IThe porblem i am having is after installing a program i saw the blue screen of death and upon reboot no antivirus software works spybot is goin and only ad aware is working...also the big thing is that i can no longer connect to the internet....I;m using my ps3 to post to the forum. Alll progrrams like icesword and hijackthis either won't load or is not a valid win32 error...I don't know where to start on this one...I have run a full system scan with ad aware and im also using a-squared free to run a deeper scan. Also I have an uncorrupted backup of my registry but i can't use it because windows says i can install backup while programs are running but of course i can boot into safe mode either...Pleaase someone help
okay i rebooted my system and got srosa.sys to delete on reboot with killbox watched my taskmgr and kill processes hdlrrr.exe and ieplorer.exe on startup and i can now use more programs than before..now i can connect to internet! created a file on desktop named spybotsd.exe and it did not delete automatically this time but i still can't run hijackthis and other programs are still not valid win32 apps
okay figured out that by renaming combofix when i download it i can get this to work....
ComboFix 08-06-10.5 - Administrator 2008-06-12 4:17:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1019 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\cfixer.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Application Data\inst.exe
C:\WINDOWS\system32\_004004_.tmp.dll
C:\WINDOWS\system32\_004005_.tmp.dll
C:\WINDOWS\system32\_004006_.tmp.dll
C:\WINDOWS\system32\_004007_.tmp.dll
C:\WINDOWS\system32\_004014_.tmp.dll
C:\WINDOWS\system32\_004015_.tmp.dll
C:\WINDOWS\system32\_004016_.tmp.dll
C:\WINDOWS\system32\_004017_.tmp.dll
C:\WINDOWS\system32\_004019_.tmp.dll
C:\WINDOWS\system32\_004020_.tmp.dll
C:\WINDOWS\system32\_004023_.tmp.dll
C:\WINDOWS\system32\_004024_.tmp.dll
C:\WINDOWS\system32\_004026_.tmp.dll
C:\WINDOWS\system32\_004027_.tmp.dll
C:\WINDOWS\system32\_004028_.tmp.dll
C:\WINDOWS\system32\_004030_.tmp.dll
C:\WINDOWS\system32\_004033_.tmp.dll
C:\WINDOWS\system32\_004034_.tmp.dll
C:\WINDOWS\system32\_004038_.tmp.dll
C:\WINDOWS\system32\_004039_.tmp.dll
C:\WINDOWS\system32\_004041_.tmp.dll
C:\WINDOWS\system32\_004044_.tmp.dll
C:\WINDOWS\system32\_004046_.tmp.dll
C:\WINDOWS\system32\_004047_.tmp.dll
C:\WINDOWS\system32\_004048_.tmp.dll
C:\WINDOWS\system32\_004049_.tmp.dll
C:\WINDOWS\system32\_004050_.tmp.dll
C:\WINDOWS\system32\_004053_.tmp.dll
C:\WINDOWS\system32\_004054_.tmp.dll
C:\WINDOWS\system32\_004055_.tmp.dll
C:\WINDOWS\system32\_004056_.tmp.dll
C:\WINDOWS\system32\_004057_.tmp.dll
C:\WINDOWS\system32\_004062_.tmp.dll
C:\WINDOWS\system32\_004064_.tmp.dll
C:\WINDOWS\system32\_004065_.tmp.dll
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\w32apiw.dll
D:\Autorun.inf
O:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SROSA
((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.
2008-06-11 20:21 . 2008-06-11 20:21 17,408 --a------ C:\WINDOWS\system32\rpcnetp.dll
2008-06-11 20:15 . 2008-06-11 22:21 17,408 --a------ C:\WINDOWS\system32\rpcnetp.exe
2008-06-11 12:34 . 2008-06-11 12:36 <DIR> d-------- C:\Combo-Fix2
2008-06-11 05:31 . 2008-06-11 05:36 <DIR> d-------- C:\!KillBox
2008-06-11 05:09 . 2008-06-11 05:09 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2008-06-11 04:47 . 2008-06-11 05:00 <DIR> d-------- C:\Program Files\a-squared Free
2008-06-07 11:20 . 2008-06-07 11:20 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters
2008-06-07 11:20 . 2008-06-07 11:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-06-06 16:58 . 2008-06-06 16:58 <DIR> d-------- C:\Program Files\Network Stumbler
2008-06-06 16:30 . 2008-06-06 16:30 <DIR> d-------- C:\Program Files\NKProds
2008-06-06 16:30 . 2008-06-06 16:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\nCleaner
2008-06-06 15:50 . 2008-06-06 15:50 <DIR> d-------- C:\Program Files\Copy Handler
2008-06-03 21:38 . 2008-06-03 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-06-03 21:38 . 2008-06-03 21:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Songbird1
2008-06-03 21:37 . 2008-06-09 21:51 <DIR> d-------- C:\Program Files\Songbird
2008-06-01 23:51 . 2008-06-01 23:51 <DIR> d-------- C:\Program Files\Deusty
2008-05-31 13:35 . 2008-06-02 01:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Extensis
2008-05-31 13:35 . 2008-06-02 01:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Extensis
2008-05-31 13:32 . 2008-05-31 13:32 <DIR> d-------- C:\Program Files\Extensis
2008-05-31 10:59 . 2008-05-31 10:59 <DIR> d-------- C:\Program Files\Sizer
2008-05-31 02:57 . 2008-05-31 02:57 <DIR> d-------- C:\Program Files\Blinkx
2008-05-31 02:57 . 2008-05-31 02:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\blinkx
2008-05-29 20:48 . 2008-05-29 20:48 <DIR> d-------- C:\Program Files\UberIcon
2008-05-29 03:10 . 2008-05-29 03:10 <DIR> d-------- C:\Program Files\SMOz
2008-05-29 03:10 . 2008-05-29 03:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SMOz
2008-05-27 21:45 . 2008-05-27 21:45 <DIR> d-------- C:\Program Files\Vista Start Menu
2008-05-27 21:45 . 2008-06-08 10:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Vista Start Menu
2008-05-27 20:56 . 2008-05-27 20:56 <DIR> d-------- C:\Program Files\DVDFab 5
2008-05-27 20:56 . 2008-06-11 00:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Vso
2008-05-27 20:56 . 2008-05-27 20:56 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-27 20:56 . 2008-05-27 20:56 47,360 --a------ C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
2008-05-27 14:46 . 2008-05-27 14:46 <DIR> d-------- C:\dvd
2008-05-26 02:10 . 2008-05-26 02:10 <DIR> d-------- C:\Program Files\Riva
2008-05-26 02:10 . 2008-05-26 02:10 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-05-25 22:28 . 2008-06-08 10:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Hamachi
2008-05-25 22:27 . 2008-05-25 22:28 <DIR> d-------- C:\Program Files\Hamachi
2008-05-25 22:27 . 2008-05-25 22:27 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-25 21:55 . 2008-05-25 21:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\cronometer
2008-05-25 21:53 . 2008-05-25 21:54 <DIR> d-------- C:\Program Files\CRON-O-METER
2008-05-25 21:04 . 2008-05-25 23:31 <DIR> d-------- C:\Program Files\CrossLoop
2008-05-25 17:55 . 2008-05-27 22:56 <DIR> d-------- C:\Program Files\AutoHotkey
2008-05-25 12:33 . 2008-06-01 22:35 <DIR> d-------- C:\Program Files\Startup Manager
2008-05-25 12:33 . 2008-05-25 12:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Startup Manager
2008-05-25 12:29 . 2008-05-25 12:29 <DIR> d-------- C:\Program Files\Quick StartUp
2008-05-25 12:29 . 2008-05-25 12:29 <DIR> d-------- C:\Program Files\Innovative Solutions
2008-05-25 04:36 . 2008-05-25 12:56 <DIR> d-------- C:\Program Files\Pamela
2008-05-25 04:36 . 2008-05-25 04:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Pamela
2008-05-25 04:36 . 2008-05-25 04:36 180,224 --a------ C:\WINDOWS\system32\RemoteControl.dll
2008-05-24 22:21 . 2008-05-24 22:21 <DIR> d-------- C:\Program Files\Common Files\DiskTrix
2008-05-23 17:33 . 2008-05-23 17:33 <DIR> d-------- C:\Program Files\DiskTrix
2008-05-22 20:13 . 2008-01-28 22:40 271,872 -ra------ C:\WINDOWS\curl.exe
2008-05-22 19:35 . 2008-05-22 19:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Launchy
2008-05-22 19:34 . 2008-05-22 19:43 <DIR> d-------- C:\Program Files\Launchy
2008-05-22 19:32 . 2008-05-22 19:47 <DIR> d-------- C:\Program Files\FindAndRunRobot
2008-05-22 19:32 . 2008-05-22 19:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DonationCoder
2008-05-22 19:32 . 2008-05-22 19:32 46 --a------ C:\WINDOWS\system32\DonationCoder_findrunrobot_InstallInfo.dat
2008-05-19 00:12 . 2008-05-19 00:12 <DIR> d-------- C:\Program Files\Western Digital Technologies
2008-05-19 00:12 . 2008-05-19 00:12 339,968 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
2008-05-18 19:47 . 2008-05-18 19:47 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-18 18:20 . 2008-05-18 18:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Unyte
2008-05-18 17:27 . 2008-05-18 17:27 <DIR> d-------- C:\Program Files\Snackr
2008-05-18 04:43 . 2008-05-28 07:24 <DIR> d-------- C:\Program Files\Last.fm
2008-05-18 04:43 . 2008-05-18 04:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-05-16 22:01 . 2008-05-16 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
2008-05-16 22:01 . 2008-05-16 22:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Deusty
2008-05-16 21:25 . 2008-05-16 21:25 <DIR> d-------- C:\Program Files\Shock Utility
2008-05-16 11:15 . 2008-05-29 03:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-05-15 00:55 . 2008-05-15 00:55 <DIR> d-------- C:\Program Files\Handbrake
2008-05-14 18:12 . 2008-05-14 18:12 <DIR> d-------- C:\Program Files\WinDirStat
2008-05-14 17:00 . 2008-05-14 17:00 <DIR> d-------- C:\WINDOWS\system32\PolarClock3 dir
2008-05-14 16:24 . 2008-05-14 16:24 <DIR> d-------- C:\Program Files\Transparent Windows
2008-05-14 13:40 . 2008-05-14 13:40 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-14 13:40 . 2008-05-14 13:40 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-14 13:40 . 2008-05-14 13:40 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-14 13:40 . 2008-05-14 13:40 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-14 13:38 . 2008-05-14 13:38 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-14 11:25 . 2008-04-13 11:37 2,630,144 -----c--- C:\WINDOWS\system32\dllcache\tpc_oobe.dll
2008-05-14 11:24 . 2008-04-13 19:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-05-14 11:23 . 2008-04-13 19:11 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2008-05-14 11:03 . 2008-05-14 13:41 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-14 10:58 . 2008-05-14 16:39 <DIR> d-------- C:\ChaosCrystal2.0.001
2008-05-14 10:38 . 2008-05-14 10:38 <DIR> d-------- C:\Program Files\Common Files\Crystal Decisions
2008-05-13 23:24 . 2008-06-11 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\eboostr
2008-05-13 23:23 . 2008-05-14 14:23 <DIR> d-------- C:\Program Files\eBoostr
2008-05-13 22:58 . 2008-05-13 23:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ViStart
2008-05-13 22:45 . 2008-05-27 22:00 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2008-05-13 22:45 . 2008-05-13 22:45 <DIR> d-------- C:\Program Files\WinFlip
2008-05-13 22:45 . 2008-05-13 22:45 <DIR> d-------- C:\Program Files\VisualTooltip
2008-05-13 22:45 . 2008-05-27 21:16 <DIR> d-------- C:\Program Files\ViStart
2008-05-13 22:45 . 2008-05-13 22:59 <DIR> d-------- C:\Program Files\Vista Sidebar
2008-05-13 22:45 . 2008-05-13 22:45 <DIR> d-------- C:\Program Files\ViOrb
2008-05-13 22:45 . 2008-05-13 22:45 <DIR> d-------- C:\Program Files\TrueTransparency
2008-05-13 22:45 . 2008-05-13 22:45 <DIR> d-------- C:\Program Files\Styler
2008-05-13 22:45 . 2008-06-11 00:49 <DIR> d-------- C:\Program Files\LClock
2008-05-13 22:45 . 2008-05-13 22:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Styler
2008-05-13 22:45 . 2007-11-30 05:56 329,029 --a------ C:\WINDOWS\system32\viwc.exe
2008-05-13 22:45 . 2004-09-20 01:27 172,032 --a------ C:\WINDOWS\system32\LClock.cpl
2008-05-13 22:44 . 2007-04-15 01:32 7,333,376 --a------ C:\WINDOWS\system32\vistaui.exe
2008-05-13 22:44 . 2008-04-13 19:12 220,672 --a------ C:\WINDOWS\system32\logon.scr
2008-05-13 22:44 . 2007-11-25 22:11 49,208 --a------ C:\WINDOWS\system32\vistartup.bmp
2008-05-13 22:39 . 2008-05-13 22:39 78,942 -ra------ C:\WINDOWS\Icon_1.ico
2008-05-13 22:38 . 2008-05-14 14:01 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-05-13 22:38 . 2008-05-13 22:52 <DIR> d-------- C:\VTPFiles
2008-05-13 22:38 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-05-13 22:38 . 2006-12-03 17:15 69,632 --a------ C:\WINDOWS\system32\moveex.exe
2008-05-13 22:38 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-05-13 22:38 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-05-13 22:28 . 2008-05-13 22:28 <DIR> d-------- C:\Program Files\zabkat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 09:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-06-12 09:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SiteAdvisor
2008-06-12 03:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-06-12 01:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Free Download Manager
2008-06-11 23:04 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-06-11 06:26 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-10 21:11 --------- d-----w C:\Program Files\Google
2008-06-10 21:09 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-06-10 16:23 --------- d-----w C:\Program Files\Gizmoz Talking Headz
2008-06-10 16:23 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Gizmoz
2008-06-10 15:48 --------- d-----w C:\Program Files\eMule
2008-06-07 16:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-07 14:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-06-06 08:31 --------- d-----w C:\Program Files\SpeedFan
2008-06-04 16:01 --------- d-----w C:\Program Files\MusicBrainz Picard
2008-05-25 17:53 --------- d-----w C:\Program Files\TABLET
2008-05-22 23:23 --------- d-----w C:\Program Files\Digsby
2008-05-18 21:30 --------- d-----w C:\Program Files\Grooveshark
2008-05-18 09:43 --------- d-----w C:\Program Files\iTunes
2008-05-18 02:36 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Move Networks
2008-05-16 00:28 --------- d-----w C:\Program Files\Macromedia
2008-05-15 08:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-14 18:41 --------- d-----w C:\Program Files\Windows Journal
2008-05-05 01:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-04 17:38 --------- d-----w C:\Documents and Settings\Administrator\Application Data\PCF-VLC
2008-04-30 16:48 94,840 ----a-w C:\WINDOWS\system32\drivers\EBoost.sys
2008-04-25 08:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DVDFab
2008-04-21 02:12 --------- d-----w C:\Program Files\Adobe Media Player
2008-04-20 19:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\NeroDigital™
2008-04-19 22:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:12 69,120 ----a-r C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 32,866 ------r C:\WINDOWS\slrundll.exe
2008-04-14 00:12 3,901 ------w C:\WINDOWS\system32\drivers\siint5.dll
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 224,256 ----a-r C:\WINDOWS\regedit.exe
2008-04-14 00:12 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 00:12 10,752 ----a-r C:\WINDOWS\hh.exe
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 18:45 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
.
------- Sigcheck -------
2005-03-01 18:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 04:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2007-02-28 04:15 2070656 87689a9c79481bd4a270fe28dafe3833 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2007-02-28 03:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2005-03-01 19:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB931784_0$\ntkrnlpa.exe
2008-04-13 13:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-13 13:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
2008-04-13 13:31 2077184 960e049ca92833ff30e52d47c265765f C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 13:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe
2005-03-01 20:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 04:55 2193408 43446d818df5f92824c306d0dd330a68 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2008-04-13 14:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-13 14:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
2008-04-13 14:27 2200320 41834c8ccf31d899669974acdb4b008a C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 14:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\system32\VITrans\ntoskrnl.exe
2007-06-13 05:23 1423360 7159508eebb8e80de73a0a48d581ed50 C:\WINDOWS\explorer.exe
2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 05:23 1423360 7159508eebb8e80de73a0a48d581ed50 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 07:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-13 19:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-13 19:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
2007-06-13 05:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F282C89-3BD3-4387-92D9-C76428B07E07}]
2008-03-18 13:18 156144 --a----t- C:\Program Files\Google\Update\1.1.25.0\GoopdateBho.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [2007-11-19 13:01 163840]
"blinkxgate"="C:\Program Files\Blinkx\blinkx.exe" [2008-04-28 20:19 167936]
"Windows Live FolderShare"="C:\Documents and Settings\Administrator\Local Settings\Application Data\FolderShare\FolderShare.exe" [2008-04-15 14:15 925728]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2007-08-17 19:10 159744]
"LClock"="C:\Program Files\LClock\LClock.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Boingo Wireless Software"="C:\Program Files\Boingo\Boingo Wireless Software\Boingo.exe" [2006-09-18 12:30 1144400]
"WD Button Manager"="WDBtnMgr.exe" [2008-05-19 00:12 339968 C:\WINDOWS\system32\WDBtnMgr.exe]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-25 17:17 29744]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"AirCardEnabler"="" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 03:18 437160]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2008-05-22 19:34:58 274432]
Suitcase 11.0.lnk - C:\WINDOWS\Installer\{4E920E20-CB94-45D3-9520-929FA61983D2}\_01D57C9244869186542E24.exe [2008-05-31 13:33:04 9062]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 2004-08-04 07:00 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 2002-08-29 05:41 11776 C:\WINDOWS\system32\tabbtnwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 2004-08-04 07:00 30208 C:\WINDOWS\system32\tpgwlnot.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-10-08 17:10 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"VIDC.dvh1"= smdvCodec.dll
"VIDC.dv25"= smdvCodec.dll
"VIDC.dv50"= smdvCodec.dll
"vidc.yv12"= yv12vfw.dll
"vidc.MP42"= MPG4c32..dll
"vidc.MP43"= MPG4c32..dll
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^hamachi.lnk]
backup=C:\WINDOWS\pss\hamachi.lnkStartup
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\hamachi.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Transparent Windows.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Transparent Windows.lnk
backup=C:\WINDOWS\pss\Transparent Windows.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=C:\WINDOWS\pss\Yahoo! Widgets.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Alias SketchBook Snapshot.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Alias SketchBook Snapshot.lnk
backup=C:\WINDOWS\pss\Alias SketchBook Snapshot.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eBoostr Control Panel.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eBoostr Control Panel.lnk
backup=C:\WINDOWS\pss\eBoostr Control Panel.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2006-06-13 05:20 127036 C:\WINDOWS\System32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty]
--a------ 2004-02-08 18:30 73728 C:\Program Files\Gateway\GWCares\GWCares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Leaf]
C:\Program Files\Leaf Networks\Leaf\bin\Leaf.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-07-25 16:06 2027792 C:\Program Files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]
-ra------ 2006-08-16 17:53 31232 C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0]
--a------ 2007-07-31 17:36 2037088 C:\Program Files\Norton Ghost\Agent\VProTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-05-20 05:13 188416 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sharkbyte]
--a------ 2008-04-18 18:37 380254 C:\Program Files\Grooveshark\sharkbyte.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 18:22 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-11-26 04:49 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
--a------ 2008-05-23 02:50 2079232 C:\Program Files\Vista Start Menu\VistaStartMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatcherHelper]
--a------ 2006-12-16 15:47 95776 C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=3 (0x3)
"McODS"=2 (0x2)
"McNASvc"=3 (0x3)
"mcmscsvc"=2 (0x2)
"Adobe Version Cue CS3"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe"
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Aptana\\Aptana IDE Beta\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\e frontier\\Poser 7\\Poser.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\xampplite\\mysql\\bin\\mysqld.exe"=
"C:\\Program Files\\TVersity\\Media Server\\TVersity.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Sierra Wireless Inc\\3G Watcher\\SwiApiMux.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero MediaHome\\NeroMediaHome.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero MediaHome\\NMMediaServer.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\xampplite\\apache\\bin\\apache.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Sony\\LocationFreePlayer\\LFPC3\\LFPC3.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\java.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
"C:\\Program Files\\Blinkx\\blinkx.exe"=
"C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"41952:TCP"= 41952:TCP:tv
R0 eBoost;eBoostr caching filter driver;C:\WINDOWS\system32\drivers\eBoost.sys [2008-04-30 11:48]
R2 Apache2.2;Apache2.2;"C:\xampplite\apache\bin\apache.exe" -k runservice []
R2 Boingo WMonitor;Boingo WMonitor;"C:\Program Files\Boingo\Boingo Wireless Software\WENGINE2\WMonitor.exe" [2006-09-06 17:42]
R2 ColdFusion 8 .NET Service;ColdFusion 8 .NET Service;C:\ColdFusion8\jnbridge\CF8DotNetsvc.exe [2007-10-09 00:00]
R2 ColdFusion 8 ODBC Server;ColdFusion 8 ODBC Server;C:\ColdFusion8\db\slserver54\bin\swstrtr.exe "ColdFusion 8 ODBC Server" []
R2 EBOOSTRSVC;eBoostr Service;"C:\Program Files\eBoostr\EBstrSvc.exe" [2008-04-30 11:48]
R3 FinePnt;FinePoint Innovations HID Driver;C:\WINDOWS\system32\DRIVERS\FpHidDrv.sys [2006-10-30 11:17]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 21:50]
R3 MSTabBtn;Quanta Computer Tablet PC Buttons HID Driver;C:\WINDOWS\system32\DRIVERS\MSTabBtn.sys [2007-03-09 10:40]
R3 PTSimBus;PenTablet Bus Enumerator;C:\WINDOWS\system32\DRIVERS\PTSimBus.sys [2007-06-07 17:16]
R3 swivsp;AC8xx Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\swivspnt.sys [2006-10-12 10:49]
S2 ColdFusion 8 Application Server;ColdFusion 8 Application Server;"C:\ColdFusion8\runtime\bin\jrunsvc.exe" [2007-07-11 12:36]
S2 ColdFusion 8 ODBC Agent;ColdFusion 8 ODBC Agent;C:\ColdFusion8\db\slserver54\bin\swagent.exe "ColdFusion 8 ODBC Agent" []
S2 gupdate;Google Update Service;"C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe" /svc /lang en []
S2 XAMPP;XAMPP Service;C:\xampplite\service.exe [2006-10-23 09:24]
S3 Boingo Wireless Engine;Boingo Wireless Engine;"C:\Program Files\Boingo\Boingo Wireless Software\WENGINE2\BWEngine.exe" [2006-09-06 17:42]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 07:10]
S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-25 17:17]
S3 leafnets;Leaf Networks Adapter;C:\WINDOWS\system32\DRIVERS\leafnets.sys [2007-05-02 18:48]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-21 20:35]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;C:\WINDOWS\system32\DRIVERS\PTSimHid.sys [2007-04-23 15:28]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2007-12-31 11:01]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);C:\WINDOWS\system32\drivers\WPRO_40_1123.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\SETUP.EXE
\Shell\configure\command - F:\SETUP.EXE
\Shell\install\command - F:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\Autoplay.exe -auto
.
Contents of the 'Scheduled Tasks' folder
"2008-05-13 02:14:24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-18 23:36:48 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1192742903.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-06-11 06:47:54 C:\WINDOWS\Tasks\GoogleUpdateTask.job"
- C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe
"2008-05-15 06:23:42 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-01 06:00:43 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-06-11 16:50:42 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 04:35:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySql]
"ImagePath"="C:/xampplite/mysql/bin/mysqld-nt.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySql]
"ImagePath"="C:/xampplite/mysql/bin/mysqld-nt.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\wisptis.exe
C:\WINDOWS\system32\tabbtnu.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\tcserver.exe
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Extensis\Extensis Suitcase 11\Suitcase.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\ColdFusion8\jnbridge\JNBDotNetSide.exe
C:\ColdFusion8\db\slserver54\bin\swsoc.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\xampplite\mysql\bin\mysqld-nt.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\drivers\WTSrv.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
.
**************************************************************************
.
Completion time: 2008-06-12 5:35:52 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-06-12 10:35:18
Pre-Run: 27,614,621,696 bytes free
Post-Run: 27,391,213,568 bytes free
567 --- E O F --- 2008-06-11 22:41:36