when it finished the scan and I clicked "Stop Scan" a pop up said that I have not saved the Scan Report and that if I continue all the scan results will be lost. Also, it shows in the save display the is was 99% complete, however, it showed as done. I ran during the night and when I woke up it had finished. Again, I don't know if I saved the correct information for Kaspersky
Thanks
ComboFix 08-05-21.3 - Dad 2008-05-23 17:58:48.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1387 [GMT -7:00]
Running from: C:\Documents and Settings\Dad\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dad\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\system32\ageyfrgy.ini
C:\WINDOWS\system32\rqRJAtuS.dll
C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\xlfbgern.ini
C:\WINDOWS\system32\ygrfyega.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Google\googletoolbar1.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ageyfrgy.ini
C:\WINDOWS\system32\jboqublm.ini
C:\WINDOWS\system32\rqRJAtuS.dll
C:\WINDOWS\system32\SutAJRqr.ini
C:\WINDOWS\system32\SutAJRqr.ini2
C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\xlfbgern.ini
F:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_byH31
-------\Service_dkA71
-------\Service_gvY04
-------\Service_nuK16
((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.
2008-05-22 23:03 . 2008-05-22 23:03 90,624 --a------ C:\WINDOWS\system32\mlbuqobj.dll
2008-05-21 21:27 . 2008-05-21 21:27 <DIR> d-------- C:\VundoFix Backups
2008-05-20 22:32 . 2008-05-20 22:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-20 22:32 . 2008-05-20 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-18 20:36 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-05-18 20:36 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-05-18 20:36 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-05-18 20:36 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-05-18 20:36 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-05-18 20:35 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-05-18 20:35 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-05-18 20:35 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-05-18 20:35 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-05-18 20:35 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-05-18 20:35 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-05-18 20:35 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-05-18 20:35 . 2004-08-03 23:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-05-18 20:35 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-05-18 20:33 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-05-18 20:32 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-05-18 20:31 . 2001-08-17 14:56 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
2008-05-18 20:30 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-05-18 20:29 . 2001-08-17 22:36 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
2008-05-18 20:28 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-05-18 20:27 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-05-18 20:26 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-05-18 20:25 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-05-18 20:24 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-18 20:23 . 2004-08-04 00:56 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-05-18 20:22 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2008-05-18 20:21 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-05-18 20:20 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-05-18 20:19 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-05-18 20:18 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-05-18 20:17 . 2001-08-17 22:36 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
2008-05-18 20:16 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-05-18 20:15 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-05-18 20:14 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
2008-05-18 20:13 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-05-18 20:12 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-05-18 20:11 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-05-18 20:10 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-05-18 20:09 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-05-18 20:08 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-05-18 12:33 . 2008-05-18 12:33 <DIR> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-05-18 12:33 . 2008-05-18 12:39 <DIR> d-------- C:\Documents and Settings\Dad\SecurityScans
2008-05-18 12:25 . 2008-05-18 12:25 <DIR> d-------- C:\Program Files\Sun
2008-05-18 11:53 . 2008-05-18 11:57 5,024 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-18 11:14 . 2008-05-18 11:14 <DIR> d-------- C:\Documents and Settings\Dad\DoctorWeb
2008-05-18 10:43 . 2008-05-18 10:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 23:05 . 2008-05-17 23:05 <DIR> d-------- C:\kav
2008-05-17 21:52 . 2008-05-17 21:52 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-17 21:47 . 2008-05-17 22:35 <DIR> d-------- C:\SDFix
2008-05-17 21:11 . 2008-05-17 21:12 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-05-17 21:03 . 2008-05-17 21:03 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\TmpRecentIcons
2008-05-17 17:08 . 2006-05-03 14:31 1,019,904 --a------ C:\WINDOWS\system32\cmdvdpak.cpl
2008-05-17 14:57 . 2008-05-17 14:57 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\TmpRecentIcons
2008-05-14 19:18 . 2008-05-14 19:18 0 --a------ C:\pspbrwse.jbf
2008-05-08 17:54 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-05-08 17:54 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-05-08 17:53 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-08 17:53 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-29 19:04 . 2008-01-08 17:16 25,272 --a------ C:\WINDOWS\system32\drivers\purendis.sys
2008-04-29 19:04 . 2008-01-08 17:16 23,992 --a------ C:\WINDOWS\system32\drivers\pnarp.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 00:59 --------- d-----w C:\Program Files\Google
2008-05-24 00:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-24 00:38 --------- d-----w C:\Program Files\BOINC
2008-05-23 05:53 --------- d-----w C:\Program Files\Agent
2008-05-23 04:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-22 03:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-21 05:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 05:20 --------- d-----w C:\Program Files\WildTangent
2008-05-18 19:25 --------- d-----w C:\Program Files\Java
2008-05-18 02:30 --------- d-----w C:\Program Files\Norton Security Scan
2008-05-18 00:08 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-05-16 03:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-04-30 02:04 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2008-04-29 00:08 --------- d-----w C:\Program Files\Safari
2008-04-29 00:07 --------- d-----w C:\Program Files\Apple Software Update
2008-04-22 22:55 --------- d-----w C:\Program Files\Norton 360
2008-04-20 00:56 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-19 19:40 --------- d-----w C:\Program Files\LimeWire
2008-04-16 04:16 --------- d-----w C:\Documents and Settings\Dad\Application Data\LimeWire
2008-04-08 03:27 --------- d-----w C:\Program Files\iTunes
2008-04-08 03:27 --------- d-----w C:\Program Files\iPod
2008-04-08 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-07 00:00 --------- d-----w C:\Program Files\QuickTime
2008-04-05 07:11 --------- d-----w C:\Documents and Settings\Dad\Application Data\Apple Computer
2008-04-05 05:34 --------- d-----w C:\Program Files\Palm
2008-04-05 00:56 --------- d-----w C:\Program Files\BFVCC Server Manager
2008-04-05 00:55 737,280 -c--a-w C:\WINDOWS\iun6002.exe
2008-04-05 00:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 00:44 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-01 01:01 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-30 01:59 --------- d-----w C:\Program Files\Documents To Go
2008-03-28 02:13 --------- d-----w C:\Program Files\FirstClass
2008-03-13 01:50 4,063,800 ----a-w C:\office2003-KB948073-ENU.exe
2007-11-15 00:00 560 -c--a-w C:\Documents and Settings\Dad\Application Data\ViewerApp.dat
2006-05-30 23:52 496,749 -c--a-w C:\Program Files\elevatorsuck1.rm
2006-04-14 17:44 104 --sha-r C:\WINDOWS\system32\1E179C0C29.sys
2006-07-05 18:25 88 --sha-r C:\WINDOWS\system32\290C9C171E.sys
2007-12-06 03:04 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-20_22.04.54.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-21 04:42:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-24 01:05:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-21 05:32:12 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-05-21 05:32:12 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-05-21 05:32:12 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-05-21 05:32:12 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2007-07-11 21:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 20:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 20:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2007-12-14 19:32:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
+ 2008-05-24 01:08:19 16,384 --sha-w C:\WINDOWS\Temp\Cookies\index.dat
+ 2008-05-24 01:08:19 16,384 --sha-w C:\WINDOWS\Temp\History\History.IE5\index.dat
+ 2008-05-24 01:06:00 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6e4.dat
+ 2008-05-24 01:08:19 32,768 --sha-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{1D986C8D-8D09-4A9F-BD4C-69778A2D5AAE}\mpengine.dll
2008-05-12 16:14 3308624 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0002373.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{77FE39B6-E49A-40B8-B0DE-0A3C040E72CE}\mpengine.dll
2008-05-12 16:14 3308624 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0000023.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{782A04A0-AD2E-4406-9710-DB2682C5012C}\mpengine.dll
2008-05-12 16:14 3308624 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0000194.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{E81435C7-A71E-4268-A519-7B728A351ED0}\mpengine.dll
2008-05-12 16:14 3308624 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000243.dll
2008-05-12 16:14 3308624 C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2008-04-01 10:33 3251280 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0000022.dll
2008-05-12 16:14 3308624 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0002372.dll
2004-08-04 05:00 25600 C:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2004-08-04 05:00 25600 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP10\A0002450.dll
2004-08-04 05:00 25600 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002370.dll
2008-02-08 19:04 72264 C:\kav\kav7.0\english\setup.exe
2008-02-08 19:04 72264 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0002425.exe
2007-08-02 16:53 536 C:\kav\kav7.0\english\setup.reg
2007-08-02 16:53 536 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0002426.reg
2008-05-22 18:53 88 C:\Program Files\BOINC\slots\0\libfftw3f-3-1-1a_upx.dll
2008-05-16 20:50 88 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0001282.dll
2008-05-22 02:25 88 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0002419.dll
2008-05-22 18:53 100 C:\Program Files\BOINC\slots\0\setiathome_5.27_windows_intelx86.exe
2008-05-16 20:50 100 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0001283.exe
2008-05-22 02:25 100 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0002420.exe
2008-05-21 23:23 88 C:\Program Files\BOINC\slots\1\libfftw3f-3-1-1a_upx.dll
2008-05-18 14:09 88 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0001279.dll
2008-05-21 23:23 100 C:\Program Files\BOINC\slots\1\setiathome_5.27_windows_intelx86.exe
2008-05-18 14:09 100 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0001280.exe
2008-05-23 17:41 531932 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
2008-05-22 17:01 531932 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP10\A0002456.dll
2008-05-22 04:38 531932 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002306.dll
C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20080508.002\IDS9xx86.dll
2007-12-04 19:05 157120 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000212.dll
C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20080508.002\IDSviA64.sys
2008-02-13 09:18 359472 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000215.sys
C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20080508.002\IDSvix86.sys
2008-02-13 09:18 261680 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000218.sys
C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20080508.002\IDSxpx86.dll
2008-02-13 09:18 685424 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000219.dll
C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20080508.002\SymIDSco.sys
2008-02-13 09:18 240496 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000220.sys
C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20080508.002\SymIDSI.dll
2008-02-13 09:18 173424 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000222.dll
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080520.001\hub.scr
2006-12-22 09:12 290 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000211.scr
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080521.001\hub.scr
2006-12-22 09:12 290 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0001281.scr
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080522.001\hub.scr
2006-12-22 09:12 290 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002307.scr
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080522.002\hub.scr
2006-12-22 09:12 290 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0002421.scr
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080519.003\CCERASER.DLL
2008-01-18 02:00 2561072 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000223.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080519.003\ECMSVR32.DLL
2008-04-17 01:00 284016 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000225.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080519.003\EECTRL.SYS
2008-01-18 02:00 385072 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000226.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080519.003\ERASER.SYS
2008-01-18 02:00 109616 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000228.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080519.003\NAVENG.SYS
2008-04-17 01:00 82256 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000229.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080519.003\NAVENG32.DLL
2008-04-17 01:00 128368 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000231.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080519.003\NAVEX15.SYS
2008-04-17 01:00 895408 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000232.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080519.003\NAVEX32A.DLL
2008-04-17 01:00 943472 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000234.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080520.004\CCERASER.DLL
2008-01-18 02:00 2561072 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002308.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080520.004\ECMSVR32.DLL
2008-04-17 01:00 284016 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002310.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080520.004\EECTRL.SYS
2008-01-18 02:00 385072 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002311.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080520.004\ERASER.SYS
2008-01-18 02:00 109616 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002313.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080520.004\NAVENG.SYS
2008-04-17 01:00 82256 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002314.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080520.004\NAVENG32.DLL
2008-04-17 01:00 128368 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002316.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080520.004\NAVEX15.SYS
2008-04-17 01:00 895408 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002317.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080520.004\NAVEX32A.DLL
2008-04-17 01:00 943472 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002319.DLL
C:\Program Files\Google\GoogleToolbar1.dll
2007-10-13 11:50 2554944 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP11\A0002506.dll
C:\Program Files\WildTangent\Apps\ActiveLauncher\ActiveLauncher0200.dll
2004-09-08 08:56 298456 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000145.dll
C:\Program Files\WildTangent\Apps\CDA\CDAEngine0400.dll
2005-08-13 18:07 302528 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000144.dll
C:\Program Files\WildTangent\Apps\CDA\CDAEngine0501.dll
2005-08-13 18:07 302528 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000143.dll
C:\Program Files\WildTangent\Apps\CDA\CDALogger0402.dll
2005-07-26 22:12 36864 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000147.dll
C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
2006-03-16 18:24 41688 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000152.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
2005-08-13 18:08 28616 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000148.exe
C:\Program Files\WildTangent\Apps\CDA\wtControlPanel.dll
2005-09-02 13:51 58320 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000150.dll
C:\Program Files\WildTangent\Apps\CDA\wtControlPanel.exe
2005-09-02 13:52 86016 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000151.exe
C:\Program Files\WildTangent\Apps\DRM0302.dll
2003-09-04 16:12 21504 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000101.dll
C:\Program Files\WildTangent\Apps\rDRM0302.dll
2003-09-04 16:14 24576 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000102.dll
C:\Program Files\WildTangent\Apps\WireControl.dll
2005-08-30 11:50 98304 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000142.dll
C:\Program Files\WildTangent\Components\wtAppConfig0501.dll
2005-08-13 18:07 31696 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000153.dll
C:\Program Files\WildTangent\Components\wtCache0200.dll
2004-11-08 17:51 35840 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000170.dll
C:\Program Files\WildTangent\Components\wtCache0300.dll
2005-08-12 15:38 98272 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000158.dll
C:\Program Files\WildTangent\Components\wtCookie0501.dll
2005-08-13 18:07 18376 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000154.dll
C:\Program Files\WildTangent\Components\wtDownloader0200.dll
2004-11-08 17:52 55296 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000171.dll
C:\Program Files\WildTangent\Components\wtDownloader0301b.dll
2005-08-12 15:37 223208 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000159.dll
C:\Program Files\WildTangent\Components\wtGameData0501.dll
2005-08-13 18:08 56776 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000155.dll
C:\Program Files\WildTangent\Components\wtGUI0501.dll
2005-08-13 18:08 161728 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000156.dll
C:\Program Files\WildTangent\Components\wtIO0200.dll
2004-11-08 17:52 22016 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000172.dll
C:\Program Files\WildTangent\Components\wtIO0300.dll
2005-08-12 15:36 81880 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000160.dll
C:\Program Files\WildTangent\Components\wtKernel0200.dll
2004-11-08 17:52 22528 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000173.dll
C:\Program Files\WildTangent\Components\wtKernel0300.dll
2005-08-12 15:36 140768 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000161.dll
C:\Program Files\WildTangent\Components\wtLua0200.dll
2004-11-08 17:50 51200 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000174.dll
C:\Program Files\WildTangent\Components\wtLua0300.dll
2005-08-12 15:39 116696 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000162.dll
C:\Program Files\WildTangent\Components\wtNetworking0200.dll
2004-11-08 17:51 16896 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000175.dll
C:\Program Files\WildTangent\Components\wtPropertyBag0200.dll
2004-11-08 17:51 21504 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000176.dll
C:\Program Files\WildTangent\Components\wtPropertyBag0300.dll
2005-08-12 15:38 146408 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000163.dll
C:\Program Files\WildTangent\Components\wtScript0200.dll
2004-11-08 17:50 18944 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000177.dll
C:\Program Files\WildTangent\Components\wtScript0300.dll
2005-08-12 15:38 23008 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000164.dll
C:\Program Files\WildTangent\Components\wtSerialization0200.dll
2004-11-08 17:51 16384 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000178.dll
C:\Program Files\WildTangent\Components\wtSerialization0300.dll
2005-08-12 15:39 86000 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000165.dll
C:\Program Files\WildTangent\Components\wtStreamProcessing0200.dll
2004-11-08 17:51 14848 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000179.dll
C:\Program Files\WildTangent\Components\wtStreamProcessing0301.dll
2005-08-12 15:38 46584 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000166.dll
C:\Program Files\WildTangent\Components\wtSystem0200.dll
2004-11-08 17:51 17920 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000180.dll
C:\Program Files\WildTangent\Components\wtSystem0300.dll
2005-08-12 15:38 74720 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000167.dll
C:\Program Files\WildTangent\Components\wtSystemConfig0300.dll
2005-08-12 15:38 51696 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000168.dll
C:\Program Files\WildTangent\Components\wtUserSupport0501.dll
2005-08-13 18:07 19400 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000157.dll
C:\Program Files\WildTangent\Components\wtXml0200.dll
2004-11-08 17:51 17920 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000181.dll
C:\Program Files\WildTangent\Components\wtXml0300.dll
2005-08-12 15:37 92632 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000169.dll
C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustCall64.dll
2008-05-20 22:31 41449 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0000187.dll
C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCall.dll
2008-05-20 22:31 27113 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0000188.dll
C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla.dll
2008-05-20 22:31 73728 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0000189.dll
C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla1.dll
2008-05-20 22:31 73728 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0000190.dll
C:\WINDOWS\system32\drivers\gvM56.sys
2008-05-21 20:22 29056 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000205.sys
C:\WINDOWS\system32\drivers\IsDrv122.sys
2008-05-21 22:12 211893 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0001275.sys
C:\WINDOWS\system32\drivers\vbH21.sys
2008-05-22 06:05 29056 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002305.sys
C:\WINDOWS\system32\khfEUljg.dll
2008-05-17 10:54 29824 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP7\A0000253.dll
C:\WINDOWS\system32\nregbflx.dll
2008-05-20 22:08 91264 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0001264.dll
C:\WINDOWS\system32\pmnlkJyY.dll
2008-05-17 10:53 29824 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP7\A0000254.dll
C:\WINDOWS\system32\rqRIcdDs.dll
2008-05-17 10:59 318848 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP2\A0000015.dll
C:\WINDOWS\system32\tilqltaa.dll
2008-05-20 21:08 91264 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0000197.dll
C:\WINDOWS\system32\WinCtrl32.dll
2008-05-22 17:34 14336 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP11\A0002508.dll
2008-05-22 16:17 14336 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002366.dll
C:\WINDOWS\system32\ygrfyega.dll
2008-05-21 22:01 90112 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP10\A0002445.dll
C:\WINDOWS\wt\updater\wcmdmgr.exe
2005-09-02 13:50 9168 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000183.exe
C:\WINDOWS\wt\updater\wcmdmgrl.exe
2005-09-02 13:50 9168 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000184.exe
C:\WINDOWS\wt\webdriver.dll
2005-06-13 13:10 71 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000106.dll
C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll
2004-05-14 07:56 102400 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000127.dll
C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll
2004-05-14 07:56 45056 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000128.dll
C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll
2004-05-14 07:55 65536 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000129.dll
C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll
2004-05-14 07:55 155648 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000130.dll
C:\WINDOWS\wt\webdriver\4.1.1\sound.dll
2004-05-14 07:56 98304 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000138.dll
C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll
2004-05-14 07:55 737280 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000131.dll
C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll
2004-05-14 07:58 712704 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000132.dll
C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe
2004-04-26 14:19 61440 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000133.exe
C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll
2004-04-26 14:19 57344 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000134.dll
C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll
2004-03-09 18:57 73728 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000135.dll
C:\WINDOWS\wt\webdriver\jdriver.dll
2004-05-24 13:37 167936 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000103.dll
C:\WINDOWS\wt\webdriver\rdriver.dll
2004-05-24 13:37 159744 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000104.dll
C:\WINDOWS\wt\webdriver\wtdmmp.dll
2003-10-27 12:42 36864 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000096.dll
C:\WINDOWS\wt\webdriver\wtdmmpv.dll
2003-11-10 18:38 49152 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000097.dll
C:\WINDOWS\wt\wt3d.dll
2005-06-13 13:10 71 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000107.dll
C:\WINDOWS\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmp.dll
2003-10-27 12:42 36864 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000094.dll
C:\WINDOWS\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpv.dll
2003-11-10 18:38 49152 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000095.dll
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll
2003-09-04 16:12 21504 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000098.dll
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll
2003-09-04 16:13 24576 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000100.dll
C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll
2003-09-04 16:14 24576 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000099.dll
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll
2004-05-14 07:56 102400 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000109.dll
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll
2004-05-14 07:56 45056 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000110.dll
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll
2004-05-14 07:55 65536 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000111.dll
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll
2003-08-20 14:53 167936 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000112.dll
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll
2004-05-18 17:30 71 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000124.dll
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll
2004-05-18 17:30 71 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000125.dll
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll
2004-04-26 14:19 32768 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000140.dll
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll
2004-05-14 07:55 155648 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000113.dll
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll
2003-08-20 14:53 159744 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000114.dll
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll
2004-05-14 07:56 98304 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000123.dll
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll
2004-05-14 07:55 737280 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000115.dll
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll
2004-05-14 07:58 712704 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000116.dll
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe
2004-04-26 14:19 61440 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000117.exe
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll
2004-04-26 14:19 57344 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000118.dll
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll
2004-03-09 18:57 73728 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000119.dll
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll
2004-02-16 10:47 53248 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000120.dll
C:\WINDOWS\wt\wtupdates\WireControl\1.0.0.63\files\WireControl.dll
2005-04-04 18:01 98304 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000141.dll
C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll
2005-08-30 11:50 98304 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000185.dll
C:\WINDOWS\wt\wtvh.dll
2004-02-16 10:47 53248 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000105.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 20:25 81920]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-02 21:49 68856]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 13:09 460784]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 17:25 49152]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 10:34 122880]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2005-07-22 15:02 126464]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-08 17:20 451896]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-18 10:32 451896]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 04:07 19968 C:\WINDOWS\system32\Ctxfihlp.exe]
"CTHelper"="CTHELPER.EXE" [2006-12-12 11:46 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 00:00 45056]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-14 20:10 116328]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 18:54 166304]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 15:53 169264]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 17:19 29744]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"806788f8"="C:\WINDOWS\system32\mlbuqobj.dll" [2008-05-22 23:03 90624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.exe" [2005-09-20 09:51 25600 C:\WINDOWS\MIDIDEF.EXE]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 04:00 44544]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2007-03-01 11:19:50 3604480]
DataViz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe [2003-07-01 22:16:46 24576]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-05 01:02:54 784912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlkJyY]
pmnlkJyY.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\meA23.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Palm\\HOTSYNC.EXE"=
"C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 02:00]
R2 Maxtor Sync Service;Maxtor Service;"C:\Program Files\Maxtor\Sync\SyncServices.exe" [2007-09-28 13:24]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
R2 ZuneBusEnum;Zune Bus Enumerator;C:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 18:54]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 09:36]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 17:19]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2005-02-14 15:10]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;C:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]
.
Contents of the 'Scheduled Tasks' folder
"2008-05-17 18:05:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-24 01:08:50 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 18:06:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\TEMP\TMP000000088FF057223A44AD41 524288 bytes executable
C:\WINDOWS\system32\jboqublm.ini 294 bytes
scan completed successfully
hidden files: 2
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
-> C:\WINDOWS\system32\mlbuqobj.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTxfispi.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_5.27_windows_intelx86.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_5.27_windows_intelx86.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
.
**************************************************************************
.
Completion time: 2008-05-23 18:13:34 - machine was rebooted [Dad]
ComboFix-quarantined-files.txt 2008-05-24 01:13:28
ComboFix2.txt 2008-05-23 00:40:35
ComboFix3.txt 2008-05-22 04:59:03
ComboFix4.txt 2008-05-21 05:05:24
Pre-Run: 370,494,963,712 bytes free
Post-Run: 370,493,329,408 bytes free
595 --- E O F --- 2008-05-23 00:10:00
Kaspersky Online ScannerWelcome to the Kaspersky Online Scanner! Use it to
scan your PC for viruses and other malware for free
Warning: if you have installed Kaspersky Online Scanner Pro, please
manually uninstall it using "Add/Remove Programs" before installing this
version! Otherwise this version will not function correctly.
Benefits:
Kaspersky Anti-Virus exceptional detection rates and thorough scanning
Hourly AV database updates available each time the Online Scanner is
launched
Heuristic analysis to detect unknown viruses
Simple installation (just click on a link)
Requirements and limitations:
When using this service for the first time, you have to run with
Administrator privileges in order to install the product. Also, you will
need to download and install files about 400 KB in size followed by 9 MB
of virus definitions.
However, if you use the Online Scanner again, you will only need to
download the files that have been updated since your last scan.
The Online Scanner service offered by Kaspersky Lab uses Microsoft ActiveX
technology. Microsoft ActiveX Technology and the Kaspersky Online Scanner
work only with MS Internet Explorer 6.0 or higher.
We cannot guarantee that the Online Scanner will function correctly if you
are using any other browser or any Internet Explorer extensions (such as
AvantBrowser). If you use a different browser, you can use the Kaspersky
File Scanner to scan individual files.
The free Kaspersky Online Scanner does not scan boot sectors and MBRs, so
it cannot detect malicious code located in these areas.
Please note: The free Kaspersky Online Scanner does not protect against
malicious code, and cannot prevent future infections. It only detects
malware that has already penetrated your computer. We strongly recommend
that you install a full antivirus solution to protect your system.
Privacy statement:
The Kaspersky Online Scanner will collect information about the malicious
programs found on your computer during the scanning process. The
information will be sent to the Kaspersky Virus Lab for statistical
purposes. No personal information about you or specific information about
your system will be collected or transmitted to Kaspersky Lab.
Select: All, None, Suspicious Selected objects: 0
Scan settings:
Here you can configure the scanning process.
Scan using the following antivirus database:
standard - detect viruses, worms, Trojans,
rootkits
extended - protect your computer from Spyware,
adware, dialers and potentially dangerous
software such as remote access utilities, prank
programs and jokes. We do not recommend this
option to beginners or inexperienced users.
Scan options:
Scan Archives - scan files inside archives
Note: affects all targets except 'A
File...' scan target.
Scan Mail Bases - scan e-mails/attachments
inside mail base files
Note: affects all targets except 'My
Email' and 'A File...' scan targets.
Initialize Kaspersky Online Scanner
(downloading and installing Kaspersky Online
Scanner ActiveX from the server into your
computer)
Update Kaspersky Anti-Virus Databases [100%]:
(downloading and installing the latest Kaspersky
Anti-Virus Databases)
Update finished. Ready to scan.
Next
Please select a target to scan:
You can configure the scanning process by
pressing "Scan Settings" button.
Critical Areas
scan critical areas of your hard disks
specified in %windir% and %tmp% system variables
Memory
scan disk modules of running processes
My Computer
scan all your hard and mapped disks
My Email
scan all your hard and mapped disks only for the
following extensions: *.PST; *.MSG; *.OST;
*.MDB; *.DBX; *.EML; *.MBS
Folders...
scan selected folders
A File...
scan a one file
Warning: The Kaspersky Online Scanner may not
run successfully while any other Anti-Virus
software is running. If you have Anti-Virus
software installed, please disable your AV
protection before running the Kaspersky Online
Scanner.
Selected target: My Computer
Source: C:\; D:\; E:\; F:\; G:\; H:\; I:\; J:\;
Report is empty.
Please note: The free Kaspersky Online Scanner
does not provide comprehensive protection and
cannot prevent future infections. It only
detects malware that has already penetrated your
storage devices. We strongly recommend that you
use a fully-functional antivirus solution to
protect your computer at all times.
Please wait, this process may take a long time
depending on the selected target. If you want to
continue browsing, open a new window.
Scan Progress [99%]:
Total number of scanned objects:294083
Number of viruses found:11
Number of infected objects:32
Number of suspicious objects:0
Duration of the scan process:03:59:59
Stop Scan
Product Info
You have Kaspersky Online Scanner version 5.0.98.0
installed. The current anti-virus database was
released on Saturday, May 24, 2008 and contains
799443 records.
System Info
Operating System: Microsoft Windows XP
Professional, Service Pack 2 (Build 2600)Please
wait while the Kaspersky Online Scanner is
initializing and updating...
Rorschach112
2008-05-24, 17:45
Hello
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\system32\mlbuqobj.dll
C:\WINDOWS\system32\drivers\gvM56.sys
C:\WINDOWS\system32\drivers\vbH21.sys
C:\WINDOWS\system32\khfEUljg.dll
C:\WINDOWS\system32\nregbflx.dll
C:\WINDOWS\system32\pmnlkJyY.dll
C:\WINDOWS\system32\rqRIcdDs.dll
C:\WINDOWS\system32\tilqltaa.dll
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\ygrfyega.dll
Folder::
C:\WINDOWS\wt
Rootkit::
C:\WINDOWS\system32\jboqublm.ini
Driver::
Save this as CFScript.txt, in the same location as ComboFix.exe
http://i266.photobucket.com/albums/ii277/sUBs_/Combo-Do.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Also post a new HijackThis log
Here's the data you asked for. Thank you
ComboFix 08-05-21.3 - Dad 2008-05-24 8:56:18.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1216 [GMT -7:00]
Running from: C:\Documents and Settings\Dad\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dad\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\system32\drivers\gvM56.sys
C:\WINDOWS\system32\drivers\vbH21.sys
C:\WINDOWS\system32\khfEUljg.dll
C:\WINDOWS\system32\mlbuqobj.dll
C:\WINDOWS\system32\nregbflx.dll
C:\WINDOWS\system32\pmnlkJyY.dll
C:\WINDOWS\system32\rqRIcdDs.dll
C:\WINDOWS\system32\tilqltaa.dll
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\ygrfyega.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\jboqublm.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlbuqobj.dll
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.
2008-05-23 18:26 . 2008-05-23 18:26 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-23 18:26 . 2008-05-23 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-21 21:27 . 2008-05-21 21:27 <DIR> d-------- C:\VundoFix Backups
2008-05-20 22:32 . 2008-05-20 22:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-20 22:32 . 2008-05-20 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-18 20:36 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-05-18 20:36 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-05-18 20:36 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-05-18 20:36 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-05-18 20:36 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-05-18 20:35 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-05-18 20:35 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-05-18 20:35 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-05-18 20:35 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-05-18 20:35 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-05-18 20:35 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-05-18 20:35 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-05-18 20:35 . 2004-08-03 23:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-05-18 20:35 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-05-18 20:33 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-05-18 20:32 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-05-18 20:31 . 2001-08-17 14:56 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
2008-05-18 20:30 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-05-18 20:29 . 2001-08-17 22:36 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
2008-05-18 20:28 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-05-18 20:27 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-05-18 20:26 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-05-18 20:25 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-05-18 20:24 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-18 20:23 . 2004-08-04 00:56 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-05-18 20:22 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2008-05-18 20:21 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-05-18 20:20 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-05-18 20:19 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-05-18 20:18 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-05-18 20:17 . 2001-08-17 22:36 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
2008-05-18 20:16 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-05-18 20:15 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-05-18 20:14 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
2008-05-18 20:13 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-05-18 20:12 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-05-18 20:11 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-05-18 20:10 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-05-18 20:09 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-05-18 20:08 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-05-18 12:33 . 2008-05-18 12:33 <DIR> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-05-18 12:33 . 2008-05-18 12:39 <DIR> d-------- C:\Documents and Settings\Dad\SecurityScans
2008-05-18 12:25 . 2008-05-18 12:25 <DIR> d-------- C:\Program Files\Sun
2008-05-18 11:53 . 2008-05-18 11:57 5,024 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-18 11:14 . 2008-05-18 11:14 <DIR> d-------- C:\Documents and Settings\Dad\DoctorWeb
2008-05-18 10:43 . 2008-05-18 10:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 23:05 . 2008-05-17 23:05 <DIR> d-------- C:\kav
2008-05-17 21:52 . 2008-05-17 21:52 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-17 21:47 . 2008-05-17 22:35 <DIR> d-------- C:\SDFix
2008-05-17 21:11 . 2008-05-17 21:12 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-05-17 21:03 . 2008-05-17 21:03 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\TmpRecentIcons
2008-05-17 17:08 . 2006-05-03 14:31 1,019,904 --a------ C:\WINDOWS\system32\cmdvdpak.cpl
2008-05-17 14:57 . 2008-05-17 14:57 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\TmpRecentIcons
2008-05-14 19:18 . 2008-05-14 19:18 0 --a------ C:\pspbrwse.jbf
2008-05-08 17:54 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-05-08 17:54 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-05-08 17:53 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-08 17:53 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-29 19:04 . 2008-01-08 17:16 25,272 --a------ C:\WINDOWS\system32\drivers\purendis.sys
2008-04-29 19:04 . 2008-01-08 17:16 23,992 --a------ C:\WINDOWS\system32\drivers\pnarp.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 16:00 --------- d-----w C:\Program Files\BOINC
2008-05-24 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-24 05:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-24 00:59 --------- d-----w C:\Program Files\Google
2008-05-23 05:53 --------- d-----w C:\Program Files\Agent
2008-05-22 03:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-21 05:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 05:20 --------- d-----w C:\Program Files\WildTangent
2008-05-18 19:25 --------- d-----w C:\Program Files\Java
2008-05-18 02:30 --------- d-----w C:\Program Files\Norton Security Scan
2008-05-18 00:08 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-05-16 03:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-04-30 02:04 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2008-04-29 00:08 --------- d-----w C:\Program Files\Safari
2008-04-29 00:07 --------- d-----w C:\Program Files\Apple Software Update
2008-04-22 22:55 --------- d-----w C:\Program Files\Norton 360
2008-04-20 00:56 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-19 19:40 --------- d-----w C:\Program Files\LimeWire
2008-04-16 04:16 --------- d-----w C:\Documents and Settings\Dad\Application Data\LimeWire
2008-04-08 03:27 --------- d-----w C:\Program Files\iTunes
2008-04-08 03:27 --------- d-----w C:\Program Files\iPod
2008-04-08 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-07 00:00 --------- d-----w C:\Program Files\QuickTime
2008-04-05 07:11 --------- d-----w C:\Documents and Settings\Dad\Application Data\Apple Computer
2008-04-05 05:34 --------- d-----w C:\Program Files\Palm
2008-04-05 00:56 --------- d-----w C:\Program Files\BFVCC Server Manager
2008-04-05 00:55 737,280 -c--a-w C:\WINDOWS\iun6002.exe
2008-04-05 00:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 00:44 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-01 01:01 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-30 01:59 --------- d-----w C:\Program Files\Documents To Go
2008-03-28 02:13 --------- d-----w C:\Program Files\FirstClass
2008-03-13 01:50 4,063,800 ----a-w C:\office2003-KB948073-ENU.exe
2007-11-15 00:00 560 -c--a-w C:\Documents and Settings\Dad\Application Data\ViewerApp.dat
2006-05-30 23:52 496,749 -c--a-w C:\Program Files\elevatorsuck1.rm
2006-04-14 17:44 104 --sha-r C:\WINDOWS\system32\1E179C0C29.sys
2006-07-05 18:25 88 --sha-r C:\WINDOWS\system32\290C9C171E.sys
2007-12-06 03:04 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-20_22.04.54.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-21 04:42:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-24 16:03:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-21 05:32:12 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-05-21 05:32:12 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-05-21 05:32:12 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-05-21 05:32:12 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2007-07-11 21:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 20:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 20:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2005-05-24 19:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 22:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 22:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2007-12-14 19:32:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
+ 2008-05-24 16:03:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_25c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 20:25 81920]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-02 21:49 68856]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 13:09 460784]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 17:25 49152]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 10:34 122880]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2005-07-22 15:02 126464]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-08 17:20 451896]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-18 10:32 451896]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 04:07 19968 C:\WINDOWS\system32\Ctxfihlp.exe]
"CTHelper"="CTHELPER.EXE" [2006-12-12 11:46 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 00:00 45056]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-14 20:10 116328]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 18:54 166304]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 15:53 169264]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 17:19 29744]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"806788f8"="C:\WINDOWS\system32\mlbuqobj.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.exe" [2005-09-20 09:51 25600 C:\WINDOWS\MIDIDEF.EXE]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 04:00 44544]
C:\Documents and Settings\Dad\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2003-07-25 17:29:32 299008]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2007-03-01 11:19:50 3604480]
DataViz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe [2003-07-01 22:16:46 24576]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-05 01:02:54 784912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlkJyY]
pmnlkJyY.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\meA23.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Palm\\HOTSYNC.EXE"=
"C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 02:00]
R2 Maxtor Sync Service;Maxtor Service;"C:\Program Files\Maxtor\Sync\SyncServices.exe" [2007-09-28 13:24]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
R2 ZuneBusEnum;Zune Bus Enumerator;C:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 18:54]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 09:36]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 17:19]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2005-02-14 15:10]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;C:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]
.
Contents of the 'Scheduled Tasks' folder
"2008-05-17 18:05:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-24 16:06:24 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 09:04:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTxfispi.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2008-05-24 9:10:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-24 16:10:43
ComboFix2.txt 2008-05-24 01:13:36
ComboFix3.txt 2008-05-23 00:40:35
ComboFix4.txt 2008-05-22 04:59:03
ComboFix5.txt 2008-05-21 05:05:24
Pre-Run: 370,398,167,040 bytes free
Post-Run: 370,383,257,600 bytes free
298 --- E O F --- 2008-05-23 00:10:00
**********************************************************
\Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:34 AM, on 5/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\BOINC\boincmgr.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [806788f8] rundll32.exe "C:\WINDOWS\system32\mlbuqobj.dll",b
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211170065375
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199331003109
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5189/mcfscan.cab
O20 - Winlogon Notify: pmnlkJyY - pmnlkJyY.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 15001 bytes
thanks for your help
Rorschach112
2008-05-24, 18:24
Hello
1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [806788f8] rundll32.exe "C:\WINDOWS\system32\mlbuqobj.dll",b
O20 - Winlogon Notify: pmnlkJyY - pmnlkJyY.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:
File::
Folder::
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\meA23.sys]
Driver::
Save this as CFScript.txt, in the same location as ComboFix.exe
http://i266.photobucket.com/albums/ii277/sUBs_/Combo-Do.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Please download Malwarebytes' Anti-Malware from Here (http://www.besttechie.net/tools/mbam-setup.exe) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Reboot and post a new HijackThis log and tell me how the PC is running
So far the computer seems to be working fine. Windows update can be turned on and off and I was able to download windows updates, which I couldn't do before. Thank you so much, I was getting frustrated before I found this website.:)
Malwarebytes' Anti-Malware 1.12
Database version: 783
Scan type: Quick Scan
Objects scanned: 52197
Time elapsed: 7 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\MySearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
*********************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:14 AM, on 5/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\BOINC\boincmgr.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211170065375
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199331003109
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5189/mcfscan.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 14587 bytes
Rorschach112
2008-05-24, 22:18
Your logs are clean
Follow these steps to uninstall Combofix and tools used in the removal of malware
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
You now need to update your Java and remove your older versions.
Please follow these steps to remove older version Java components.
* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.
Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here (http://java.sun.com/javase/downloads/index.jsp)
Below I have included a number of recommendations for how to protect your computer against malware infections.
* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster (http://www.javacoolsoftware.com/sbdownload.html) protects against bad ActiveX
IE-SPYAD (http://www.spywarewarrior.com/uiuc/res/ie-spyad.exe) puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here (http://www.bleepingcomputer.com/tutorials/tutorial53.html)
* SpywareGuard (http://www.javacoolsoftware.com/sgdownload.html) offers realtime protection from spyware installation attempts.
Make Internet Explorer more secure
Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here (http://www.mozilla.org/products/firefox/)
* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here (http://forums.spywareinfo.com/index.php?showtopic=60955)
Thank you for your patience, and performing all of the procedures requested.
Thank you for your help, I really appreciate it. I have already downloaded and are using your recommedations.
Again, Thank you.
Rorschach112
2008-05-25, 23:40
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.