PDA

View Full Version : win32.tdss.rtk -no i-net, dev drives/disabled


beani
2009-08-12, 22:05
Upon startup desktop icons show, mouse moves, can open folders on desktop, though NO taskbar. Also my wireless connection has been disabled by the bug, or some other one. I have an external hard drive that has been connected to the pc infected, but it's not recognized. i am on my pc upstairs and not sure how to fix the issue without infecting this one.


any idea on how to fix i-net so troubleshooting will be easier?
i use SSaD often, but alas, have not updated for a couple months
i also have TR (Trojan Remover) http://www.simplysup.com

neither of them seen to fix it.

anyways, i need help!:oops:
thanks in advance,
beani
2009-08-13, 18:27
maybe this will help?

here is a list of what spybot detects:

Win32.TDSS.rtk

(SBI $7247D553) File
C:\WINDOWS\system32\drivers\UACffyxpedrmn.sys

(SBI $33BC16BB) File
C:\WINDOWS\system32\UACdgkqkajqlp.dll


here is a list of what processes are running on startup:

taskmgr.exe
nvsvc32.exe
NICServ.exe
jqs.exe
wlMonitor.exe
TeaTimer.exe
ctfmon.exe
msnmsgr.exe
lsass.exe
services.exe
winlogon.exe
csrss.exe
rundll32.exe
winampa.exe
RTHDCPL.EXE
smss.exe
explorer.exe
System
System Idle Process SYSTEM

thanks again!
beani
2009-08-14, 00:04
Update:
set up a small home network in hopes that i could run hijackthis, etc...
this bug is nasty, i can see the network, connect, and even choose files to share, except the infected computer refuses to see any of it... :-(

i did however realize, that i can access my external harddrive, no infected files found on it's sole scan, so should i use it to gather programs/ updates etc for my infected pc?

thanks again
Blade81
2009-08-16, 09:56
Hi,

Before you use the external drive let's run disinfector against it first.

1. Download Flash_Disinfector (http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe) and save it to your Desktop of your clean system.
2. After downloading, double-click on Flash_Disinfector to run it.
3. Just follow the prompts and continue until it begin scanning.
4. If asked to insert your flash drive or any removable device including USB Pen Drive and Memory Stick, please do so.
5. It will scan removable drives, wait for the scan to finish. Done.

After that you may get the tools. Let's use these:

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.


Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.
beani
2009-08-16, 21:30
here is dds.txt



DDS (Ver_09-07-30.01) - NTFSx86
Run by John Doe at 0:14:53.35 on Sun 08/16/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {6c350dfc-885f-4296-82e3-6428dd982099} - c:\windows\system32\wvUnNgFy.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [net] "c:\windows\system32\net.net"
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
Notify: wvUnNgFy - wvUnNgFy.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: {6c350dfc-885f-4296-82e3-6428dd982099} - c:\windows\system32\wvUnNgFy.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\johndo~1\applic~1\mozilla\firefox\profiles\g8ttv7fh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\documents and settings\john doe\application data\mozilla\firefox\profiles\g8ttv7fh.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\john doe\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\john doe\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-08-11 12:12 1,334 a------- c:\windows\wininit.ini
2009-08-10 11:16 144,896 a------- c:\windows\msa.exe
2009-08-10 11:16 207,364 a------- c:\windows\system32\msxml71.dll
2009-08-10 11:16 36,864 a------- c:\windows\system32\net.net
2009-08-10 11:05 1,234,550 a------- c:\windows\system32\xa.tmp
2009-08-09 00:28 <DIR> --d----- c:\program files\IZArc
2009-08-07 23:11 <DIR> --d----- C:\ILLUSION
2009-08-07 23:02 <DIR> --d----- c:\windows\system32\URTTemp
2009-07-24 02:46 34,304 a------- c:\windows\system32\wvUnNgFy.dll
2009-07-24 02:46 34,304 a------- c:\windows\system32\rqRLdApq.dll
2009-07-24 02:32 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-07-24 02:21 <DIR> --d----- c:\windows\system32\DirectX
2009-07-24 02:21 <DIR> --d----- c:\windows\Logs
2009-07-24 02:21 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-07-24 02:21 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-07-24 02:00 <DIR> --d----- c:\program files\Deep Silver
2009-07-24 02:00 <DIR> --d----- c:\windows\system32\AGEIA
2009-07-24 01:59 <DIR> --d----- c:\docume~1\johndo~1\applic~1\DAEMON Tools Pro
2009-07-24 01:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-07-24 01:04 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-07-24 01:04 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-07-24 01:01 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-07-24 01:01 <DIR> --d----- c:\docume~1\johndo~1\applic~1\DAEMON Tools Lite
2009-07-23 03:46 67 a------- c:\windows\lz_scm.ini
2009-07-22 11:00 97,792 a------- c:\windows\system32\drivers\ACEDRV05.sys
2009-07-22 10:44 221,184 a------- c:\windows\system32\wmpns.dll
2009-07-21 09:13 <DIR> --d----- c:\program files\Ascaron Entertainment

==================== Find3M ====================

2009-07-25 08:21 98,304 a------- c:\windows\DUMP76e5.tmp
2009-07-01 17:55 90,112 a------- c:\windows\DUMP853d.tmp
2009-06-27 08:14 2,048 a------- c:\windows\system32\Tr_sttool.dat
2009-06-06 09:38 692,224 a------- c:\windows\system32\bsrmgcv.dll
2009-06-06 09:38 192,512 a------- c:\windows\system32\bsrmgps.dll
2009-06-06 09:38 585,728 a------- c:\windows\system32\bsratswf.dll
2009-06-06 09:38 147,456 a------- c:\windows\system32\bsratwmv.dll

============= FINISH: 0:15:13.46 ===============
beani
2009-08-16, 21:33
here is attach.txt



==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
Adobe Shockwave Player 11.5
Advertisement Service
AGEIA PhysX v7.11.13
ArcSoft VideoImpression 2
Artificial Girl 3
BitLord 1.1
BSR Screen Recorder 4
Choice Guard
Comcast High-Speed Internet Install Wizard
DAEMON Tools Toolbar
DivX Web Player
Google Chrome
Google Update Helper
HAKO
HP Webcam
IZArc 4.0 beta 1
Java(TM) 6 Update 13
K-Lite Codec Pack 4.7.5 (Basic)
Linksys Wireless Network Monitor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Visual C++ 2005 Redistributable
Move Media Player
Mozilla Firefox (3.0.13)
MSVCRT
NVIDIA Drivers
Realtek High Definition Audio Driver
Sacred 2
Sacred Underworld
Segoe UI
Spybot - Search & Destroy
Trojan Remover 6.7.4
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Virtual Audio Cable 4.9
VLC media player 0.9.9
Winamp
Windows Driver Package - usbvm326 (usbvm328) Image (10/12/2006 326.1.061012.07)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
World of Warcraft

==== End Of File ===========================
beani
2009-08-16, 21:37
finally gmer:


GMER 1.0.15.15020 [kt2w8ip6.exe] - http://www.gmer.net
Rootkit scan 2009-08-16 00:20:45
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

INT 0x62 ? 86F6DBF8
INT 0x63 ? 86F6DBF8
INT 0x73 ? 86F6DBF8
INT 0x73 ? 86F6DBF8
INT 0x73 ? 86CD6BF8
INT 0x73 ? 86F6DBF8
INT 0xA4 ? 86CD6BF8

Code 86DEF950 ZwEnumerateKey
Code 86DEFE98 ZwFlushInstructionCache
Code 86EB6926 IofCallDriver
Code 86E952C6 IofCompleteRequest
Code 86DF08AD ZwSaveKey
Code 86DF08E5 ZwSaveKeyEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE0F6 5 Bytes JMP 86EB692B
.text ntkrnlpa.exe!IofCompleteRequest 804EE186 5 Bytes JMP 86E952CB
.text ntkrnlpa.exe!ZwSaveKey 804FE5BC 5 Bytes JMP 86DF08B2
.text ntkrnlpa.exe!ZwSaveKeyEx 804FE5D0 5 Bytes JMP 86DF08EA
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805AAEDE 5 Bytes JMP 86DEFE9C
PAGE ntkrnlpa.exe!ZwEnumerateKey 80619A6E 5 Bytes JMP 86DEF954
? spkt.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F6AD78AC 5 Bytes JMP 86CD61D8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7310042] spkt.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F731013E] spkt.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73100C0] spkt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7310800] spkt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73106D6] spkt.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F731FE9C] spkt.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86F6C1F8
Device \FileSystem\Fastfat \FatCdrom 86CC51F8
Device \Driver\usbohci \Device\USBPDO-0 86D8A1F8
Device \Driver\PCI_PNP4124 \Device\00000044 spkt.sys
Device \Driver\usbehci \Device\USBPDO-1 86D861F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86FDC1F8
Device \Driver\dmio \Device\DmControl\DmConfig 86FDC1F8
Device \Driver\dmio \Device\DmControl\DmPnP 86FDC1F8
Device \Driver\dmio \Device\DmControl\DmInfo 86FDC1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F6E1F8
Device \Driver\usbstor \Device\00000071 86C8E1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F6E1F8
Device \Driver\usbstor \Device\00000072 86C8E1F8
Device \Driver\sptd \Device\1781309124 spkt.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86F6D1F8
Device \Driver\atapi \Device\Ide\IdePort0 86F6D1F8
Device \Driver\atapi \Device\Ide\IdePort1 86F6D1F8
Device \Driver\atapi \Device\Ide\IdePort2 86F6D1F8
Device \Driver\atapi \Device\Ide\IdePort3 86F6D1F8
Device \Driver\atapi \Device\Ide\IdePort4 86F6D1F8
Device \Driver\atapi \Device\Ide\IdePort5 86F6D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 86F6D1F8
Device \Driver\usbstor \Device\00000073 86C8E1F8
Device \Driver\usbstor \Device\00000074 86C8E1F8
Device \Driver\usbstor \Device\00000075 86C8E1F8
Device \Driver\usbstor \Device\00000076 86C8E1F8
Device \Driver\usbstor \Device\00000077 86C8E1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86C6F500
Device \Driver\NetBT \Device\NetbiosSmb 86C6F500
Device \Driver\NetBT \Device\NetBT_Tcpip_{308B033B-1977-4BA5-AE09-8DA5616DE3F2} 86C6F500
Device \Driver\NetBT \Device\NetBT_Tcpip_{83301772-3304-4022-B6F4-A6771E84E3DE} 86C6F500
Device \Driver\usbohci \Device\USBFDO-0 86D8A1F8
Device \Driver\usbehci \Device\USBFDO-1 86D861F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86182500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86182500
Device \Driver\Ftdisk \Device\FtControl 86F6E1F8
Device \Driver\axiek8ez \Device\Scsi\axiek8ez1 86DF1500
Device \Driver\axiek8ez \Device\Scsi\axiek8ez1Port6Path0Target0Lun0 86DF1500
Device \FileSystem\Fastfat \Fat 86CC51F8
Device \FileSystem\Cdfs \Cdfs 8616A500

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\UACffyxpedrmn.sys (*** hidden *** )
Blade81
2009-08-16, 21:38
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitLord


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


After that:


Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode

On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer



Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
beani
2009-08-16, 21:39
cntd:


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8A 0xFB 0x21 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFA 0xEF 0x08 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x87 0x5D 0x1B 0xA1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACffyxpedrmn.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACffyxpedrmn.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACdgkqkajqtp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8A 0xFB 0x21 0xFD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFA 0xEF 0x08 0xF3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x87 0x5D 0x1B 0xA1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACffyxpedrmn.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACffyxpedrmn.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACdgkqkajqtp.dll
Reg HKLM\SOFTWARE\Classes\{FC5B8A24-DB05-4A01-8388-22EDF6C2BBBA}
Reg HKLM\SOFTWARE\Classes\{FC5B8A24-DB05-4A01-8388-22EDF6C2BBBA}@ Bidi Spooler APIs
Reg HKLM\SOFTWARE\Classes\{FC5B8A24-DB05-4A01-8388-22EDF6C2BBBA}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FC5B8A24-DB05-4A01-8388-22EDF6C2BBBA}\InprocServer32@ C:\WINDOWS\system32\bidispl.dll
Reg HKLM\SOFTWARE\Classes\{FC5B8A24-DB05-4A01-8388-22EDF6C2BBBA}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FC5B8A24-DB05-4A01-8388-22EDF6C2BBBA}\ProgID
Reg HKLM\SOFTWARE\Classes\{FC5B8A24-DB05-4A01-8388-22EDF6C2BBBA}\ProgID@ bidispl.bidirequestcontainer.1
Reg HKLM\SOFTWARE\Classes\{FC5B8A24-DB05-4A01-8388-22EDF6C2BBBA}\VersionIndependentProgID
Reg HKLM\SOFTWARE\Classes\{FC5B8A24-DB05-4A01-8388-22EDF6C2BBBA}\VersionIndependentProgID@ bidispl.bidirequestcontainer
Reg HKLM\SOFTWARE\Classes\{FC715823-C5FB-11D1-9EEF-00A0C90347FF}
Reg HKLM\SOFTWARE\Classes\{FC715823-C5FB-11D1-9EEF-00A0C90347FF}@ Internet Explorer Maintenance
Reg HKLM\SOFTWARE\Classes\{FC715823-C5FB-11D1-9EEF-00A0C90347FF}\InProcServer32
Reg HKLM\SOFTWARE\Classes\{FC715823-C5FB-11D1-9EEF-00A0C90347FF}\InProcServer32@ C:\WINDOWS\system32\ieaksie.dll
Reg HKLM\SOFTWARE\Classes\{fcbf906f-4080-11d1-a3ac-00c04fb950dc}
Reg HKLM\SOFTWARE\Classes\{fcbf906f-4080-11d1-a3ac-00c04fb950dc}@ ADs BackLink Object
Reg HKLM\SOFTWARE\Classes\{fcbf906f-4080-11d1-a3ac-00c04fb950dc}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{fcbf906f-4080-11d1-a3ac-00c04fb950dc}\InprocServer32@ adsnds.dll
Reg HKLM\SOFTWARE\Classes\{fcbf906f-4080-11d1-a3ac-00c04fb950dc}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{fcbf906f-4080-11d1-a3ac-00c04fb950dc}\ProgID
Reg HKLM\SOFTWARE\Classes\{fcbf906f-4080-11d1-a3ac-00c04fb950dc}\ProgID@ BackLink
Reg HKLM\SOFTWARE\Classes\{fcbf906f-4080-11d1-a3ac-00c04fb950dc}\TypeLib
Reg HKLM\SOFTWARE\Classes\{fcbf906f-4080-11d1-a3ac-00c04fb950dc}\TypeLib@ {97d25db0-0363-11cf-abc4-02608c9e7553}
Reg HKLM\SOFTWARE\Classes\{fcbf906f-4080-11d1-a3ac-00c04fb950dc}\Version
Reg HKLM\SOFTWARE\Classes\{fcbf906f-4080-11d1-a3ac-00c04fb950dc}\Version@ 0.0
Reg HKLM\SOFTWARE\Classes\{FCC152B7-F372-11D0-8E00-00C04FD7C08B}
Reg HKLM\SOFTWARE\Classes\{FCC152B7-F372-11D0-8E00-00C04FD7C08B}@ DVD Graph Builder
Reg HKLM\SOFTWARE\Classes\{FCC152B7-F372-11D0-8E00-00C04FD7C08B}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FCC152B7-F372-11D0-8E00-00C04FD7C08B}\InprocServer32@ C:\WINDOWS\system32\qdvd.dll
Reg HKLM\SOFTWARE\Classes\{FCC152B7-F372-11D0-8E00-00C04FD7C08B}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD0A5AF3-B41D-11d2-9C95-00C04F7971E0}
Reg HKLM\SOFTWARE\Classes\{FD0A5AF3-B41D-11d2-9C95-00C04F7971E0}@ BDA Device Control Plug-in
Reg HKLM\SOFTWARE\Classes\{FD0A5AF3-B41D-11d2-9C95-00C04F7971E0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD0A5AF3-B41D-11d2-9C95-00C04F7971E0}\InprocServer32@ BdaPlgin.ax
Reg HKLM\SOFTWARE\Classes\{FD0A5AF3-B41D-11d2-9C95-00C04F7971E0}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}
Reg HKLM\SOFTWARE\Classes\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}@ Microsoft WBEM NT Eventlog Instance Provider
Reg HKLM\SOFTWARE\Classes\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}\InprocServer32@ C:\WINDOWS\system32\wbem\ntevt.dll
Reg HKLM\SOFTWARE\Classes\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}\NotInsertable
Reg HKLM\SOFTWARE\Classes\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}\ProgID
Reg HKLM\SOFTWARE\Classes\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}\ProgID@ WBEM.NT.EVENTLOG.INSTANCE.PROVIDER.0
Reg HKLM\SOFTWARE\Classes\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}\VersionIndependentProgID
Reg HKLM\SOFTWARE\Classes\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}\VersionIndependentProgID@ WBEM.NT.EVENTLOG.INSTANCE.PROVIDER
Reg HKLM\SOFTWARE\Classes\{fd589b7c-7ce0-11d3-b9e5-00c04f79e399}
Reg HKLM\SOFTWARE\Classes\{fd589b7c-7ce0-11d3-b9e5-00c04f79e399}@ System Restore Wrapper
Reg HKLM\SOFTWARE\Classes\{fd589b7c-7ce0-11d3-b9e5-00c04f79e399}\LocalServer32
Reg HKLM\SOFTWARE\Classes\{fd589b7c-7ce0-11d3-b9e5-00c04f79e399}\LocalServer32@ C:\WINDOWS\system32\Restore\rstrui.exe
Reg HKLM\SOFTWARE\Classes\{fd589b7c-7ce0-11d3-b9e5-00c04f79e399}\Programmable
Reg HKLM\SOFTWARE\Classes\{fd589b7c-7ce0-11d3-b9e5-00c04f79e399}\TypeLib
Reg HKLM\SOFTWARE\Classes\{fd589b7c-7ce0-11d3-b9e5-00c04f79e399}\TypeLib@ {B545857A-1D0E-11d3-B9C7-00C04F79E399}
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}@ Microsoft.Aspnet.Snapin.AspNetManagementUtility.2
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}@AppId {B2725CF7-D66F-4A99-8D4A-8EC9478C337A}
beani
2009-08-16, 21:40
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\Implemented Categories
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}@
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\InprocServer32@RuntimeVersion v2.0.50727
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\InprocServer32@Assembly AspNetMMCExt, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\InprocServer32@Class Microsoft.Aspnet.Snapin.AspNetManagementUtility
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\InprocServer32@ mscoree.dll
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\InprocServer32\2.0.0.0
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\InprocServer32\2.0.0.0@RuntimeVersion v2.0.50727
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\InprocServer32\2.0.0.0@Assembly AspNetMMCExt, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\InprocServer32\2.0.0.0@Class Microsoft.Aspnet.Snapin.AspNetManagementUtility
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\ProgId
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\ProgId@ Microsoft.Aspnet.Snapin.AspNetManagementUtility.2
Reg HKLM\SOFTWARE\Classes\{FD78D554-4C6E-11D0-970D-00A0C9191601}
Reg HKLM\SOFTWARE\Classes\{FD78D554-4C6E-11D0-970D-00A0C9191601}@ DiskManagement.Connection
Reg HKLM\SOFTWARE\Classes\{FD78D554-4C6E-11D0-970D-00A0C9191601}\InProcServer32
Reg HKLM\SOFTWARE\Classes\{FD78D554-4C6E-11D0-970D-00A0C9191601}\InProcServer32@ %SystemRoot%\System32\dmdskmgr.dll
Reg HKLM\SOFTWARE\Classes\{FD78D554-4C6E-11D0-970D-00A0C9191601}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\{FD78D554-4C6E-11D0-970D-00A0C9191601}\ProgID
Reg HKLM\SOFTWARE\Classes\{FD78D554-4C6E-11D0-970D-00A0C9191601}\ProgID@ DiskManagement.Connection
Reg HKLM\SOFTWARE\Classes\{FD853CD9-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CD9-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IMimeInternational
Reg HKLM\SOFTWARE\Classes\{FD853CD9-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CD9-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CD9-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CD9-7F86-11d0-8252-00C04FD85AB4}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FD853CD9-7F86-11d0-8252-00C04FD85AB4}\TypeLib@ {E4B28371-83B0-11d0-8259-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CDB-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CDB-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IMimeBody
Reg HKLM\SOFTWARE\Classes\{FD853CDB-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CDB-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CDB-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CDB-7F86-11d0-8252-00C04FD85AB4}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FD853CDB-7F86-11d0-8252-00C04FD85AB4}\TypeLib@ {E4B28371-83B0-11d0-8259-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CDC-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CDC-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IMimeMessageParts
Reg HKLM\SOFTWARE\Classes\{FD853CDC-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CDC-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CDC-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CDC-7F86-11d0-8252-00C04FD85AB4}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FD853CDC-7F86-11d0-8252-00C04FD85AB4}\TypeLib@ {E4B28371-83B0-11d0-8259-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CDD-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CDD-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IMimeAllocator
Reg HKLM\SOFTWARE\Classes\{FD853CDD-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CDD-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CDD-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CDD-7F86-11d0-8252-00C04FD85AB4}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FD853CDD-7F86-11d0-8252-00C04FD85AB4}\TypeLib@ {E4B28371-83B0-11d0-8259-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CDE-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CDE-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IMimeSecurity
Reg HKLM\SOFTWARE\Classes\{FD853CDE-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CDE-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CDE-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CDE-7F86-11d0-8252-00C04FD85AB4}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FD853CDE-7F86-11d0-8252-00C04FD85AB4}\TypeLib@ {E4B28371-83B0-11d0-8259-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CDF-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CDF-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IVirtualStream
Reg HKLM\SOFTWARE\Classes\{FD853CDF-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CDF-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CDF-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CDF-7F86-11d0-8252-00C04FD85AB4}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FD853CDF-7F86-11d0-8252-00C04FD85AB4}\TypeLib@ {E4B28371-83B0-11d0-8259-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE0-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE0-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IMimeHeaderTable
Reg HKLM\SOFTWARE\Classes\{FD853CE0-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CE0-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CE0-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CE0-7F86-11d0-8252-00C04FD85AB4}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FD853CE0-7F86-11d0-8252-00C04FD85AB4}\TypeLib@ {E4B28371-83B0-11d0-8259-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE1-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE1-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IMimePropertySet
Reg HKLM\SOFTWARE\Classes\{FD853CE1-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CE1-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CE1-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CE1-7F86-11d0-8252-00C04FD85AB4}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FD853CE1-7F86-11d0-8252-00C04FD85AB4}\TypeLib@ {E4B28371-83B0-11d0-8259-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE2-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE2-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IMimeMessageTree
Reg HKLM\SOFTWARE\Classes\{FD853CE2-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CE2-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CE2-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CE2-7F86-11d0-8252-00C04FD85AB4}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FD853CE2-7F86-11d0-8252-00C04FD85AB4}\TypeLib@ {E4B28371-83B0-11d0-8259-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE3-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE3-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IMimeMessage
Reg HKLM\SOFTWARE\Classes\{FD853CE3-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CE3-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CE3-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CE3-7F86-11d0-8252-00C04FD85AB4}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FD853CE3-7F86-11d0-8252-00C04FD85AB4}\TypeLib@ {E4B28371-83B0-11d0-8259-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE6-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE6-7F86-11d0-8252-00C04FD85AB4}@ CLSID_ISMTPTransport
Reg HKLM\SOFTWARE\Classes\{FD853CE6-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CE6-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CE6-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CE7-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE7-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IPOP3Transport
Reg HKLM\SOFTWARE\Classes\{FD853CE7-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CE7-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CE7-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CE8-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE8-7F86-11d0-8252-00C04FD85AB4}@ CLSID_INNTPTransport
Reg HKLM\SOFTWARE\Classes\{FD853CE8-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CE8-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CE8-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CE9-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE9-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IRASTransport
Reg HKLM\SOFTWARE\Classes\{FD853CE9-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CE9-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CE9-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CEA-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CEA-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IRangeList
Reg HKLM\SOFTWARE\Classes\{FD853CEA-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CEA-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CEA-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CEB-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CEB-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IIMAPTransport
Reg HKLM\SOFTWARE\Classes\{FD853CEB-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CEB-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CEB-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CED-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CED-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IMimePropertySchema
Reg HKLM\SOFTWARE\Classes\{FD853CED-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CED-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CED-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CED-7F86-11d0-8252-00C04FD85AB4}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FD853CED-7F86-11d0-8252-00C04FD85AB4}\TypeLib@ {E4B28371-83B0-11d0-8259-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}@ System.Runtime.Remoting.Lifetime.ClientSponsor
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\Implemented Categories
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}@
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32@ mscoree.dll
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32@Class System.Runtime.Remoting.Lifetime.ClientSponsor
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32\1.0.5000.0
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32\1.0.5000.0@Class System.Runtime.Remoting.Lifetime.ClientSponsor
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32\1.0.5000.0@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32\1.0.5000.0@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32\2.0.0.0
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32\2.0.0.0@RuntimeVersion v2.0.50727
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32\2.0.0.0@Assembly mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32\2.0.0.0@Class System.Runtime.Remoting.Lifetime.ClientSponsor
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\ProgId
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\ProgId@ System.Runtime.Remoting.Lifetime.ClientSponsor
beani
2009-08-16, 21:41
Reg HKLM\SOFTWARE\Classes\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}
Reg HKLM\SOFTWARE\Classes\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}@ Microsoft OrganizationUnit Extension
Reg HKLM\SOFTWARE\Classes\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\InprocServer32@ adsmsext.dll
Reg HKLM\SOFTWARE\Classes\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\ProgID
Reg HKLM\SOFTWARE\Classes\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\ProgID@ MSExtOrganizationUnit
Reg HKLM\SOFTWARE\Classes\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\TypeLib
Reg HKLM\SOFTWARE\Classes\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\TypeLib@ {97d25db0-0363-11cf-abc4-02608c9e7553}
Reg HKLM\SOFTWARE\Classes\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\Version
Reg HKLM\SOFTWARE\Classes\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\Version@ 0.0
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}@ System.Runtime.InteropServices.OutAttribute
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\Implemented Categories
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}@
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32@ mscoree.dll
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32@Class System.Runtime.InteropServices.OutAttribute
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32\1.0.5000.0
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32\1.0.5000.0@Class System.Runtime.InteropServices.OutAttribute
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32\1.0.5000.0@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32\1.0.5000.0@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32\2.0.0.0
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32\2.0.0.0@RuntimeVersion v2.0.50727
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32\2.0.0.0@Assembly mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32\2.0.0.0@Class System.Runtime.InteropServices.OutAttribute
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\ProgId
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\ProgId@ System.Runtime.InteropServices.OutAttribute
Reg HKLM\SOFTWARE\Classes\{FDD384CC-78C6-4E6D-8694-1DACBEE57F96}
Reg HKLM\SOFTWARE\Classes\{FDD384CC-78C6-4E6D-8694-1DACBEE57F96}@ PSFactoryBuffer
Reg HKLM\SOFTWARE\Classes\{FDD384CC-78C6-4E6D-8694-1DACBEE57F96}\InProcServer32
Reg HKLM\SOFTWARE\Classes\{FDD384CC-78C6-4E6D-8694-1DACBEE57F96}\InProcServer32@ C:\WINDOWS\system32\hnetcfg.dll
Reg HKLM\SOFTWARE\Classes\{FDD384CC-78C6-4E6D-8694-1DACBEE57F96}\InProcServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FDE424F3-AA10-471D-8A0A-6875C17B5914}
Reg HKLM\SOFTWARE\Classes\{FDE424F3-AA10-471D-8A0A-6875C17B5914}@ MSSOAP.DLL SoapReader class
Reg HKLM\SOFTWARE\Classes\{FDE424F3-AA10-471D-8A0A-6875C17B5914}\InProcServer32
Reg HKLM\SOFTWARE\Classes\{FDE424F3-AA10-471D-8A0A-6875C17B5914}\InProcServer32@ C:\Program Files\Common Files\MSSoap\Binaries\mssoap1.dll
Reg HKLM\SOFTWARE\Classes\{FDE424F3-AA10-471D-8A0A-6875C17B5914}\InProcServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FDE424F3-AA10-471D-8A0A-6875C17B5914}\ProgID
Reg HKLM\SOFTWARE\Classes\{FDE424F3-AA10-471D-8A0A-6875C17B5914}\ProgID@ MSSOAP.SoapReader.1
Reg HKLM\SOFTWARE\Classes\{FDE424F3-AA10-471D-8A0A-6875C17B5914}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FDE424F3-AA10-471D-8A0A-6875C17B5914}\TypeLib@ {C65657D9-5C4B-421E-8DA6-AD4D590FE854}
Reg HKLM\SOFTWARE\Classes\{FDE424F3-AA10-471D-8A0A-6875C17B5914}\VersionIndependentProgID
Reg HKLM\SOFTWARE\Classes\{FDE424F3-AA10-471D-8A0A-6875C17B5914}\VersionIndependentProgID@ MSSOAP.SoapReader
Reg HKLM\SOFTWARE\Classes\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}
Reg HKLM\SOFTWARE\Classes\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}@ IE Custom MRU AutoCompleted List
Reg HKLM\SOFTWARE\Classes\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}\InProcServer32
Reg HKLM\SOFTWARE\Classes\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}\InProcServer32@ C:\WINDOWS\system32\ieframe.dll
Reg HKLM\SOFTWARE\Classes\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}@ System.Security.Cryptography.SHA1Managed
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\Implemented Categories
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}@
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32@ mscoree.dll
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32@Class System.Security.Cryptography.SHA1Managed
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32\1.0.5000.0
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32\1.0.5000.0@Class System.Security.Cryptography.SHA1Managed
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32\1.0.5000.0@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32\1.0.5000.0@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32\2.0.0.0
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32\2.0.0.0@RuntimeVersion v2.0.50727
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32\2.0.0.0@Assembly mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32\2.0.0.0@Class System.Security.Cryptography.SHA1Managed
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\ProgId
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\ProgId@ System.Security.Cryptography.SHA1Managed
Reg HKLM\SOFTWARE\Classes\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}
Reg HKLM\SOFTWARE\Classes\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}@ QT Decompressor
Reg HKLM\SOFTWARE\Classes\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}\InprocServer32@ C:\WINDOWS\system32\quartz.dll
Reg HKLM\SOFTWARE\Classes\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}@ Directory
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllContainers
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllContainers\shellex
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllContainers\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllContainers\shellex\ContextMenuHandlers\{0D45D530-764B-11d0-A1CA-00AA00C16E65}
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllContainers\shellex\ContextMenuHandlers\{0D45D530-764B-11d0-A1CA-00AA00C16E65}@ {0D45D530-764B-11d0-A1CA-00AA00C16E65}
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllContainers\shellex\PropertySheetHandlers
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllContainers\shellex\PropertySheetHandlers\{0D45D530-764B-11d0-A1CA-00AA00C16E65}
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllContainers\shellex\PropertySheetHandlers\{0D45D530-764B-11d0-A1CA-00AA00C16E65}@ {0D45D530-764B-11d0-A1CA-00AA00C16E65}
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllObjects
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllObjects\shellex
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllObjects\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllObjects\shellex\ContextMenuHandlers\{0D45D530-764B-11d0-A1CA-00AA00C16E65}
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllObjects\shellex\ContextMenuHandlers\{0D45D530-764B-11d0-A1CA-00AA00C16E65}@ {0D45D530-764B-11d0-A1CA-00AA00C16E65}
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllObjects\shellex\PropertySheetHandlers
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllObjects\shellex\PropertySheetHandlers\{0D45D530-764B-11d0-A1CA-00AA00C16E65}
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllObjects\shellex\PropertySheetHandlers\{0D45D530-764B-11d0-A1CA-00AA00C16E65}@ {0D45D530-764B-11d0-A1CA-00AA00C16E65}
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\Classes
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\Classes@
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\Classes\printQueue
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\Classes\printQueue@PropertiesHandler {77597368-7b15-11d0-a0c2-080036af3f03}
Reg HKLM\SOFTWARE\Classes\{FE12CD81-5158-4bd8-A37C-A621BC0E143B}
Reg HKLM\SOFTWARE\Classes\{FE12CD81-5158-4bd8-A37C-A621BC0E143B}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FE12CD81-5158-4bd8-A37C-A621BC0E143B}\InprocServer32@ C:\WINDOWS\system32\catsrvut.dll
Reg HKLM\SOFTWARE\Classes\{FE12CD81-5158-4bd8-A37C-A621BC0E143B}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}@ CddbPL2Timestamp Class
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}\InprocServer32@ C:\Program Files\Winamp\Plugins\Gracenote\CddbPlaylist2Winamp.dll
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}\ProgID
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}\ProgID@ CddbPlaylist2NSWinamp.CddbPL2Timestamp.1
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}\Programmable
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}\TypeLib
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}\TypeLib@ {7919d0ca-3043-4c02-b778-ab2bf4931f58}
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}\VersionIndependentProgID
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}\VersionIndependentProgID@ CddbPlaylist2NSWinamp.CddbPL2Timestamp
Reg HKLM\SOFTWARE\Classes\{FE6B11C3-C72E-4061-86C6-9D163121F229}
Reg HKLM\SOFTWARE\Classes\{FE6B11C3-C72E-4061-86C6-9D163121F229}@ Microsoft Feeds Manager
Reg HKLM\SOFTWARE\Classes\{FE6B11C3-C72E-4061-86C6-9D163121F229}\InProcServer32
Reg HKLM\SOFTWARE\Classes\{FE6B11C3-C72E-4061-86C6-9D163121F229}\InProcServer32@ C:\WINDOWS\system32\msfeeds.dll
Reg HKLM\SOFTWARE\Classes\{FE6B11C3-C72E-4061-86C6-9D163121F229}\InProcServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FE883157-CEBD-4570-B7A2-E4FE06ABE626}
Reg HKLM\SOFTWARE\Classes\{FE883157-CEBD-4570-B7A2-E4FE06ABE626}@ WSecEdit RSOP Security Settings Class
Reg HKLM\SOFTWARE\Classes\{FE883157-CEBD-4570-B7A2-E4FE06ABE626}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FE883157-CEBD-4570-B7A2-E4FE06ABE626}\InprocServer32@ C:\WINDOWS\system32\wsecedit.dll
Reg HKLM\SOFTWARE\Classes\{FE883157-CEBD-4570-B7A2-E4FE06ABE626}\InprocServer32@ThreadingModel both
Reg HKLM\SOFTWARE\Classes\{FE883157-CEBD-4570-B7A2-E4FE06ABE626}\ProgID
Reg HKLM\SOFTWARE\Classes\{FE883157-CEBD-4570-B7A2-E4FE06ABE626}\ProgID@ Wsecedit.RSOP.1
Reg HKLM\SOFTWARE\Classes\{FE883157-CEBD-4570-B7A2-E4FE06ABE626}\VersionIndependentProgID
Reg HKLM\SOFTWARE\Classes\{FE883157-CEBD-4570-B7A2-E4FE06ABE626}\VersionIndependentProgID@ Wsecedit.RSOP
Reg HKLM\SOFTWARE\Classes\{FE9AF5C0-D3B6-11CE-A5B6-00AA00680C3F}
Reg HKLM\SOFTWARE\Classes\{FE9AF5C0-D3B6-11CE-A5B6-00AA00680C3F}@ WBEM Registry Instance Provider
Reg HKLM\SOFTWARE\Classes\{FE9AF5C0-D3B6-11CE-A5B6-00AA00680C3F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FE9AF5C0-D3B6-11CE-A5B6-00AA00680C3F}\InprocServer32@ C:\WINDOWS\system32\wbem\stdprov.dll
Reg HKLM\SOFTWARE\Classes\{FE9AF5C0-D3B6-11CE-A5B6-00AA00680C3F}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FEA4300C-7959-4147-B26A-2377B9E7A91D}
Reg HKLM\SOFTWARE\Classes\{FEA4300C-7959-4147-B26A-2377B9E7A91D}@ DirectSoundFullDuplex Object
Reg HKLM\SOFTWARE\Classes\{FEA4300C-7959-4147-B26A-2377B9E7A91D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FEA4300C-7959-4147-B26A-2377B9E7A91D}\InprocServer32@ dsound.dll
Reg HKLM\SOFTWARE\Classes\{FEA4300C-7959-4147-B26A-2377B9E7A91D}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FEB50740-7BEF-11CE-9BD9-0000E202599C}
Reg HKLM\SOFTWARE\Classes\{FEB50740-7BEF-11CE-9BD9-0000E202599C}@ MPEG Video Codec
Reg HKLM\SOFTWARE\Classes\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32@ C:\WINDOWS\system32\quartz.dll
Reg HKLM\SOFTWARE\Classes\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{fecd606e-7161-4cbc-a868-4703867823ea}
Reg HKLM\SOFTWARE\Classes\{fecd606e-7161-4cbc-a868-4703867823ea}@ WMDM Transcode Property Page
Reg HKLM\SOFTWARE\Classes\{fecd606e-7161-4cbc-a868-4703867823ea}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{fecd606e-7161-4cbc-a868-4703867823ea}\InprocServer32@ C:\WINDOWS\system32\wmp.dll
Reg HKLM\SOFTWARE\Classes\{fecd606e-7161-4cbc-a868-4703867823ea}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}@ Microsoft.Aspnet.Snapin.PropertyPageExtension
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\Implemented Categories
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}@
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\InprocServer32@RuntimeVersion v2.0.50727
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\InprocServer32@Assembly AspNetMMCExt, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\InprocServer32@Class Microsoft.Aspnet.Snapin.PropertyPageExtension
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\InprocServer32@ mscoree.dll
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\InprocServer32\2.0.0.0
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\InprocServer32\2.0.0.0@RuntimeVersion v2.0.50727
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\InprocServer32\2.0.0.0@Assembly AspNetMMCExt, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\InprocServer32\2.0.0.0@Class Microsoft.Aspnet.Snapin.PropertyPageExtension
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\ProgId
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\ProgId@ Microsoft.Aspnet.Snapin.PropertyPageExtension
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F1-AA28-5CDA35A2B36D}
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F1-AA28-5CDA35A2B36D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F1-AA28-5CDA35A2B36D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F1-AA28-5CDA35A2B36D}\InprocServer32@ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
Reg HKLM\SOFTWARE\Classes\{FEF10DED-355E-4e06-9381-9B24D7F7CC88}
Reg HKLM\SOFTWARE\Classes\{FEF10DED-355E-4e06-9381-9B24D7F7CC88}@ CompositeFolder
Reg HKLM\SOFTWARE\Classes\{FEF10DED-355E-4e06-9381-9B24D7F7CC88}\InProcServer32
Reg HKLM\SOFTWARE\Classes\{FEF10DED-355E-4e06-9381-9B24D7F7CC88}\InProcServer32@ %SystemRoot%\system32\SHELL32.dll
Reg HKLM\SOFTWARE\Classes\{FEF10DED-355E-4e06-9381-9B24D7F7CC88}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\{FEF10FA2-355E-4e06-9381-9B24D7F7CC88}
Reg HKLM\SOFTWARE\Classes\{FEF10FA2-355E-4e06-9381-9B24D7F7CC88}@
Reg HKLM\SOFTWARE\Classes\{FEF10FA2-355E-4e06-9381-9B24D7F7CC88}\InProcServer32
Reg HKLM\SOFTWARE\Classes\{FEF10FA2-355E-4e06-9381-9B24D7F7CC88}\InProcServer32@ %SystemRoot%\system32\SHELL32.dll
Reg HKLM\SOFTWARE\Classes\{FEF10FA2-355E-4e06-9381-9B24D7F7CC88}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\{FF151822-B0BF-11D1-A80D-000000000000}
Reg HKLM\SOFTWARE\Classes\{FF151822-B0BF-11D1-A80D-000000000000}@ Microsoft OLE DB Root Binder for Internet Publishing
Reg HKLM\SOFTWARE\Classes\{FF151822-B0BF-11D1-A80D-000000000000}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FF151822-B0BF-11D1-A80D-000000000000}\InprocServer32@ C:\Program Files\Common Files\System\Ole DB\oledb32.dll
Reg HKLM\SOFTWARE\Classes\{FF151822-B0BF-11D1-A80D-000000000000}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FF151822-B0BF-11D1-A80D-000000000000}\OLE DB Binder
Reg HKLM\SOFTWARE\Classes\{FF151822-B0BF-11D1-A80D-000000000000}\OLE DB Binder@ Microsoft OLE DB Root Binder
Reg HKLM\SOFTWARE\Classes\{FF151822-B0BF-11D1-A80D-000000000000}\ProgID
Reg HKLM\SOFTWARE\Classes\{FF151822-B0BF-11D1-A80D-000000000000}\ProgID@ MSDAURL.Binder.1
Reg HKLM\SOFTWARE\Classes\{FF151822-B0BF-11D1-A80D-000000000000}\VersionIndependentProgID
Reg HKLM\SOFTWARE\Classes\{FF151822-B0BF-11D1-A80D-000000000000}\VersionIndependentProgID@ MSDAURL.Binder
Reg HKLM\SOFTWARE\Classes\{FF37A93C-C28E-11D1-AEB6-00C04FB68820}
Reg HKLM\SOFTWARE\Classes\{FF37A93C-C28E-11D1-AEB6-00C04FB68820}@ WBEM NT5 Base Perf Provider
Reg HKLM\SOFTWARE\Classes\{FF37A93C-C28E-11D1-AEB6-00C04FB68820}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FF37A93C-C28E-11D1-AEB6-00C04FB68820}\InprocServer32@ %systemroot%\system32\wbem\wbemperf.dll
Reg HKLM\SOFTWARE\Classes\{FF37A93C-C28E-11D1-AEB6-00C04FB68820}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FF393560-C2A7-11CF-BFF4-444553540000}
Reg HKLM\SOFTWARE\Classes\{FF393560-C2A7-11CF-BFF4-444553540000}@ History
Reg HKLM\SOFTWARE\Classes\{FF393560-C2A7-11CF-BFF4-444553540000}\DefaultIcon
Reg HKLM\SOFTWARE\Classes\{FF393560-C2A7-11CF-BFF4-444553540000}\DefaultIcon@ C:\WINDOWS\system32\ieframe.dll,-20785
Reg HKLM\SOFTWARE\Classes\{FF393560-C2A7-11CF-BFF4-444553540000}\InProcServer32
Reg HKLM\SOFTWARE\Classes\{FF393560-C2A7-11CF-BFF4-444553540000}\InProcServer32@ C:\WINDOWS\system32\ieframe.dll
Reg HKLM\SOFTWARE\Classes\{FF393560-C2A7-11CF-BFF4-444553540000}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\{FF393560-C2A7-11CF-BFF4-444553540000}\ShellFolder
Reg HKLM\SOFTWARE\Classes\{FF393560-C2A7-11CF-BFF4-444553540000}\ShellFolder@Attributes -1610612732
Reg HKLM\SOFTWARE\Classes\{FFB699E0-306A-11d3-8BD1-00104B6F7516}
Reg HKLM\SOFTWARE\Classes\{FFB699E0-306A-11d3-8BD1-00104B6F7516}@ NVIDIA CPL Extension
Reg HKLM\SOFTWARE\Classes\{FFB699E0-306A-11d3-8BD1-00104B6F7516}\InProcServer32
Reg HKLM\SOFTWARE\Classes\{FFB699E0-306A-11d3-8BD1-00104B6F7516}\InProcServer32@ C:\WINDOWS\system32\nvcpl.dll
Reg HKLM\SOFTWARE\Classes\{FFB699E0-306A-11d3-8BD1-00104B6F7516}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
Reg HKLM\SOFTWARE\Classes\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}@ ShellExecute HW Event Handler
Reg HKLM\SOFTWARE\Classes\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}@AppID {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
Reg HKLM\SOFTWARE\Classes\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\LocalServer32
Reg HKLM\SOFTWARE\Classes\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\LocalServer32@ rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
Reg HKLM\SOFTWARE\Classes\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\ProgID
Reg HKLM\SOFTWARE\Classes\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\ProgID@ Shell.HWEventHandlerShellExecute.1
Reg HKLM\SOFTWARE\Classes\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\VersionIndependentProgID
Reg HKLM\SOFTWARE\Classes\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\VersionIndependentProgID@ Shell.HWEventHandlerShellExecute
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}@ System.ThreadStaticAttribute
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\Implemented Categories
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}@
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32@ mscoree.dll
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32@Class System.ThreadStaticAttribute
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32\1.0.5000.0
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32\1.0.5000.0@Class System.ThreadStaticAttribute
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32\1.0.5000.0@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32\1.0.5000.0@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32\2.0.0.0
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32\2.0.0.0@RuntimeVersion v2.0.50727
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32\2.0.0.0@Assembly mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32\2.0.0.0@Class System.ThreadStaticAttribute
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\ProgId
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\ProgId@ System.ThreadStaticAttribute
Reg HKLM\SOFTWARE\Classes\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}
Reg HKLM\SOFTWARE\Classes\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}@ XML Feed Moniker
Reg HKLM\SOFTWARE\Classes\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}\InProcServer32
Reg HKLM\SOFTWARE\Classes\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}\InProcServer32@ C:\WINDOWS\system32\ieframe.dll
Reg HKLM\SOFTWARE\Classes\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\{FFFCC670-5CD4-4C09-952C-F53F46C2B1A7}
Reg HKLM\SOFTWARE\Classes\{FFFCC670-5CD4-4C09-952C-F53F46C2B1A7}@ ffdshow Video Decoder ffproc
Reg HKLM\SOFTWARE\Classes\{FFFCC670-5CD4-4C09-952C-F53F46C2B1A7}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FFFCC670-5CD4-4C09-952C-F53F46C2B1A7}\InprocServer32@ C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
Reg HKLM\SOFTWARE\Classes\{FFFCC670-5CD4-4C09-952C-F53F46C2B1A7}\InprocServer32@ThreadingModel Both
beani
2009-08-16, 21:41
---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-12344c7a-n\4f710eed-12344c7a 5593 bytes
File C:\Documents and Settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-12344c7a-n\4f710eed-12344c7a-n 0 bytes
File C:\Documents and Settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-12344c7a-n\4f710eed-12344c7a-n\gluegen-rt.dll 20480 bytes executable
File C:\Documents and Settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-12344c7a-n\4f710eed-12344c7a.idx 10763 bytes

---- EOF - GMER 1.0.15 ----




thanks for your help!
Blade81
2009-08-16, 21:43
Next instructions are in post #8 (http://forums.spybot.info/showpost.php?p=329185&postcount=8) :)
beani
2009-08-16, 22:35
ComboFix 09-08-10.06 - John Doe 08/16/2009 1:09.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.746 [GMT -7:00]
Running from: k:\security\ComboFix.exe
* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\msa.exe
c:\windows\run.log
c:\windows\system32\drivers\MSIVXuiwwqaaewiieyrnbjouacxqbxtrivhav.sys.vir
c:\windows\system32\drivers\UACffyxpedrmn.sys
c:\windows\system32\msconfig.exe
c:\windows\system32\MSIVXcount
c:\windows\system32\msxml71.dll
c:\windows\system32\net.net
c:\windows\system32\rqRLdApq.dll
c:\windows\system32\UACdgkqkajqtp.dll
c:\windows\system32\wvUnNgFy.dll


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 )))))))))))))))))))))))))))))))
.

2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\system32\wbem\snmp
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\system32\xircom
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\srchasst
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\program files\microsoft frontpage
2009-08-09 07:28 . 2009-08-09 07:29 -------- d-----w- c:\program files\IZArc
2009-08-08 06:11 . 2009-08-08 12:08 -------- d-----w- C:\ILLUSION
2009-08-08 06:02 . 2009-08-08 06:04 -------- d-----w- c:\windows\system32\URTTemp
2009-07-24 09:48 . 2009-07-24 09:48 -------- d-----w- c:\documents and settings\John Doe\Local Settings\Application Data\Ascaron Entertainment
2009-07-24 09:32 . 2009-07-24 09:32 -------- d--h--r- c:\documents and settings\John Doe\Application Data\SecuROM
2009-07-24 09:32 . 2009-07-24 09:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-24 09:21 . 2009-07-24 09:21 -------- d-----w- c:\windows\Logs
2009-07-24 09:21 . 2009-07-24 09:21 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-24 09:21 . 2009-07-24 09:21 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\program files\Deep Silver
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\windows\system32\AGEIA
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-24 08:59 . 2009-07-24 08:59 -------- d-----w- c:\documents and settings\John Doe\Application Data\DAEMON Tools Pro
2009-07-24 08:05 . 2009-07-24 08:05 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite
2009-07-24 08:04 . 2009-07-24 08:04 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-24 08:04 . 2009-07-24 08:04 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-24 08:01 . 2009-07-24 08:01 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-24 08:01 . 2009-07-24 08:05 -------- d-----w- c:\documents and settings\John Doe\Application Data\DAEMON Tools Lite
2009-07-22 18:00 . 2009-07-22 18:00 97792 ----a-w- c:\windows\system32\drivers\ACEDRV05.sys
2009-07-22 17:47 . 2009-07-22 17:47 -------- d-----w- c:\documents and settings\Karma\Local Settings\Application Data\Mozilla
2009-07-21 16:13 . 2009-07-21 16:13 -------- d-----w- c:\program files\Ascaron Entertainment
2009-07-17 10:20 . 2009-08-02 21:20 -------- d-----w- c:\documents and settings\John Doe\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 08:03 . 2009-04-17 09:45 -------- d-----w- c:\program files\BitLord
2009-08-13 07:52 . 2009-05-19 16:55 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-08-11 18:57 . 2009-06-09 10:00 -------- d-----w- c:\program files\Trojan Remover
2009-08-10 18:05 . 2009-08-10 18:05 1234550 ----a-w- c:\windows\system32\xa.tmp
2009-08-08 12:08 . 2009-04-16 22:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 10:55 . 2009-04-21 21:22 10808 ----a-w- c:\documents and settings\John Doe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-25 15:21 . 2009-04-17 09:15 98304 ----a-w- c:\windows\DUMP76e5.tmp
2009-07-24 09:00 . 2009-04-16 22:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 17:47 . 2009-04-17 19:36 -------- d-----w- c:\documents and settings\John Doe\Application Data\Move Networks
2009-07-02 00:55 . 2009-04-17 09:15 90112 ----a-w- c:\windows\DUMP853d.tmp
2009-06-27 15:14 . 2009-06-06 16:38 2048 ----a-w- c:\windows\system32\Tr_sttool.dat
2009-06-18 18:12 . 2009-04-17 18:14 -------- d-----w- c:\program files\DivX
2009-06-09 08:47 . 2009-06-09 08:47 40576 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
2009-06-06 16:38 . 2009-06-06 16:38 692224 ----a-w- c:\windows\system32\bsrmgcv.dll
2009-06-06 16:38 . 2009-06-06 16:38 192512 ----a-w- c:\windows\system32\bsrmgps.dll
2009-06-06 16:38 . 2009-06-06 16:38 585728 ----a-w- c:\windows\system32\bsratswf.dll
2009-06-06 16:38 . 2009-06-06 16:38 147456 ----a-w- c:\windows\system32\bsratwmv.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2007-07-24 20:09 360704 A11391BE25035570AE4B8970920F2C74 c:\windows\system32\drivers\tcpip.sys





c:\windows\system32\drivers\beep.sys ... is missing !!
c:\windows\system32\msgsvc.dll ... is missing !!
c:\windows\system32\wscntfy.exe ... is missing !!
c:\windows\system32\ntmssvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-18 148888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-06-09 1059720]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-27 17567744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-07-22 124928]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Linksys Wireless Network Monitor.lnk - c:\program files\Linksys\WUSBF54G\wlMonitor.exe [2009-6-14 3205632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=

R2 NICSer_WUSBF54G;NICSer_WUSBF54G;c:\program files\Linksys\WUSBF54G\NICServ.exe [6/14/2009 1:06 PM 529920]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [6/9/2009 1:47 AM 40576]
R3 ZD1211U(Linksys);Linksys Wireless-G USB Network Adapter Driver(Linksys);c:\windows\system32\drivers\ZD1211U.sys [6/14/2009 1:06 PM 278528]
S2 FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;c:\docume~1\JOHNDO~1\LOCALS~1\Temp\IXP001.TMP\FAH.exe -svcstart --> c:\docume~1\JOHNDO~1\LOCALS~1\Temp\IXP001.TMP\FAH.exe -svcstart [?]
S2 gupdate1c9bf8863d9adfc;Google Update Service (gupdate1c9bf8863d9adfc);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 11:14 AM 133104]
S3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [5/5/2009 9:18 AM 219648]
S3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [5/5/2009 9:19 AM 475264]

NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
wuauserv
ShellHWDetection
WmdmPmSN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-net - c:\windows\system32\net.net


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\docume~1\JOHNDO~1\APPLIC~1\Mozilla\Firefox\Profiles\g8ttv7fh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\g8ttv7fh.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\John Doe\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\John Doe\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-16 01:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-725345543-73586283-2147019285-1001\Software\SecuROM\License information*]
"datasecu"=hex:d6,69,a9,ab,f9,d8,98,45,66,82,74,9d,ad,9f,a8,42,86,c8,5b,16,9d,
dc,32,d7,a3,87,86,f8,ef,84,28,4c,1b,c0,de,e2,89,80,2b,f8,8a,ec,a7,a0,1c,d8,\
"rkeysecu"=hex:69,47,ec,71,f6,de,af,cf,2b,90,e4,90,fe,0e,c4,20
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2228)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-08-16 1:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-16 08:16

Pre-Run: 49,829,949,440 bytes free
Post-Run: 49,824,899,072 bytes free

220
beani
2009-08-16, 22:36
DDS (Ver_09-07-30.01) - NTFSx86
Run by John Doe at 1:19:31.32 on Sun 08/16/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.698 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\WUSBF54G\NICServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
K:\Security\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\linksy~1.lnk - c:\program files\linksys\wusbf54g\wlMonitor.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\johndo~1\applic~1\mozilla\firefox\profiles\g8ttv7fh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\documents and settings\john doe\application data\mozilla\firefox\profiles\g8ttv7fh.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\john doe\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\john doe\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 NICSer_WUSBF54G;NICSer_WUSBF54G;c:\program files\linksys\wusbf54g\NICServ.exe [2009-6-14 529920]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2009-6-9 40576]
R3 ZD1211U(Linksys);Linksys Wireless-G USB Network Adapter Driver(Linksys);c:\windows\system32\drivers\ZD1211U.sys [2009-6-14 278528]
S2 FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;c:\docume~1\johndo~1\locals~1\temp\ixp001.tmp\fah.exe -svcstart --> c:\docume~1\johndo~1\locals~1\temp\ixp001.tmp\FAH.exe -svcstart [?]
S2 gupdate1c9bf8863d9adfc;Google Update Service (gupdate1c9bf8863d9adfc);c:\program files\google\update\GoogleUpdate.exe [2009-4-17 133104]
S3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [2009-5-5 219648]
S3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [2009-5-5 475264]

=============== Created Last 30 ================

2009-08-16 01:15 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-08-16 01:13 <DIR> --d----- c:\windows\system32\wbem\snmp
2009-08-16 01:13 <DIR> --d----- c:\windows\system32\xircom
2009-08-16 01:13 <DIR> --d----- c:\windows\system32\ime
2009-08-16 01:13 <DIR> --d----- c:\windows\srchasst
2009-08-16 01:13 <DIR> --d----- c:\program files\msn gaming zone
2009-08-16 01:13 <DIR> --d----- c:\program files\common files\speechengines
2009-08-16 01:04 216,064 a------- c:\windows\PEV.exe
2009-08-16 01:04 161,792 a------- c:\windows\SWREG.exe
2009-08-16 01:04 98,816 a------- c:\windows\sed.exe
2009-08-11 12:12 1,334 a------- c:\windows\wininit.ini
2009-08-10 11:05 1,234,550 a------- c:\windows\system32\xa.tmp
2009-08-09 00:28 <DIR> --d----- c:\program files\IZArc
2009-08-07 23:11 <DIR> --d----- C:\ILLUSION
2009-08-07 23:02 <DIR> --d----- c:\windows\system32\URTTemp
2009-07-24 02:32 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-07-24 02:21 <DIR> --d----- c:\windows\system32\DirectX
2009-07-24 02:21 <DIR> --d----- c:\windows\Logs
2009-07-24 02:21 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-07-24 02:21 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-07-24 02:00 <DIR> --d----- c:\program files\Deep Silver
2009-07-24 02:00 <DIR> --d----- c:\windows\system32\AGEIA
2009-07-24 01:59 <DIR> --d----- c:\docume~1\johndo~1\applic~1\DAEMON Tools Pro
2009-07-24 01:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-07-24 01:04 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-07-24 01:04 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-07-24 01:01 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-07-24 01:01 <DIR> --d----- c:\docume~1\johndo~1\applic~1\DAEMON Tools Lite
2009-07-23 03:46 67 a------- c:\windows\lz_scm.ini
2009-07-22 11:00 97,792 a------- c:\windows\system32\drivers\ACEDRV05.sys
2009-07-22 10:44 221,184 a------- c:\windows\system32\wmpns.dll
2009-07-21 09:13 <DIR> --d----- c:\program files\Ascaron Entertainment

==================== Find3M ====================

2009-07-25 08:21 98,304 a------- c:\windows\DUMP76e5.tmp
2009-07-01 17:55 90,112 a------- c:\windows\DUMP853d.tmp
2009-06-27 08:14 2,048 a------- c:\windows\system32\Tr_sttool.dat
2009-06-06 09:38 692,224 a------- c:\windows\system32\bsrmgcv.dll
2009-06-06 09:38 192,512 a------- c:\windows\system32\bsrmgps.dll
2009-06-06 09:38 585,728 a------- c:\windows\system32\bsratswf.dll
2009-06-06 09:38 147,456 a------- c:\windows\system32\bsratwmv.dll

============= FINISH: 1:19:43.81 ===============
beani
2009-08-16, 23:02
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/16/2009 9:29:45 AM
System Uptime: 8/16/2009 1:13:11 AM (0 hours ago)

Motherboard: ASUSTek Computer INC. | | NAGAMI2
Processor: AMD Athlon(tm) 64 Processor 3700+ | Socket 939 | 2204/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 46.426 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
K: is FIXED (FAT32) - 466 GiB total, 323.633 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\AWY0001\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\C3D52F11D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\C3D52F11D800
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&180DF4C5&0&01
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&180DF4C5&0&01
Service: NVENETFD

==== System Restore Points ===================

RP103: 8/16/2009 1:08:28 AM - ComboFix created restore point

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
Adobe Shockwave Player 11.5
AGEIA PhysX v7.11.13
ArcSoft VideoImpression 2
Artificial Girl 3
BSR Screen Recorder 4
Choice Guard
Comcast High-Speed Internet Install Wizard
DAEMON Tools Toolbar
DivX Web Player
Google Chrome
Google Update Helper
HAKO
HP Webcam
IZArc 4.0 beta 1
Java(TM) 6 Update 13
K-Lite Codec Pack 4.7.5 (Basic)
Linksys Wireless Network Monitor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Visual C++ 2005 Redistributable
Move Media Player
Mozilla Firefox (3.0.13)
MSVCRT
NVIDIA Drivers
Realtek High Definition Audio Driver
Sacred 2
Sacred Underworld
Segoe UI
Spybot - Search & Destroy
Trojan Remover 6.7.4
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Virtual Audio Cable 4.9
VLC media player 0.9.9
Winamp
Windows Driver Package - usbvm326 (usbvm328) Image (10/12/2006 326.1.061012.07)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
World of Warcraft

==== Event Viewer Messages From Past Week ========

8/16/2009 1:15:13 AM, error: Service Control Manager [7000] - The wscsvc service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
8/16/2009 1:09:00 AM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
8/16/2009 1:09:00 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
8/16/2009 1:09:00 AM, error: Service Control Manager [7000] - The helpsvc service failed to start due to the following error: The system cannot find the file specified.
8/16/2009 1:09:00 AM, error: Service Control Manager [7000] - The FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe service failed to start due to the following error: The system cannot find the path specified.
8/16/2009 1:07:57 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0014BFBE82FD. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
8/13/2009 1:28:27 AM, error: Sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
8/10/2009 11:16:30 AM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
8/10/2009 11:16:30 AM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

==== End Of File ===========================


Uninstalled BitLord, kept the associated folders (downloads etc.)...
Ran Combofix
Ran DDS
Rebooted,
Taskbar is back!

Now what?

Thanks,
Blade81
2009-08-17, 18:01
Uninstalled BitLord, kept the associated folders (downloads etc.)...
Hi,

You have to delete c:\program files\BitLord folder too.


Upload c:\windows\system32\xa.tmp file to http://www.virustotal.com and post back the results or a link to the results.



Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:filefind
c:\windows\system32\drivers\beep.sys
c:\windows\system32\msgsvc.dll
c:\windows\system32\wscntfy.exe
c:\windows\system32\ntmssvc.dll


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Please download and extract XPSP2 netsvcs (http://download.bleepingcomputer.com/sUBs/Beta/XPSP2_netsvcs.zip) file. Then double-click on it to merge it into the registry.




Open notepad and copy/paste the text in the quotebox below into it:



DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Uninstall old Adobe Reader versions and get the latest one (9.1 + separate updates 9.1.2 and 9.1.3 for it) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).


Check here (http://www.adobe.com/software/flash/about/) to see if your Flash is up-to-date. If not, uninstall vulnerable versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 16 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).


Post back its report, a fresh dds.txt log and other above requested logs/reports.
beani
2009-08-17, 22:56
1) deleted \bitlord folder

2) uploaded c:\windows\system32\xa.tmp just said:
0 bytes size received / Se ha recibido un archivo vacio

3) ran systemlook:

SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 01:33 on 17/08/2009 by John Doe (Administrator - Elevation successful)

========== filefind ==========

Searching for "c:\windows\system32\drivers\beep.sys"
No files found.

Searching for "c:\windows\system32\msgsvc.dll"
No files found.

Searching for "c:\windows\system32\wscntfy.exe"
No files found.

Searching for "c:\windows\system32\ntmssvc.dll"
No files found.

-=End Of File=-


4) extracted XPSP2_netsvcs.zip sucessfully

5) ComboFix w/ script:

ComboFix 09-08-10.06 - John Doe 08/17/2009 1:42.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.614 [GMT -7:00]
Running from: k:\security\ComboFix.exe
Command switches used :: c:\documents and settings\John Doe\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))))))))
.

2009-08-16 10:46 . 2009-08-16 10:46 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-16 10:46 . 2009-02-16 07:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-08-16 10:46 . 2009-02-16 07:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-08-16 10:46 . 2009-08-16 10:46 -------- d-----w- c:\windows\system32\ZoneLabs
2009-08-16 10:46 . 2009-08-16 10:46 -------- d-----w- c:\program files\Zone Labs
2009-08-16 10:46 . 2009-02-16 07:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-08-16 10:45 . 2009-08-17 08:43 -------- d-----w- c:\windows\Internet Logs
2009-08-16 10:36 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-16 10:36 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-16 10:36 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-16 10:36 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-16 10:36 . 2009-08-16 10:36 -------- d-----w- c:\program files\Avira
2009-08-16 10:36 . 2009-08-16 10:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Avira
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\system32\wbem\snmp
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\system32\xircom
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\srchasst
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\program files\microsoft frontpage
2009-08-09 07:28 . 2009-08-09 07:29 -------- d-----w- c:\program files\IZArc
2009-08-08 06:11 . 2009-08-08 12:08 -------- d-----w- C:\ILLUSION
2009-08-08 06:02 . 2009-08-08 06:04 -------- d-----w- c:\windows\system32\URTTemp
2009-07-24 09:48 . 2009-07-24 09:48 -------- d-----w- c:\documents and settings\John Doe\Local Settings\Application Data\Ascaron Entertainment
2009-07-24 09:32 . 2009-07-24 09:32 -------- d--h--r- c:\documents and settings\John Doe\Application Data\SecuROM
2009-07-24 09:32 . 2009-07-24 09:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-24 09:21 . 2009-07-24 09:21 -------- d-----w- c:\windows\Logs
2009-07-24 09:21 . 2009-07-24 09:21 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-24 09:21 . 2009-07-24 09:21 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\program files\Deep Silver
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\windows\system32\AGEIA
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-24 08:59 . 2009-07-24 08:59 -------- d-----w- c:\documents and settings\John Doe\Application Data\DAEMON Tools Pro
2009-07-24 08:05 . 2009-07-24 08:05 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite
2009-07-24 08:04 . 2009-07-24 08:04 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-24 08:04 . 2009-07-24 08:04 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-24 08:01 . 2009-07-24 08:01 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-24 08:01 . 2009-07-24 08:05 -------- d-----w- c:\documents and settings\John Doe\Application Data\DAEMON Tools Lite
2009-07-22 18:00 . 2009-07-22 18:00 97792 ----a-w- c:\windows\system32\drivers\ACEDRV05.sys
2009-07-22 17:47 . 2009-07-22 17:47 -------- d-----w- c:\documents and settings\Karma\Local Settings\Application Data\Mozilla
2009-07-21 16:13 . 2009-07-21 16:13 -------- d-----w- c:\program files\Ascaron Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 10:09 . 2009-06-09 10:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-13 07:52 . 2009-05-19 16:55 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-08-11 18:57 . 2009-06-09 10:00 -------- d-----w- c:\program files\Trojan Remover
2009-08-08 12:08 . 2009-04-16 22:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 10:55 . 2009-04-21 21:22 10808 ----a-w- c:\documents and settings\John Doe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-25 15:21 . 2009-04-17 09:15 98304 ----a-w- c:\windows\DUMP76e5.tmp
2009-07-24 09:00 . 2009-04-16 22:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 17:47 . 2009-04-17 19:36 -------- d-----w- c:\documents and settings\John Doe\Application Data\Move Networks
2009-07-02 00:55 . 2009-04-17 09:15 90112 ----a-w- c:\windows\DUMP853d.tmp
2009-06-27 15:14 . 2009-06-06 16:38 2048 ----a-w- c:\windows\system32\Tr_sttool.dat
2009-06-18 18:12 . 2009-04-17 18:14 -------- d-----w- c:\program files\DivX
2009-06-09 08:47 . 2009-06-09 08:47 40576 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
2009-06-06 16:38 . 2009-06-06 16:38 692224 ----a-w- c:\windows\system32\bsrmgcv.dll
2009-06-06 16:38 . 2009-06-06 16:38 192512 ----a-w- c:\windows\system32\bsrmgps.dll
2009-06-06 16:38 . 2009-06-06 16:38 585728 ----a-w- c:\windows\system32\bsratswf.dll
2009-06-06 16:38 . 2009-06-06 16:38 147456 ----a-w- c:\windows\system32\bsratwmv.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2007-07-24 20:09 360704 A11391BE25035570AE4B8970920F2C74 c:\windows\system32\drivers\tcpip.sys





c:\windows\system32\drivers\beep.sys ... is missing !!
c:\windows\system32\msgsvc.dll ... is missing !!
c:\windows\system32\wscntfy.exe ... is missing !!
c:\windows\system32\ntmssvc.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-08-16_08.14.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 09:19 . 2007-11-07 09:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 13:07 . 2008-07-29 13:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 13:07 . 2008-07-29 13:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-08-16 16:43 . 2009-08-16 16:43 16384 c:\windows\Temp\Perflib_Perfdata_80.dat
+ 2009-08-16 10:46 . 2009-02-16 07:10 97672 c:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2009-08-16 10:46 . 2008-11-17 09:24 51688 c:\windows\system32\ZoneLabs\srescan.sys
+ 2009-08-16 10:46 . 2009-02-16 07:10 94088 c:\windows\system32\ZoneLabs\lib\zvpn.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 20360 c:\windows\system32\ZoneLabs\lib\zsys.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 59272 c:\windows\system32\ZoneLabs\lib\zpdp.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 14216 c:\windows\system32\ZoneLabs\lib\zmenu.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 24968 c:\windows\system32\ZoneLabs\lib\zic.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 84872 c:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 34696 c:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 17800 c:\windows\system32\ZoneLabs\lib\oem_1466.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 10120 c:\windows\system32\ZoneLabs\lib\oem_1454.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 10632 c:\windows\system32\ZoneLabs\lib\oem_1445.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 13704 c:\windows\system32\ZoneLabs\lib\oem_1440.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 11656 c:\windows\system32\ZoneLabs\lib\oem_1413.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 11144 c:\windows\system32\ZoneLabs\lib\oem_1010.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 29576 c:\windows\system32\ZoneLabs\lib\NavBar.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 12168 c:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 35720 c:\windows\system32\ZoneLabs\lib\Alert.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 38280 c:\windows\system32\ZoneLabs\featuremap.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 98184 c:\windows\system32\ZoneLabs\fbl.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 74632 c:\windows\system32\ZoneLabs\camupd.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 35208 c:\windows\system32\vswmi.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 58248 c:\windows\system32\vsregexp.dll
- 2009-04-16 21:52 . 2009-04-16 21:52 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-04-16 21:52 . 2009-08-16 15:20 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-08-16 10:36 . 2009-05-11 17:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2009-08-16 10:45 . 2009-08-16 10:45 62464 c:\windows\Installer\8bb047.msi
+ 2009-08-16 10:46 . 2009-02-16 07:10 9608 c:\windows\system32\ZoneLabs\lib\oem_1460.zip.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 10:54 . 2008-07-29 10:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 12:23 . 2008-07-29 12:23 626688 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcr90.dll
+ 2008-07-29 12:23 . 2008-07-29 12:23 856576 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcp90.dll
+ 2008-07-29 10:51 . 2008-07-29 10:51 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcm90.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 108424 c:\windows\system32\ZoneLabs\zlupdate.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 302472 c:\windows\system32\ZoneLabs\zlsre.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 178568 c:\windows\system32\ZoneLabs\zlparser.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 172936 c:\windows\system32\ZoneLabs\vsvault.dll
+ 2009-08-16 10:45 . 2009-02-16 07:10 108424 c:\windows\system32\ZoneLabs\vsdb.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 176520 c:\windows\system32\ZoneLabs\updclient.exe
+ 2009-08-16 10:46 . 2007-10-11 23:51 832984 c:\windows\system32\ZoneLabs\updating.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 431496 c:\windows\system32\ZoneLabs\ssleay32.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 134536 c:\windows\system32\ZoneLabs\scheduler.dll
+ 2009-08-16 10:46 . 2008-11-17 09:23 796128 c:\windows\system32\ZoneLabs\qrsrecl.dll
+ 2009-08-16 10:46 . 2008-11-17 09:23 722400 c:\windows\system32\ZoneLabs\qrbase.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 118664 c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 151944 c:\windows\system32\ZoneLabs\lib\ztv.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 188808 c:\windows\system32\ZoneLabs\lib\Overview.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 344968 c:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 136584 c:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 344456 c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2009-08-16 10:45 . 2009-02-05 01:27 548128 c:\windows\system32\ZoneLabs\icslta.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 159112 c:\windows\system32\ZoneLabs\httpblocker.dll
+ 2009-08-16 10:46 . 2008-03-17 23:52 813568 c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 109960 c:\windows\system32\vsxml.dll
+ 2009-08-16 10:45 . 2009-02-16 07:10 482184 c:\windows\system32\vsutil.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 309128 c:\windows\system32\vspubapi.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 107912 c:\windows\system32\vsmonapi.dll
+ 2009-08-16 10:45 . 2009-02-16 07:10 229256 c:\windows\system32\vsinit.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 353672 c:\windows\system32\vsdatant.sys
+ 2009-08-16 10:45 . 2009-02-16 07:10 110472 c:\windows\system32\vsdata.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-08-16 10:35 . 2009-08-16 10:35 228352 c:\windows\Installer\823b6e.msi
+ 2008-07-29 15:05 . 2008-07-29 15:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 1648520 c:\windows\system32\ZoneLabs\vsruledb.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 2402184 c:\windows\system32\ZoneLabs\vsmon.exe
+ 2009-08-16 10:46 . 2008-11-17 09:23 1512928 c:\windows\system32\ZoneLabs\srescan.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 1536392 c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-08-16 10:46 . 2008-12-15 08:11 10465257 c:\windows\system32\ZoneLabs\zlasdbup.dat
+ 2009-08-16 10:46 . 2008-12-15 08:11 10465257 c:\windows\system32\ZoneLabs\spyware.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-18 148888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-06-09 1059720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-27 17567744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-07-22 124928]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Linksys Wireless Network Monitor.lnk - c:\program files\Linksys\WUSBF54G\wlMonitor.exe [2009-6-14 3205632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/16/2009 3:36 AM 108289]
R2 NICSer_WUSBF54G;NICSer_WUSBF54G;c:\program files\Linksys\WUSBF54G\NICServ.exe [6/14/2009 1:06 PM 529920]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [6/9/2009 1:47 AM 40576]
R3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [5/5/2009 9:18 AM 219648]
R3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [5/5/2009 9:19 AM 475264]
R3 ZD1211U(Linksys);Linksys Wireless-G USB Network Adapter Driver(Linksys);c:\windows\system32\drivers\ZD1211U.sys [6/14/2009 1:06 PM 278528]
S2 FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;c:\docume~1\JOHNDO~1\LOCALS~1\Temp\IXP001.TMP\FAH.exe -svcstart --> c:\docume~1\JOHNDO~1\LOCALS~1\Temp\IXP001.TMP\FAH.exe -svcstart [?]
S2 gupdate1c9bf8863d9adfc;Google Update Service (gupdate1c9bf8863d9adfc);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 11:14 AM 133104]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\docume~1\JOHNDO~1\APPLIC~1\Mozilla\Firefox\Profiles\g8ttv7fh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\g8ttv7fh.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\John Doe\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\John Doe\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 01:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-725345543-73586283-2147019285-1001\Software\SecuROM\License information*]
"datasecu"=hex:d6,69,a9,ab,f9,d8,98,45,66,82,74,9d,ad,9f,a8,42,86,c8,5b,16,9d,
dc,32,d7,a3,87,86,f8,ef,84,28,4c,1b,c0,de,e2,89,80,2b,f8,8a,ec,a7,a0,1c,d8,\
"rkeysecu"=hex:69,47,ec,71,f6,de,af,cf,2b,90,e4,90,fe,0e,c4,20
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3920)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2009-08-17 1:46
ComboFix-quarantined-files.txt 2009-08-17 08:46
ComboFix2.txt 2009-08-16 08:16

Pre-Run: 99,527,376,896 bytes free
Post-Run: 99,550,138,368 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

265
beani
2009-08-18, 07:20
Uninstalled/Re-downloaded latest versions:
Java
Flash
Adobe Reader

Ran ATF Cleaner on Main and Firefox


Currently waiting on Kaspersky's Scanner

7hours,15minutes,47seconds in... 48% >.<

So hopefully here soon I can post report +dds +attach.


Just wanted to let you know that I'm still here :-)
beani
2009-08-18, 08:30
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, August 18, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, August 17, 2009 21:47:33
Records in database: 2642516
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\

Scan statistics:
Objects scanned: 54937
Threats found: 3
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 08:28:27


File name / Threat / Threats count
C:\Documents and Settings\John Doe\Desktop\Backup\Brandon's Stuff\MyMusic\Audioslave - Original fire.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\John Doe\Desktop\Backup\Brandon's Stuff\Porn\Games\EGirl v.1.5 (full) 3D X game\EGirlInstaller_v1.5.EXE Infected: Trojan-Downloader.Win32.Murlo.ahm 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\msxml71.dll.vir Infected: Trojan.Win32.FraudPack.qhy 1
K:\Media\Porn\Games\EGirl v.1.5 (full) 3D X game\EGirlInstaller_v1.5.EXE Infected: Trojan-Downloader.Win32.Murlo.ahm 1

Selected area has been scanned.
beani
2009-08-18, 08:33
DDS (Ver_09-07-30.01) - NTFSx86
Run by John Doe at 11:26:43.57 on Mon 08/17/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.579 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Linksys\WUSBF54G\NICServ.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
K:\Security\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\linksy~1.lnk - c:\program files\linksys\wusbf54g\wlMonitor.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\johndo~1\applic~1\mozilla\firefox\profiles\g8ttv7fh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - plugin: c:\documents and settings\john doe\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\john doe\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-16 11608]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-8-16 353672]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-16 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-16 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-16 55656]
R2 NICSer_WUSBF54G;NICSer_WUSBF54G;c:\program files\linksys\wusbf54g\NICServ.exe [2009-6-14 529920]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2009-6-9 40576]
R3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [2009-5-5 219648]
R3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [2009-5-5 475264]
R3 ZD1211U(Linksys);Linksys Wireless-G USB Network Adapter Driver(Linksys);c:\windows\system32\drivers\ZD1211U.sys [2009-6-14 278528]
S2 FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;c:\docume~1\johndo~1\locals~1\temp\ixp001.tmp\fah.exe -svcstart --> c:\docume~1\johndo~1\locals~1\temp\ixp001.tmp\FAH.exe -svcstart [?]
S2 gupdate1c9bf8863d9adfc;Google Update Service (gupdate1c9bf8863d9adfc);c:\program files\google\update\GoogleUpdate.exe [2009-4-17 133104]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-3 14336]

=============== Created Last 30 ================

2009-08-17 02:11 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-17 01:53 <DIR> --d----- c:\windows\system32\appmgmt
2009-08-17 01:42 <DIR> a-dshr-- C:\cmdcons
2009-08-16 03:46 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-08-16 03:46 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-08-16 03:46 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-08-16 03:46 <DIR> --d----- c:\program files\Zone Labs
2009-08-16 03:46 350,192 a------- c:\windows\system32\vsconfig.xml
2009-08-16 03:45 <DIR> --d----- c:\windows\Internet Logs
2009-08-16 03:36 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-16 03:36 <DIR> --d----- c:\program files\Avira
2009-08-16 03:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-08-16 01:15 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-08-16 01:13 <DIR> --d----- c:\windows\system32\wbem\snmp
2009-08-16 01:13 <DIR> --d----- c:\windows\system32\xircom
2009-08-16 01:13 <DIR> --d----- c:\windows\system32\ime
2009-08-16 01:13 <DIR> --d----- c:\windows\srchasst
2009-08-16 01:13 <DIR> --d----- c:\program files\msn gaming zone
2009-08-16 01:13 <DIR> --d----- c:\program files\common files\speechengines
2009-08-16 01:04 216,064 a------- c:\windows\PEV.exe
2009-08-16 01:04 161,792 a------- c:\windows\SWREG.exe
2009-08-16 01:04 98,816 a------- c:\windows\sed.exe
2009-08-11 12:12 1,334 a------- c:\windows\wininit.ini
2009-08-09 00:28 <DIR> --d----- c:\program files\IZArc
2009-08-07 23:11 <DIR> --d----- C:\ILLUSION
2009-08-07 23:02 <DIR> --d----- c:\windows\system32\URTTemp
2009-07-24 02:32 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-07-24 02:21 <DIR> --d----- c:\windows\system32\DirectX
2009-07-24 02:21 <DIR> --d----- c:\windows\Logs
2009-07-24 02:21 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-07-24 02:21 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-07-24 02:00 <DIR> --d----- c:\program files\Deep Silver
2009-07-24 02:00 <DIR> --d----- c:\windows\system32\AGEIA
2009-07-24 01:59 <DIR> --d----- c:\docume~1\johndo~1\applic~1\DAEMON Tools Pro
2009-07-24 01:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-07-24 01:04 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-07-24 01:04 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-07-24 01:01 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-07-24 01:01 <DIR> --d----- c:\docume~1\johndo~1\applic~1\DAEMON Tools Lite
2009-07-23 03:46 67 a------- c:\windows\lz_scm.ini
2009-07-22 11:00 97,792 a------- c:\windows\system32\drivers\ACEDRV05.sys
2009-07-22 10:44 221,184 a------- c:\windows\system32\wmpns.dll
2009-07-21 09:13 <DIR> --d----- c:\program files\Ascaron Entertainment

==================== Find3M ====================

2009-08-17 02:10 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-25 08:21 98,304 a------- c:\windows\DUMP76e5.tmp
2009-07-01 17:55 90,112 a------- c:\windows\DUMP853d.tmp
2009-06-27 08:14 2,048 a------- c:\windows\system32\Tr_sttool.dat
2009-06-06 09:38 692,224 a------- c:\windows\system32\bsrmgcv.dll
2009-06-06 09:38 192,512 a------- c:\windows\system32\bsrmgps.dll
2009-06-06 09:38 585,728 a------- c:\windows\system32\bsratswf.dll
2009-06-06 09:38 147,456 a------- c:\windows\system32\bsratwmv.dll

============= FINISH: 11:27:30.75 ===============
beani
2009-08-18, 08:35
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/16/2009 9:29:45 AM
System Uptime: 8/17/2009 1:54:43 AM (10 hours ago)

Motherboard: ASUSTek Computer INC. | | NAGAMI2
Processor: AMD Athlon(tm) 64 Processor 3700+ | Socket 939 | 2204/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 92.135 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
K: is FIXED (FAT32) - 466 GiB total, 323.059 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\AWY0001\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\C3D52F11D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\C3D52F11D800
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&180DF4C5&0&01
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&180DF4C5&0&01
Service: NVENETFD

==== System Restore Points ===================

RP103: 8/16/2009 1:08:28 AM - ComboFix created restore point
RP104: 8/16/2009 3:35:35 AM - Avira AntiVir Personal - 8/16/2009 3:35
RP105: 8/17/2009 1:53:40 AM - Removed Adobe Reader 6.0.1
RP106: 8/17/2009 1:59:04 AM - Removed Java(TM) 6 Update 13
RP107: 8/17/2009 2:06:10 AM - Installed Adobe Reader 9.1.
RP108: 8/17/2009 2:10:48 AM - Installed Java(TM) 6 Update 16

==== Installed Programs ======================

Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
AGEIA PhysX v7.11.13
ArcSoft VideoImpression 2
Artificial Girl 3
Avira AntiVir Personal - Free Antivirus
BSR Screen Recorder 4
Choice Guard
Comcast High-Speed Internet Install Wizard
DAEMON Tools Toolbar
DivX Web Player
Google Chrome
Google Update Helper
HAKO
HP Webcam
IZArc 4.0 beta 1
Java(TM) 6 Update 16
K-Lite Codec Pack 4.7.5 (Basic)
Linksys Wireless Network Monitor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Move Media Player
Mozilla Firefox (3.0.13)
MSVCRT
NVIDIA Drivers
Realtek High Definition Audio Driver
Sacred 2
Sacred Underworld
Segoe UI
Spybot - Search & Destroy
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Virtual Audio Cable 4.9
VLC media player 0.9.9
Winamp
Windows Driver Package - usbvm326 (usbvm328) Image (10/12/2006 326.1.061012.07)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
World of Warcraft
ZoneAlarm

==== Event Viewer Messages From Past Week ========

8/17/2009 1:56:44 AM, error: Service Control Manager [7023] - The wscsvc service terminated with the following error: The specified module could not be found.
8/17/2009 1:56:44 AM, error: Service Control Manager [7023] - The ERSvc service terminated with the following error: The specified module could not be found.
8/16/2009 1:15:13 AM, error: Service Control Manager [7000] - The wscsvc service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
8/16/2009 1:09:00 AM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
8/16/2009 1:09:00 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
8/16/2009 1:09:00 AM, error: Service Control Manager [7000] - The helpsvc service failed to start due to the following error: The system cannot find the file specified.
8/16/2009 1:09:00 AM, error: Service Control Manager [7000] - The FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe service failed to start due to the following error: The system cannot find the path specified.
8/16/2009 1:07:57 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0014BFBE82FD. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
8/13/2009 1:28:27 AM, error: Sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
8/10/2009 11:16:30 AM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
8/10/2009 11:16:30 AM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

==== End Of File ===========================



still infected :-( damn p2p!
Blade81
2009-08-18, 14:59
Hi,

Let's take that SystemLook -part again with following contents:


:filefind
beep.sys
msgsvc.dll
wscntfy.exe
ntmssvc.dll


Again, post back the results.


Then delete these files:
c:\windows\system32\xa.tmp
C:\Documents and Settings\John Doe\Desktop\Backup\Brandon's Stuff\MyMusic\Audioslave - Original fire.mp3
C:\Documents and Settings\John Doe\Desktop\Backup\Brandon's Stuff\Porn\Games\EGirl v.1.5 (full) 3D X game\EGirlInstaller_v1.5.EXE
K:\Media\Porn\Games\EGirl v.1.5 (full) 3D X game\EGirlInstaller_v1.5.EXE
beani
2009-08-19, 01:48
c:\windows\system32\xa.tmp isn't there. not hidden either... ran systemlook for it, not found under c:\windows\system32\xa.tmp or xa.tmp

========== filefind ==========

Searching for "c:\windows\system32\xa.tmp"
No files found.

-=End Of File=-

========== filefind ==========

Searching for "xa.tmp"
No files found.

-=End Of File=-

deleted files:
C:\Documents and Settings\John Doe\Desktop\Backup\Brandon's Stuff\MyMusic\Audioslave - Original fire.mp3
C:\Documents and Settings\John Doe\Desktop\Backup\Brandon's Stuff\Porn\Games\EGirl v.1.5 (full) 3D X game\EGirlInstaller_v1.5.EXE
K:\Media\Porn\Games\EGirl v.1.5 (full) 3D X game\EGirlInstaller_v1.5.EXE

ran systemlook for those files, still nothing.

SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 04:34 on 18/08/2009 by John Doe (Administrator - Elevation successful)

========== filefind ==========

Searching for "beep.sys"
No files found.

Searching for "msgsvc.dll"
No files found.

Searching for "wscntfy.exe"
No files found.

Searching for "ntmssvc.dll"
No files found.

-=End Of File=-

Thanks Blade for all your help thus far!
Does this mean I am finally clean? :eek:
beani
2009-08-19, 03:18
Nope. lol


Spybot reports->
...
--- Search result list ---
Win32.FraudLoad.edt: [SBI $E9CA361A] Data (File, nothing done)
C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
Properties.size=276
Properties.md5=8FB755DA3B65DE4D2CCA958821DC2EDD
Properties.filedate=1250600400
Properties.filedatetext=2009-08-18 06:00:00

Win32.FraudLoad.edt: [SBI $BBEEDD02] Data (File, nothing done)
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
Properties.size=290
Properties.md5=9EE0D1ADF57380CB0E69EABDD4C84825
Properties.filedate=1250600400
Properties.filedatetext=2009-08-18 06:00:00

Win32.FraudLoad.edt: [SBI $E205C221] Data (File, nothing done)
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
Properties.size=246
Properties.md5=9F443575DB1FABBAAAA233311762D8F8
Properties.filedate=1250600400
Properties.filedatetext=2009-08-18 06:00:00

Win32.TDSS.reg: [SBI $A5F61027] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\MSIVX\disallowed

...


*Note I did not take any actions (cleaning, removing, quarantining).


:scratch: hmmm...
Blade81
2009-08-19, 06:45
Hi,

No, we're not ready yet. Let Spybot remove its findings.

Do you have Windows XP Pro installation media available? I'm asking this cos some system files have to be replaced from it.
beani
2009-08-19, 08:15
Okay, let Spybot remove the files... Appear to come back with restart still though :-(...
I do indeed have the Xp CD.

How do I go about replacing just
beep.sys
msgsvc.dll
wscntfy.exe
ntmssvc.dll

?

Run a repair?

Mucha Gracias
beani
2009-08-19, 08:31
hrmm, wondering if I can use a windows XP setup disk used for floppy boots to extract the files?

http://support.microsoft.com/kb/310994

might be easier since it's more easily accessible?

reading up, it seems that the files missing aren't imperative to running windows, looks like it's just window's "security" mainly *cough *cough probably destroyed by the malware, but i honestly don't mind not having windows updates popping up every five minutes. :2thumb:
Blade81
2009-08-19, 16:08
Hi,


reading up, it seems that the files missing aren't imperative to running windows
Enough to make your OS vulnerable so I suggest we try to retrieve them ;)

See if you can find following files on your XP Pro media (in i386 folder)
beep.sy_
msgsvc.dl_
wscntfy.ex_
ntmssvc.dl_
beani
2009-08-20, 07:52
alright, copied the files from upstairs pc muha: moved them into thier correct places. beep.sys is now a running process, so i'm sure they're working. :bigthumb:

c:\windows\system32\drivers\beep.sys
c:\windows\system32\msgsvc.dll
c:\windows\system32\wscntfy.exe
c:\windows\system32\ntmssvc.dll

and here's a new systemlook report

SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 10:45 on 19/08/2009 by John Doe (Administrator - Elevation successful)

========== filefind ==========

Searching for "beep.sys"
C:\WINDOWS\system32\dllcache\beep.sys --a--- 4224 bytes [05:42 20/08/2009] [12:00 29/08/2002] DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\drivers\beep.sys --a--- 4224 bytes [05:42 20/08/2009] [12:00 29/08/2002] DA1F27D85E0D1525F6621372E7B685E9

Searching for "msgsvc.dll"
C:\WINDOWS\system32\dllcache\msgsvc.dll --a--- 33792 bytes [17:42 19/08/2009] [07:56 04/08/2004] 95FD808E4AC22ABA025A7B3EAC0375D2
C:\WINDOWS\system32\msgsvc.dll --a--- 33792 bytes [17:42 19/08/2009] [07:56 04/08/2004] 95FD808E4AC22ABA025A7B3EAC0375D2

Searching for "wscntfy.exe"
C:\WINDOWS\system32\dllcache\wscntfy.exe --a--- 13824 bytes [17:42 19/08/2009] [07:56 04/08/2004] 49911DD39E023BB6C45E4E436CFBD297
C:\WINDOWS\system32\wscntfy.exe --a--- 13824 bytes [17:42 19/08/2009] [07:56 04/08/2004] 49911DD39E023BB6C45E4E436CFBD297

Searching for "ntmssvc.dll"
C:\WINDOWS\system32\dllcache\ntmssvc.dll --a--- 435200 bytes [17:42 19/08/2009] [07:56 04/08/2004] B62F29C00AC55A761B2E45877D85EA0F
C:\WINDOWS\system32\ntmssvc.dll --a--- 435200 bytes [17:42 19/08/2009] [07:56 04/08/2004] B62F29C00AC55A761B2E45877D85EA0F

-=End Of File=-
beani
2009-08-20, 08:07
... beep.sys is now a running process, so i'm sure they're working. :bigthumb: ...

*note

i know it's working. run>cmd>echo(ctrl+g) enter = "beep" :)


ran spybot again just for giggles,
same as in post #25 -> http://forums.spybot.info/showpost.php?p=329636&postcount=25
beani
2009-08-20, 08:13
--- Search result list ---
Win32.FraudLoad.edt: [SBI $0174D446] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-725345543-73586283-2147019285-1001\Software\NordBull

Win32.FraudLoad.edt: [SBI $7312D32F] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{E24211B3-A78A-C6A9-D317-70979ACE5058}


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-06-09 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-08-18 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-08-19 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-08-04 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-08-19 Includes\Malware.sbi (*)
2009-08-19 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-08-18 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-07-30 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-08-11 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-08-19 Includes\Trojans.sbi (*)
2009-08-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ MSXML 2 / SP6: Hotfix for MSXML 2 (KB887606)
/ MSXML 4 / SP2: Security Update for MSXML 4 (KB927978)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB928788)
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929773)
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB932390)
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB933547)
/ Windows Media Player / SP0: Security Update for Windows Media Player (KB911564)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB931756)
/ Windows Media Player 6.4 / SP0: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB928090)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Security Update for Windows XP (KB873339)
/ Windows XP / SP3: Update for Windows XP (KB884575)
/ Windows XP / SP3: Security Update for Windows XP (KB885836)
/ Windows XP / SP3: Update for Windows XP (KB886677)
/ Windows XP / SP3: Security Update for Windows XP (KB887472)
/ Windows XP / SP3: High Definition Audio Driver (KB888111)
/ Windows XP / SP3: Update for Windows XP (KB889016)
/ Windows XP / SP3: Update for Windows XP (KB889320)
/ Windows XP / SP3: Update for Windows XP (KB889673)
/ Windows XP / SP3: Update for Windows XP (KB892489)
/ Windows XP / SP3: Update for Windows XP (KB893008)
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894395)
/ Windows XP / SP3: Update for Windows XP (KB895961)
/ Windows XP / SP3: Update for Windows XP (KB896256)
/ Windows XP / SP3: Update for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB896626)
/ Windows XP / SP3: Update for Windows XP (KB897338)
/ Windows XP / SP3: Update for Windows XP (KB897663)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Update for Windows XP (KB898543)
/ Windows XP / SP3: Update for Windows XP (KB899271)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901190)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Update for Windows XP (KB902149)
/ Windows XP / SP3: Update for Windows XP (KB902845)
/ Windows XP / SP3: Update for Windows XP (KB902853)
/ Windows XP / SP3: Update for Windows XP (KB903250)
/ Windows XP / SP3: Update for Windows XP (KB904412)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Update for Windows XP (KB906216)
/ Windows XP / SP3: Update for Windows XP (KB906569)
/ Windows XP / SP3: Update for Windows XP (KB906866)
/ Windows XP / SP3: Update for Windows XP (KB907865)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB908536)
/ Windows XP / SP3: Update for Windows XP (KB909441)
/ Windows XP / SP3: Microsoft Base Smart Card Cryptographic Service Provider Package
/ Windows XP / SP3: Update for Windows XP (KB909608)
/ Windows XP / SP3: Update for Windows XP (KB909667)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Update for Windows XP (KB911990)
/ Windows XP / SP3: Update for Windows XP (KB912024)
/ Windows XP / SP3: Update for Windows XP (KB912461)
/ Windows XP / SP3: Update for Windows XP (KB913296)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Update for Windows XP (KB913808)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Update for Windows XP (KB914440)
/ Windows XP / SP3: Update for Windows XP (KB914463)
/ Windows XP / SP3: Update for Windows XP (KB914841)
/ Windows XP / SP3: Update for Windows XP (KB914906)
/ Windows XP / SP3: Update for Windows XP (KB915377)
/ Windows XP / SP3: Update for Windows XP (KB915378)
/ Windows XP / SP3: Update for Windows XP (KB915865)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Update for Windows XP (KB917140)
/ Windows XP / SP3: Update for Windows XP (KB917275)
/ Windows XP / SP3: Update for Windows XP (KB917730)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Update for Windows XP (KB918334)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Update for Windows XP (KB918997)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Update for Windows XP (KB920342)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Update for Windows XP (KB921401)
/ Windows XP / SP3: Update for Windows XP (KB921411)
/ Windows XP / SP3: Update for Windows XP (KB922120)
/ Windows XP / SP3: Update for Windows XP (KB922668)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Update for Windows XP (KB923154)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Update for Windows XP (KB923845)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Update for Windows XP (KB924941)
/ Windows XP / SP3: Update for Windows XP (KB925066)
/ Windows XP / SP3: Update for Windows XP (KB925528)
/ Windows XP / SP3: Update for Windows XP (KB925623)
/ Windows XP / SP3: Update for Windows XP (KB925720)
/ Windows XP / SP3: Update for Windows XP (KB925876)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Update for Windows XP (KB925922)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Update for Windows XP (KB926646)
/ Windows XP / SP3: Update for Windows XP (KB927544)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927880)
/ Windows XP / SP3: Update for Windows XP (KB928255)
/ Windows XP / SP3: Update for Windows XP (KB928595)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Update for Windows XP (KB929280)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB931192)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Update for Windows XP (KB932039)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Update for Windows XP (KB932590)
/ Windows XP / SP3: Update for Windows XP (KB932597)
/ Windows XP / SP3: Update for Windows XP (KB932662)
/ Windows XP / SP3: Update for Windows XP (KB932716)
/ Windows XP / SP3: Update for Windows XP (KB933062)
/ Windows XP / SP3: Update for Windows XP (KB933215)
/ Windows XP / SP3: Update for Windows XP (KB933251)
/ Windows XP / SP3: Update for Windows XP (KB933811)
/ Windows XP / SP3: Update for Windows XP (KB933876)
/ Windows XP / SP3: Update for Windows XP (KB934161)
/ Windows XP / SP3: Update for Windows XP (KB934428)
/ Windows XP / SP3: Update for Windows XP (KB935192)
/ Windows XP / SP3: Update for Windows XP (KB935198)
/ Windows XP / SP3: Update for Windows XP (KB935448)
/ Windows XP / SP3: Update for Windows XP (KB935677)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Update for Windows XP (KB935989)
/ Windows XP / SP3: Update for Windows XP (KB936357)
/ Windows XP / SP3: Update for Windows XP (KB936455)
/ Windows XP / SP3: Update for Windows XP (KB936678)
/ Windows XP / SP3: Update for Windows XP (KB937930)
/ Windows XP / SP3: Update for Windows XP (KB938032)
/ Windows XP / SP3: Update for Windows XP (KB939273)


--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35696
MD5: 452FA961163EF4AEE4815796A13AB2CF

Located: HK_LM:Run, avgnt
command: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
size: 209153
MD5: 29680A793F690EEF4AAA68479D2A6DF8

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\NvCpl.dll
size: 13684736
MD5: F20E4E51F989D7FFE247BEE763F5B27A

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\NvMcTray.dll
size: 86016
MD5: 51F2F96BBB602B224A3FBB7135D6D5B6

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1657376
MD5: D13797A3C0F9EAD4E902ED794112C4AC

Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 17567744
MD5: 45D2B5E3384699AD1FBB303684D835B2

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 5E4C9C25D603AE46DEDCBD9674F86E21

Located: HK_LM:Run, WinampAgent
command: "C:\Program Files\Winamp\winampa.exe"
file: C:\Program Files\Winamp\winampa.exe
size: 37888
MD5: B83C63A31F12D912C40544A6C9395AC6

Located: HK_LM:Run, ZoneAlarm Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 981384
MD5: C331D8E6E3AB67A5A1556070E8EA6B13

Located: HK_CU:RunOnce, nltide_3
where: .DEFAULT...
command: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
file: C:\WINDOWS\system32\advpack.dll
size: 124928
MD5: 511CB6E4793D45A567EBD7E761C9B464

Located: HK_CU:RunOnce, ShowDeskFix
where: .DEFAULT...
command: regsvr32 /s /n /i:u shell32
file: regsvr32 /s /n /i:u shell32
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-725345543-73586283-2147019285-1001...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, DAEMON Tools Lite
where: S-1-5-21-725345543-73586283-2147019285-1001...
command: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
file: C:\Program Files\DAEMON Tools Lite\daemon.exe
size: 691656
MD5: 1542D48BEF0C07513453CDEF1577BB79

Located: HK_CU:Run, msnmsgr
where: S-1-5-21-725345543-73586283-2147019285-1001...
command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3885408
MD5: 16C3811F3A5CD8EA7030A42A75892136

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-725345543-73586283-2147019285-500...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:RunOnce, IE7-10
where: S-1-5-21-725345543-73586283-2147019285-500...
command: rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N
file: C:\WINDOWS\system32\advpack.dll
size: 124928
MD5: 511CB6E4793D45A567EBD7E761C9B464

Located: HK_CU:RunOnce, nltide_3
where: S-1-5-21-725345543-73586283-2147019285-500...
command: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
file: C:\WINDOWS\system32\advpack.dll
size: 124928
MD5: 511CB6E4793D45A567EBD7E761C9B464

Located: HK_CU:RunOnce, ShowDeskFix
where: S-1-5-21-725345543-73586283-2147019285-500...
command: regsvr32 /s /n /i:u shell32
file: regsvr32 /s /n /i:u shell32
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, nltide_3
where: S-1-5-18...
command: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
file: C:\WINDOWS\system32\advpack.dll
size: 124928
MD5: 511CB6E4793D45A567EBD7E761C9B464

Located: HK_CU:RunOnce, ShowDeskFix
where: S-1-5-18...
command: regsvr32 /s /n /i:u shell32
file: regsvr32 /s /n /i:u shell32
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (common), Linksys Wireless Network Monitor.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe
file: C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe
size: 3205632
MD5: F8F9E7D64BB71BA92E92F9AA006278E7

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 2/27/2009 12:07:26 PM
Date (last access): 8/17/2009 2:06:22 AM
Date (last write): 2/27/2009 12:07:26 PM
Filesize: 75128
Attributes: archive
MD5: 5CF6190CD875DA6B35256FEE573E7908
CRC32: 764BA81B
Version: 9.1.0.163

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 1/22/2009 3:41:30 PM
Date (last access): 5/5/2009 9:16:26 AM
Date (last write): 1/22/2009 3:41:30 PM
Filesize: 408448
Attributes: archive
MD5: B7899C3E21B299D7A3C0DA96CAE340BD
CRC32: 288935F8
Version: 5.0.818.5

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 8/17/2009 2:10:54 AM
Date (last access): 8/17/2009 2:10:54 AM
Date (last write): 8/17/2009 2:10:54 AM
Filesize: 41760
Attributes: archive
MD5: 7AF9D3B7B88AF81D2F87AA846DC2EE70
CRC32: 00DFC49A
Version: 6.0.160.1

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 8/17/2009 2:10:56 AM
Date (last access): 8/17/2009 2:10:56 AM
Date (last write): 8/17/2009 2:10:56 AM
Filesize: 73728
Attributes: archive
MD5: 37EDBCC7E5E0B89E59941FF79A2F9746
CRC32: 60D1666F
Version: 6.0.160.1



--- ActiveX list ---
{20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class)
DPF name:
CLSID name: Checkers Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: msgrchkr.dll
Short name:
Date (created): 2/28/2007 2:21:04 PM
Date (last access): 2/28/2007 2:21:04 PM
Date (last write): 2/28/2007 2:21:04 PM
Filesize: 131472
Attributes: archive
MD5: 1E5CFDF9AEBDD84305A4C8154277A269
CRC32: 73C871D0
Version: 9.5.7087.1

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_16
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_16.dll
Short name: NPJPI1~1.DLL
Date (created): 8/17/2009 2:10:54 AM
Date (last access): 8/17/2009 2:10:54 AM
Date (last write): 8/17/2009 2:10:54 AM
Filesize: 136992
Attributes: archive
MD5: EF5C38E082CA41D7588621F3DFA09A64
CRC32: D4B4406B
Version: 6.0.160.1

{C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
description:
classification: Legitimate
known filename: MessengerStatsPAClient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MessengerStatsPAClient.dll
Short name: MESSEN~1.DLL
Date (created): 2/22/2007 11:41:12 PM
Date (last access): 2/22/2007 11:41:12 PM
Date (last write): 2/22/2007 11:41:12 PM
Filesize: 304544
Attributes: archive
MD5: 8945CCA5FC4F25168E8B6F401EFAF51F
CRC32: 0F12FD23
Version: 9.5.6907.1

{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_16
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_16.dll
Short name: NPJPI1~1.DLL
Date (created): 8/17/2009 2:10:54 AM
Date (last access): 8/17/2009 2:10:54 AM
Date (last write): 8/17/2009 2:10:54 AM
Filesize: 136992
Attributes: archive
MD5: EF5C38E082CA41D7588621F3DFA09A64
CRC32: D4B4406B
Version: 6.0.160.1

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_16
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_16.dll
Short name: NPJPI1~1.DLL
Date (created): 8/17/2009 2:10:54 AM
Date (last access): 8/17/2009 2:10:54 AM
Date (last write): 8/17/2009 2:10:54 AM
Filesize: 136992
Attributes: archive
MD5: EF5C38E082CA41D7588621F3DFA09A64
CRC32: D4B4406B
Version: 6.0.160.1



--- Process list ---
PID: 0 ( 0) [System]
PID: 628 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 852 ( 628) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 876 ( 628) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 920 ( 876) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 932 ( 876) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1112 ( 920) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1208 ( 920) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1352 ( 920) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1588 ( 920) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1724 ( 920) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1772 ( 920) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
size: 2402184
MD5: D89972DA2C33CC02BC787E4F404B4A01
PID: 468 ( 444) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: DF3F40C1C0C4EA6BFD4CFACD4CB18BF1
PID: 1128 ( 920) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: AD3D9D191AEA7B5445FE1D82FFBB4788
PID: 1276 ( 920) C:\Program Files\Avira\AntiVir Desktop\sched.exe
size: 108289
MD5: 9015BC03F62940527EC92D45EE89E46F
PID: 1288 ( 920) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
size: 185089
MD5: B8720A787C1223492E6F319465E996CE
PID: 1780 ( 920) C:\Program Files\Java\jre6\bin\jqs.exe
size: 153376
MD5: 09417134F248DFCEEA15C72BCC87F592
PID: 1736 ( 920) C:\Program Files\Linksys\WUSBF54G\NICServ.exe
size: 529920
MD5: 870BF28A2EEF124BECA773148C0B4BCF
PID: 2016 ( 920) C:\WINDOWS\system32\nvsvc32.exe
size: 163908
MD5: C501206816F35D20422B4C3F88D62860
PID: 140 ( 920) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2828 ( 468) C:\WINDOWS\RTHDCPL.EXE
size: 17567744
MD5: 45D2B5E3384699AD1FBB303684D835B2
PID: 2840 ( 468) C:\Program Files\Winamp\winampa.exe
size: 37888
MD5: B83C63A31F12D912C40544A6C9395AC6
PID: 2852 ( 468) C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 3352 ( 468) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
size: 209153
MD5: 29680A793F690EEF4AAA68479D2A6DF8
PID: 3820 ( 468) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 981384
MD5: C331D8E6E3AB67A5A1556070E8EA6B13
PID: 2476 ( 468) C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 5E4C9C25D603AE46DEDCBD9674F86E21
PID: 2488 ( 468) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3885408
MD5: 16C3811F3A5CD8EA7030A42A75892136
PID: 2504 ( 468) C:\Program Files\DAEMON Tools Lite\daemon.exe
size: 691656
MD5: 1542D48BEF0C07513453CDEF1577BB79
PID: 2532 ( 468) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 2568 ( 468) C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe
size: 3205632
MD5: F8F9E7D64BB71BA92E92F9AA006278E7
PID: 2736 ( 468) C:\Program Files\Mozilla Firefox\firefox.exe
size: 908280
MD5: 0AF842F82CB567E79D065C12E029560C
PID: 3316 ( 920) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2208 ( 468) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 8/19/2009 11:07:28 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{308B033B-1977-4BA5-AE09-8DA5616DE3F2}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{308B033B-1977-4BA5-AE09-8DA5616DE3F2}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{964C8571-B95D-4428-BC4F-68B6CB87F268}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{964C8571-B95D-4428-BC4F-68B6CB87F268}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{83301772-3304-4022-B6F4-A6771E84E3DE}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{83301772-3304-4022-B6F4-A6771E84E3DE}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8D64E22F-796A-4572-A42B-190B4141D452}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8D64E22F-796A-4572-A42B-190B4141D452}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C73B8AA-088E-48F8-BA93-6B733343C1F7}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C73B8AA-088E-48F8-BA93-6B733343C1F7}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AFACCE8B-306D-463D-9A71-11DF29CDE281}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AFACCE8B-306D-463D-9A71-11DF29CDE281}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3265BAC4-D5E2-4600-B1B8-85AA7DC0C1E1}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3265BAC4-D5E2-4600-B1B8-85AA7DC0C1E1}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B1B9741-111A-42A3-BFDE-6C883657C1C9}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B1B9741-111A-42A3-BFDE-6C883657C1C9}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Blade81
2009-08-20, 18:32
Good. Now, please run ComboFix again and let it update itself if asked for a permission. Post back its report & fresh dds log.
beani
2009-08-20, 20:23
ComboFix 09-08-19.0C - John Doe 08/19/2009 23:07.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.636 [GMT -7:00]
Running from: k:\security\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.

2009-08-20 05:42 . 2002-08-29 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-20 05:42 . 2002-08-29 12:00 4224 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-08-19 17:42 . 2004-08-04 07:56 13824 ----a-w- c:\windows\system32\wscntfy.exe
2009-08-19 17:42 . 2004-08-04 07:56 13824 ----a-w- c:\windows\system32\dllcache\wscntfy.exe
2009-08-19 17:42 . 2004-08-04 07:56 435200 ----a-w- c:\windows\system32\ntmssvc.dll
2009-08-19 17:42 . 2004-08-04 07:56 435200 ----a-w- c:\windows\system32\dllcache\ntmssvc.dll
2009-08-19 17:42 . 2004-08-04 07:56 33792 ----a-w- c:\windows\system32\msgsvc.dll
2009-08-19 17:42 . 2004-08-04 07:56 33792 ----a-w- c:\windows\system32\dllcache\msgsvc.dll
2009-08-17 09:14 . 2009-08-17 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-17 09:14 . 2009-08-17 09:14 -------- d-----w- c:\program files\NOS
2009-08-17 09:14 . 2009-08-07 19:44 30400 ----a-w- c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\g8ttv7fh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-08-17 09:14 . 2009-08-07 19:44 22848 ----a-w- c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\g8ttv7fh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-08-17 09:14 . 2009-08-07 19:44 19792 ----a-w- c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\g8ttv7fh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-08-17 09:10 . 2009-08-17 09:10 -------- d-----w- c:\program files\Java
2009-08-16 10:46 . 2009-08-16 10:46 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-16 10:46 . 2009-02-16 07:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-08-16 10:46 . 2009-02-16 07:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-08-16 10:46 . 2009-08-16 10:46 -------- d-----w- c:\windows\system32\ZoneLabs
2009-08-16 10:46 . 2009-08-16 10:46 -------- d-----w- c:\program files\Zone Labs
2009-08-16 10:46 . 2009-02-16 07:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-08-16 10:45 . 2009-08-19 18:07 -------- d-----w- c:\windows\Internet Logs
2009-08-16 10:36 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-16 10:36 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-16 10:36 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-16 10:36 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-16 10:36 . 2009-08-16 10:36 -------- d-----w- c:\program files\Avira
2009-08-16 10:36 . 2009-08-16 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\system32\wbem\snmp
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\system32\xircom
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\srchasst
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\program files\microsoft frontpage
2009-08-09 07:28 . 2009-08-09 07:29 -------- d-----w- c:\program files\IZArc
2009-08-08 06:11 . 2009-08-08 12:08 -------- d-----w- C:\ILLUSION
2009-08-08 06:02 . 2009-08-08 06:04 -------- d-----w- c:\windows\system32\URTTemp
2009-07-24 09:48 . 2009-07-24 09:48 -------- d-----w- c:\documents and settings\John Doe\Local Settings\Application Data\Ascaron Entertainment
2009-07-24 09:32 . 2009-07-24 09:32 -------- d--h--r- c:\documents and settings\John Doe\Application Data\SecuROM
2009-07-24 09:32 . 2009-07-24 09:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-24 09:21 . 2009-07-24 09:21 -------- d-----w- c:\windows\Logs
2009-07-24 09:21 . 2009-07-24 09:21 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-24 09:21 . 2009-07-24 09:21 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\program files\Deep Silver
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\windows\system32\AGEIA
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-24 08:59 . 2009-07-24 08:59 -------- d-----w- c:\documents and settings\John Doe\Application Data\DAEMON Tools Pro
2009-07-24 08:05 . 2009-07-24 08:05 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-07-24 08:04 . 2009-07-24 08:04 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-24 08:04 . 2009-07-24 08:04 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-24 08:01 . 2009-07-24 08:01 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-24 08:01 . 2009-07-24 08:05 -------- d-----w- c:\documents and settings\John Doe\Application Data\DAEMON Tools Lite
2009-07-22 18:00 . 2009-07-22 18:00 97792 ----a-w- c:\windows\system32\drivers\ACEDRV05.sys
2009-07-22 17:47 . 2009-07-22 17:47 -------- d-----w- c:\documents and settings\Karma\Local Settings\Application Data\Mozilla
2009-07-21 16:13 . 2009-07-21 16:13 -------- d-----w- c:\program files\Ascaron Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 17:50 . 2009-08-19 17:50 562297 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-08-17 09:10 . 2009-04-18 17:35 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-08-17 09:06 . 2009-04-16 21:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-16 10:09 . 2009-06-09 10:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-13 07:52 . 2009-05-19 16:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-08 12:08 . 2009-04-16 22:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 10:55 . 2009-04-21 21:22 10808 ----a-w- c:\documents and settings\John Doe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-25 15:21 . 2009-04-17 09:15 98304 ----a-w- c:\windows\DUMP76e5.tmp
2009-07-24 09:00 . 2009-04-16 22:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 17:47 . 2009-04-17 19:36 -------- d-----w- c:\documents and settings\John Doe\Application Data\Move Networks
2009-07-12 17:47 . 2009-05-14 17:42 127872 ----a-w- c:\documents and settings\John Doe\Application Data\Move Networks\uninstall.exe
2009-07-12 17:47 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\John Doe\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-07-12 17:47 . 2009-07-12 17:47 1685856 ----a-w- c:\documents and settings\John Doe\Application Data\Move Networks\MoveMediaPlayerWinSilent_071503000010.exe
2009-07-02 00:55 . 2009-04-17 09:15 90112 -c--a-w- c:\windows\DUMP853d.tmp
2009-06-27 15:14 . 2009-06-06 16:38 2048 ----a-w- c:\windows\system32\Tr_sttool.dat
2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\documents and settings\John Doe\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-09 08:47 . 2009-06-09 08:47 40576 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
2009-06-06 16:38 . 2009-06-06 16:38 692224 -c--a-w- c:\windows\system32\bsrmgcv.dll
2009-06-06 16:38 . 2009-06-06 16:38 192512 -c--a-w- c:\windows\system32\bsrmgps.dll
2009-06-06 16:38 . 2009-06-06 16:38 585728 -c--a-w- c:\windows\system32\bsratswf.dll
2009-06-06 16:38 . 2009-06-06 16:38 147456 -c--a-w- c:\windows\system32\bsratwmv.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2007-07-24 20:09 360704 A11391BE25035570AE4B8970920F2C74 c:\windows\system32\drivers\tcpip.sys


c:\windows\system32\regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot_2009-08-17_08.45.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-19 17:50 . 2009-08-19 17:50 16384 c:\windows\Temp\Perflib_Perfdata_6f4.dat
+ 2009-08-17 09:05 . 2009-08-17 09:05 85173 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-04-17 09:19 . 2001-08-23 14:00 13600 c:\windows\system32\dllcache\wfwnet.drv
+ 2001-08-23 14:00 . 2001-08-23 14:00 18944 c:\windows\system32\dllcache\vmmreg32.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 25600 c:\windows\system32\dllcache\twunk_32.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 49680 c:\windows\system32\dllcache\twunk_16.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 50688 c:\windows\system32\dllcache\twain_32.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 94784 c:\windows\system32\dllcache\twain.dll
+ 2009-04-17 09:19 . 2001-08-23 14:00 15360 c:\windows\system32\dllcache\taskman.exe
+ 2009-04-17 09:19 . 2001-08-23 14:00 19200 c:\windows\system32\dllcache\tapi.dll
+ 2009-04-17 09:19 . 2001-08-23 14:00 24064 c:\windows\system32\dllcache\olesvr.dll
+ 2009-04-17 09:19 . 2001-08-23 14:00 82944 c:\windows\system32\dllcache\olecli.dll
+ 2009-04-17 09:19 . 2004-08-04 01:56 69120 c:\windows\system32\dllcache\notepad.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 90624 c:\windows\system32\dllcache\muisetup.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 39936 c:\windows\system32\dllcache\mslwvtts.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 10112 c:\windows\system32\dllcache\modex.dll
+ 2004-08-03 23:51 . 2004-08-03 23:51 68768 c:\windows\system32\dllcache\mmsystem.dll
+ 2009-04-16 16:26 . 2004-08-04 01:56 17408 c:\windows\system32\dllcache\mmfutil.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 12288 c:\windows\system32\dllcache\mmdrv.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 61440 c:\windows\system32\dllcache\mmcshext.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 14848 c:\windows\system32\dllcache\mgmtapi.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 40960 c:\windows\system32\dllcache\mf3216.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 39274 c:\windows\system32\dllcache\mem.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 50176 c:\windows\system32\dllcache\mdhcp.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 28160 c:\windows\system32\dllcache\mciwave.drv
+ 2004-08-04 01:56 . 2004-08-04 01:56 23552 c:\windows\system32\dllcache\mciwave.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 25264 c:\windows\system32\dllcache\mciseq.drv
+ 2004-08-04 01:56 . 2004-08-04 01:56 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 35328 c:\windows\system32\dllcache\mciqtz32.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 17408 c:\windows\system32\dllcache\mcicda.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 84480 c:\windows\system32\dllcache\mciavi32.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 73376 c:\windows\system32\dllcache\mciavi.drv
+ 2001-08-23 14:00 . 2001-08-23 14:00 10496 c:\windows\system32\dllcache\mcdsrv32.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 10240 c:\windows\system32\dllcache\mcd32.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 14848 c:\windows\system32\dllcache\mcastmib.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 85504 c:\windows\system32\dllcache\makecab.exe
+ 2007-07-22 13:14 . 2007-07-22 13:14 72704 c:\windows\system32\dllcache\magnify.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 10240 c:\windows\system32\dllcache\lprhelp.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 22016 c:\windows\system32\dllcache\lpk.dll
+ 2009-04-16 16:27 . 2001-08-23 14:00 15360 c:\windows\system32\dllcache\logoff.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 59392 c:\windows\system32\dllcache\logman.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 50176 c:\windows\system32\dllcache\loghours.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 75264 c:\windows\system32\dllcache\locator.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 11776 c:\windows\system32\dllcache\localui.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 97280 c:\windows\system32\dllcache\loadperf.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 29696 c:\windows\system32\dllcache\lights.exe
+ 2009-04-16 16:26 . 2004-08-04 01:56 58880 c:\windows\system32\dllcache\licwmi.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 40960 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 11264 c:\windows\system32\dllcache\laprxy.dll
+ 2004-08-03 23:49 . 2004-08-03 23:49 92224 c:\windows\system32\dllcache\krnl386.exe
+ 2004-08-03 23:46 . 2004-08-03 23:46 42537 c:\windows\system32\dllcache\keyboard.sys
+ 2001-08-23 14:00 . 2001-08-23 14:00 42809 c:\windows\system32\dllcache\key01.sys
+ 2007-07-22 13:14 . 2007-07-22 13:14 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 47952 c:\windows\system32\dllcache\jobexec.dll
+ 2004-08-04 00:56 . 2004-08-04 07:56 47616 c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-04-17 09:19 . 2001-08-23 14:00 13312 c:\windows\system32\dllcache\irclass.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 20992 c:\windows\system32\dllcache\ipxwan.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 39936 c:\windows\system32\dllcache\ipxrtmgr.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 23552 c:\windows\system32\dllcache\ipxroute.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 21504 c:\windows\system32\dllcache\ipxrip.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 69120 c:\windows\system32\dllcache\ipxpromn.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 83968 c:\windows\system32\dllcache\ipxmontr.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 59904 c:\windows\system32\dllcache\ipv6mon.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 53248 c:\windows\system32\dllcache\ipv6.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 44032 c:\windows\system32\dllcache\ipsec6.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 55808 c:\windows\system32\dllcache\ipconfig.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 30720 c:\windows\system32\dllcache\iologmsg.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 92672 c:\windows\system32\dllcache\inseng.dll
+ 2009-04-16 16:28 . 2004-08-04 01:56 48128 c:\windows\system32\dllcache\inetres.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 15872 c:\windows\system32\dllcache\inetppui.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 33280 c:\windows\system32\dllcache\inetmib1.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 36352 c:\windows\system32\dllcache\imgutil.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 70656 c:\windows\system32\dllcache\ifsutil.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 55296 c:\windows\system32\dllcache\iesetup.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 56832 c:\windows\system32\dllcache\ie4uinit.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 54784 c:\windows\system32\dllcache\icmui.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 59392 c:\windows\system32\dllcache\iassvcs.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 86528 c:\windows\system32\dllcache\iassam.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 17920 c:\windows\system32\dllcache\iaspolcy.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 62464 c:\windows\system32\dllcache\iasnap.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 32256 c:\windows\system32\dllcache\iashlpr.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 41472 c:\windows\system32\dllcache\iasads.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 23552 c:\windows\system32\dllcache\iasacct.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 41984 c:\windows\system32\dllcache\htui.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 14848 c:\windows\system32\dllcache\hnetmon.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 72704 c:\windows\system32\dllcache\hlink.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 41472 c:\windows\system32\dllcache\hhsetup.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 10752 c:\windows\system32\dllcache\hh.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 39424 c:\windows\system32\dllcache\grpconv.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 57344 c:\windows\system32\dllcache\gpupdate.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 55296 c:\windows\system32\dllcache\getmac.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 24576 c:\windows\system32\dllcache\gdi.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 76800 c:\windows\system32\dllcache\gcdef.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 60416 c:\windows\system32\dllcache\fwcfg.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 42496 c:\windows\system32\dllcache\ftp.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 56320 c:\windows\system32\dllcache\fsutil.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 81408 c:\windows\system32\dllcache\fsusd.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 20992 c:\windows\system32\dllcache\fontview.exe
+ 2007-07-22 13:31 . 2007-07-22 13:31 80896 c:\windows\system32\dllcache\fontsub.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 16384 c:\windows\system32\dllcache\fmifs.dll
+ 2009-04-16 16:28 . 2007-07-22 13:14 23040 c:\windows\system32\dllcache\fltmc.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 27136 c:\windows\system32\dllcache\findstr.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 21504 c:\windows\system32\dllcache\feclient.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 73728 c:\windows\system32\dllcache\fdeploy.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 14848 c:\windows\system32\dllcache\fc.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 80384 c:\windows\system32\dllcache\faultrep.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 45568 c:\windows\system32\dllcache\extrac32.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 15872 c:\windows\system32\dllcache\expand.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 77824 c:\windows\system32\dllcache\evtrig.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 97965 c:\windows\system32\dllcache\evtquery.vbs
+ 2004-08-04 01:56 . 2004-08-04 01:56 50176 c:\windows\system32\dllcache\evcreate.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 39424 c:\windows\system32\dllcache\esentutl.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 17408 c:\windows\system32\dllcache\esentprf.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 20480 c:\windows\system32\dllcache\encapi.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 26624 c:\windows\system32\dllcache\efsadu.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 12642 c:\windows\system32\dllcache\edlin.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 17920 c:\windows\system32\dllcache\dvdupgrd.exe
+ 2001-08-17 22:36 . 2007-07-24 20:11 55296 c:\windows\system32\dllcache\dvdplay.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 19456 c:\windows\system32\dllcache\dswave.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 51200 c:\windows\system32\dllcache\dssec.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 92672 c:\windows\system32\dllcache\dskquota.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 71680 c:\windows\system32\dllcache\dsdmoprp.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 62976 c:\windows\system32\dllcache\dsauth.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 16384 c:\windows\system32\dllcache\ds32gt.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 58368 c:\windows\system32\dllcache\drvqry.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 87040 c:\windows\system32\dllcache\drmstor.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 57344 c:\windows\system32\dllcache\dpwsockx.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 42768 c:\windows\system32\dllcache\dpwsock.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 83456 c:\windows\system32\dllcache\dpvsetup.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 21504 c:\windows\system32\dllcache\dpvacm.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 53520 c:\windows\system32\dllcache\dpserial.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 61952 c:\windows\system32\dllcache\dpnwsock.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 18432 c:\windows\system32\dllcache\dpnsvr.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 62464 c:\windows\system32\dllcache\dpnmodem.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 60928 c:\windows\system32\dllcache\dpnhupnp.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 35328 c:\windows\system32\dllcache\dpnhpast.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 23552 c:\windows\system32\dllcache\dpmodemx.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 30208 c:\windows\system32\dllcache\dplaysvr.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 33040 c:\windows\system32\dllcache\dplay.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 96768 c:\windows\system32\dllcache\dpcdll.dll
+ 2004-08-03 23:51 . 2004-08-03 23:51 53840 c:\windows\system32\dllcache\dosx.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 10752 c:\windows\system32\dllcache\doskey.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 48128 c:\windows\system32\dllcache\docprop2.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 46080 c:\windows\system32\dllcache\docprop.dll
+ 2004-08-04 00:56 . 2007-07-24 20:11 52224 c:\windows\system32\dllcache\dmutil.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 82432 c:\windows\system32\dllcache\dmscript.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 15872 c:\windows\system32\dllcache\dmremote.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 19456 c:\windows\system32\dllcache\dmocx.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 35840 c:\windows\system32\dllcache\dmloader.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 18432 c:\windows\system32\dllcache\dmintf.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 61440 c:\windows\system32\dllcache\dmcompos.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 28672 c:\windows\system32\dllcache\dmband.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 28672 c:\windows\system32\dllcache\dispex.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 17920 c:\windows\system32\dllcache\diskperf.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 44032 c:\windows\system32\dllcache\dimap.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 68608 c:\windows\system32\dllcache\digest.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 85504 c:\windows\system32\dllcache\diantz.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 74240 c:\windows\system32\dllcache\dhcpsapi.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 28672 c:\windows\system32\dllcache\dfsshlex.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 38912 c:\windows\system32\dllcache\dfrgsnap.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 51200 c:\windows\system32\dllcache\dfrgres.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 82432 c:\windows\system32\dllcache\dfrgfat.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 59904 c:\windows\system32\dllcache\devenum.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 18432 c:\windows\system32\dllcache\deskperf.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 16896 c:\windows\system32\dllcache\deskmon.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 16384 c:\windows\system32\dllcache\deskadp.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 25088 c:\windows\system32\dllcache\defrag.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 20634 c:\windows\system32\dllcache\debug.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 27136 c:\windows\system32\dllcache\ddrawex.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 39424 c:\windows\system32\dllcache\ddeml.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 47616 c:\windows\system32\dllcache\d3dxof.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 34816 c:\windows\system32\dllcache\d3dpmesh.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 27200 c:\windows\system32\dllcache\ctl3dv2.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 27136 c:\windows\system32\dllcache\ctl3d32.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 15360 c:\windows\system32\dllcache\ctfmon.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 73728 c:\windows\system32\dllcache\csseqchk.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 98304 c:\windows\system32\dllcache\cscript.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 53760 c:\windows\system32\dllcache\cryptext.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 74752 c:\windows\system32\dllcache\cryptdlg.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 27097 c:\windows\system32\dllcache\country.sys
+ 2007-07-22 13:18 . 2007-07-22 13:18 17408 c:\windows\system32\dllcache\corpol.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 66560 c:\windows\system32\dllcache\console.dll
+ 2009-04-16 16:27 . 2007-07-22 13:13 97792 c:\windows\system32\dllcache\comrepl.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 30160 c:\windows\system32\dllcache\compobj.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 17408 c:\windows\system32\dllcache\compact.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 15872 c:\windows\system32\dllcache\comp.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 32816 c:\windows\system32\dllcache\commdlg.dll
+ 2009-04-16 16:27 . 2001-08-23 14:00 25600 c:\windows\system32\dllcache\comaddin.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 10752 c:\windows\system32\dllcache\clb.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 56320 c:\windows\system32\dllcache\cipher.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 11264 c:\windows\system32\dllcache\chkntfs.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 11776 c:\windows\system32\dllcache\chkdsk.exe
+ 2009-04-16 16:27 . 2001-08-23 14:00 80384 c:\windows\system32\dllcache\charmap.exe
+ 2009-04-16 16:27 . 2004-08-04 01:56 38912 c:\windows\system32\dllcache\cfgbkend.dll
+ 2009-04-16 16:27 . 2001-08-23 14:00 15872 c:\windows\system32\dllcache\cdmodem.dll
+ 2007-07-22 13:13 . 2008-10-16 21:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 2009-04-16 16:27 . 2004-08-04 01:56 85504 c:\windows\system32\dllcache\catsrvps.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 50688 c:\windows\system32\dllcache\camocx.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 18432 c:\windows\system32\dllcache\cacls.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 50688 c:\windows\system32\dllcache\btpanui.dll
+ 2004-08-04 01:56 . 2004-08-04 00:56 30208 c:\windows\system32\dllcache\bthserv.dll
+ 2004-08-04 01:56 . 2004-08-04 00:56 20992 c:\windows\system32\dllcache\bthci.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 78336 c:\windows\system32\dllcache\browsewm.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 12288 c:\windows\system32\dllcache\bootvid.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 17408 c:\windows\system32\dllcache\bidispl.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 64000 c:\windows\system32\dllcache\avicap32.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 69584 c:\windows\system32\dllcache\avicap.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 11264 c:\windows\system32\dllcache\autolfn.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 80384 c:\windows\system32\dllcache\autodisc.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 14336 c:\windows\system32\dllcache\auditusr.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 11264 c:\windows\system32\dllcache\attrib.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 34816 c:\windows\system32\dllcache\atmpvcno.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 30208 c:\windows\system32\dllcache\atmlib.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 11264 c:\windows\system32\dllcache\atmadm.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 13312 c:\windows\system32\dllcache\atkctrs.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 25088 c:\windows\system32\dllcache\at.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 65024 c:\windows\system32\dllcache\asycfilt.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 32768 c:\windows\system32\dllcache\asr_pfu.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 32256 c:\windows\system32\dllcache\asr_ldm.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 30208 c:\windows\system32\dllcache\asr_fmt.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 19456 c:\windows\system32\dllcache\arp.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 12498 c:\windows\system32\dllcache\append.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 70656 c:\windows\system32\dllcache\amstream.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 98304 c:\windows\system32\dllcache\ahui.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 24064 c:\windows\system32\dllcache\agtintl.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 20480 c:\windows\system32\dllcache\agt0c0a.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 20992 c:\windows\system32\dllcache\agt0816.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 19456 c:\windows\system32\dllcache\agt041d.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 20480 c:\windows\system32\dllcache\agt0416.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 19456 c:\windows\system32\dllcache\agt0414.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 20992 c:\windows\system32\dllcache\agt0413.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 20992 c:\windows\system32\dllcache\agt0410.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 21504 c:\windows\system32\dllcache\agt040c.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 19456 c:\windows\system32\dllcache\agt040b.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 19456 c:\windows\system32\dllcache\agt0409.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 21504 c:\windows\system32\dllcache\agt0407.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 19456 c:\windows\system32\dllcache\agt0406.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 44032 c:\windows\system32\dllcache\agentsr.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 24064 c:\windows\system32\dllcache\agentpsh.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 49152 c:\windows\system32\dllcache\agentmpx.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 57344 c:\windows\system32\dllcache\agentdpv.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 42496 c:\windows\system32\dllcache\agentdp2.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 24064 c:\windows\system32\dllcache\agentanm.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 68096 c:\windows\system32\dllcache\adsmsext.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 26112 c:\windows\system32\dllcache\adptif.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 71680 c:\windows\system32\dllcache\admparse.dll
+ 2009-04-16 16:28 . 2001-08-23 14:00 64512 c:\windows\system32\dllcache\acctres.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 25600 c:\windows\system32\dllcache\aaaamon.dll
+ 2009-04-17 09:19 . 2001-08-23 14:00 2176 c:\windows\system32\dllcache\vga.drv
+ 2009-04-17 09:19 . 2001-08-23 14:00 9008 c:\windows\system32\dllcache\ver.dll
+ 2009-04-17 09:19 . 2001-08-23 14:00 4048 c:\windows\system32\dllcache\timer.drv
+ 2009-04-17 09:19 . 2001-08-23 14:00 3360 c:\windows\system32\dllcache\system.drv
+ 2009-04-17 09:19 . 2001-08-23 14:00 1744 c:\windows\system32\dllcache\sound.drv
+ 2009-04-17 09:19 . 2001-08-23 14:00 5120 c:\windows\system32\dllcache\shell.dll
+ 2009-04-17 09:19 . 2001-08-23 14:00 2032 c:\windows\system32\dllcache\mouse.drv
+ 2001-08-23 14:00 . 2001-08-23 14:00 7680 c:\windows\system32\dllcache\mciole32.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 8192 c:\windows\system32\dllcache\mciole16.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 4608 c:\windows\system32\dllcache\mchgrcoi.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 8192 c:\windows\system32\dllcache\mag_hook.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 9936 c:\windows\system32\dllcache\lzexpand.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 9216 c:\windows\system32\dllcache\lprmonui.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 8192 c:\windows\system32\dllcache\lpr.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 6144 c:\windows\system32\dllcache\lpq.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 5120 c:\windows\system32\dllcache\lodctr.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 9728 c:\windows\system32\dllcache\label.exe
+ 2009-04-16 22:06 . 2004-08-04 07:56 4096 c:\windows\system32\dllcache\ksuser.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 2000 c:\windows\system32\dllcache\keyboard.drv
+ 2001-08-23 14:00 . 2001-08-23 14:00 7040 c:\windows\system32\dllcache\kdcom.dll
+ 2004-08-03 23:59 . 2004-08-03 23:59 7424 c:\windows\system32\dllcache\kd1394.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 6144 c:\windows\system32\dllcache\kbdusx.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 6144 c:\windows\system32\dllcache\kbdusr.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 6144 c:\windows\system32\dllcache\kbdusl.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 5632 c:\windows\system32\dllcache\kbdus.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 7168 c:\windows\system32\dllcache\kbdukx.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 5632 c:\windows\system32\dllcache\kbduk.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 5120 c:\windows\system32\dllcache\kbddv.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 7680 c:\windows\system32\dllcache\kbdcan.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 4096 c:\windows\system32\dllcache\iprtprio.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 3584 c:\windows\system32\dllcache\iprop.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 9216 c:\windows\system32\dllcache\iissuba.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 8192 c:\windows\system32\dllcache\igmpagnt.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 3584 c:\windows\system32\dllcache\icmp.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 7680 c:\windows\system32\dllcache\hostname.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 4768 c:\windows\system32\dllcache\himem.sys
+ 2004-08-04 01:56 . 2004-08-04 01:56 7168 c:\windows\system32\dllcache\hccoin.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 9728 c:\windows\system32\dllcache\gpkrsrc.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 9344 c:\windows\system32\dllcache\framebuf.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 7168 c:\windows\system32\dllcache\forcedos.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 3072 c:\windows\system32\dllcache\fixmapi.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 9216 c:\windows\system32\dllcache\finger.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 9216 c:\windows\system32\dllcache\find.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 8424 c:\windows\system32\dllcache\exe2bin.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 8704 c:\windows\system32\dllcache\eventvwr.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 4096 c:\windows\system32\dllcache\dsprpres.dll
+ 2004-07-17 12:36 . 2004-07-17 12:36 4656 c:\windows\system32\dllcache\ds16gt.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 3584 c:\windows\system32\dllcache\dpnlobby.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 3584 c:\windows\system32\dllcache\dpnaddr.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 4608 c:\windows\system32\dllcache\dllhst3g.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 5120 c:\windows\system32\dllcache\dllhost.exe
+ 2009-04-16 16:27 . 2001-08-23 14:00 5120 c:\windows\system32\dllcache\dcomcnfg.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 8704 c:\windows\system32\dllcache\dciman32.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 8192 c:\windows\system32\dllcache\d3d8thk.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 8192 c:\windows\system32\dllcache\control.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 3584 c:\windows\system32\dllcache\comcat.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 7680 c:\windows\system32\dllcache\ckcnv.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 5120 c:\windows\system32\dllcache\bootvrfy.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 4608 c:\windows\system32\dllcache\bootok.exe
+ 2009-04-16 16:28 . 2007-07-22 13:31 7168 c:\windows\system32\dllcache\bitsprx3.dll
+ 2009-04-16 16:28 . 2007-07-22 13:31 8192 c:\windows\system32\dllcache\bitsprx2.dll
+ 2009-04-17 09:19 . 2004-08-04 01:56 8704 c:\windows\system32\dllcache\batt.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 7168 c:\windows\system32\dllcache\asferror.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 9029 c:\windows\system32\dllcache\ansi.sys
+ 2004-08-04 01:56 . 2004-08-04 01:56 4096 c:\windows\system32\dllcache\actmovie.exe
+ 2009-08-17 09:11 . 2009-08-17 09:10 149280 c:\windows\system32\javaws.exe
+ 2009-08-17 09:11 . 2009-08-17 09:10 145184 c:\windows\system32\javaw.exe
+ 2009-08-17 09:11 . 2009-08-17 09:10 145184 c:\windows\system32\java.exe
+ 2009-04-17 09:19 . 2004-08-04 01:56 146432 c:\windows\system32\dllcache\winspool.drv
+ 2004-08-04 01:56 . 2004-08-04 01:56 283648 c:\windows\system32\dllcache\winhlp32.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 256192 c:\windows\system32\dllcache\winhelp.exe
+ 2007-07-22 13:18 . 2007-07-22 13:18 315904 c:\windows\system32\dllcache\unregmp2.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 146432 c:\windows\system32\dllcache\regedit.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 102400 c:\windows\system32\dllcache\pchshell.dll
+ 2009-04-17 09:19 . 2001-08-23 14:00 126912 c:\windows\system32\dllcache\msvideo.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 153600 c:\windows\system32\dllcache\modemui.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 119808 c:\windows\system32\dllcache\mmutilse.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 163328 c:\windows\system32\dllcache\mmcbase.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 673088 c:\windows\system32\dllcache\mlang.dat
+ 2007-07-22 13:14 . 2007-07-22 13:14 981760 c:\windows\system32\dllcache\mfc42u.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 927504 c:\windows\system32\dllcache\mfc40u.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 924432 c:\windows\system32\dllcache\mfc40.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 362496 c:\windows\system32\dllcache\metal_ss.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 118272 c:\windows\system32\dllcache\mdminst.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 514560 c:\windows\system32\dllcache\logonui.exe
+ 2007-07-22 13:18 . 2007-07-22 13:18 100864 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 221696 c:\windows\system32\dllcache\localsec.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 399872 c:\windows\system32\dllcache\lmrt.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 423936 c:\windows\system32\dllcache\licdll.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 150528 c:\windows\system32\dllcache\keymgr.dll
+ 2007-07-22 13:31 . 2007-07-22 13:31 450560 c:\windows\system32\dllcache\jscript.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 362496 c:\windows\system32\dllcache\jet500.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 198616 c:\windows\system32\dllcache\iuengine.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 137216 c:\windows\system32\dllcache\itss.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 155136 c:\windows\system32\dllcache\itircl.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 384000 c:\windows\system32\dllcache\ipsmsnap.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 349696 c:\windows\system32\dllcache\ipsecsnp.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 169984 c:\windows\system32\dllcache\iprtrmgr.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 330752 c:\windows\system32\dllcache\ippromon.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 154112 c:\windows\system32\dllcache\ipmontr.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 123392 c:\windows\system32\dllcache\input.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 147456 c:\windows\system32\dllcache\initpki.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 110592 c:\windows\system32\dllcache\inetcplc.dll
+ 2009-04-16 16:28 . 2007-07-22 13:14 683520 c:\windows\system32\dllcache\inetcomm.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 135680 c:\windows\system32\dllcache\ifmon.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 114688 c:\windows\system32\dllcache\iexpress.exe
+ 2007-07-22 13:14 . 2007-07-22 13:14 191488 c:\windows\system32\dllcache\iepeers.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 384512 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 254976 c:\windows\system32\dllcache\icm32.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 247808 c:\windows\system32\dllcache\iassdo.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 141312 c:\windows\system32\dllcache\iasrecst.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 119808 c:\windows\system32\dllcache\iasrad.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 144896 c:\windows\system32\dllcache\hotplug.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 362496 c:\windows\system32\dllcache\home_ss.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 330752 c:\windows\system32\dllcache\hnetwiz.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 198656 c:\windows\system32\dllcache\gptext.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 119808 c:\windows\system32\dllcache\gprslt.exe
+ 2004-08-03 23:31 . 2004-08-03 23:31 101888 c:\windows\system32\dllcache\gpkcsp.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 566784 c:\windows\system32\dllcache\gpedit.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 122880 c:\windows\system32\dllcache\glu32.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 285184 c:\windows\system32\dllcache\glmf32.dll
+ 2009-04-16 16:27 . 2001-08-23 14:00 605696 c:\windows\system32\dllcache\getuname.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 176128 c:\windows\system32\dllcache\ftsrch.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 193024 c:\windows\system32\dllcache\fsquirt.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 382976 c:\windows\system32\dllcache\fontext.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 337920 c:\windows\system32\dllcache\filemgmt.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 117760 c:\windows\system32\dllcache\fde.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 121856 c:\windows\system32\dllcache\exts.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 132608 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 380957 c:\windows\system32\dllcache\expsrv.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 186368 c:\windows\system32\dllcache\encdec.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 183296 c:\windows\system32\dllcache\els.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 346624 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 498742 c:\windows\system32\dllcache\dxmasf.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 619008 c:\windows\system32\dllcache\dx7vb.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 113152 c:\windows\system32\dllcache\dsuiext.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 239104 c:\windows\system32\dllcache\dsquery.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 142336 c:\windows\system32\dllcache\dsprop.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 144384 c:\windows\system32\dllcache\dskquoui.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 181760 c:\windows\system32\dllcache\dsdmo.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 991744 c:\windows\system32\dllcache\drmv2clt.dll
+ 2004-08-04 01:57 . 2004-08-04 01:57 299520 c:\windows\system32\dllcache\drmclien.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 116736 c:\windows\system32\dllcache\dpvvox.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 212480 c:\windows\system32\dllcache\dpvoice.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 375296 c:\windows\system32\dllcache\dpnet.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 229888 c:\windows\system32\dllcache\dplayx.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 104448 c:\windows\system32\dllcache\dmusic.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 103424 c:\windows\system32\dllcache\dmsynth.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 105984 c:\windows\system32\dllcache\dmstyle.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 181248 c:\windows\system32\dllcache\dmime.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 118784 c:\windows\system32\dllcache\dmdskres.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 200704 c:\windows\system32\dllcache\dmdskmgr.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 273920 c:\windows\system32\dllcache\dmdlgs.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 330752 c:\windows\system32\dllcache\dmconfig.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 224768 c:\windows\system32\dllcache\dmadmin.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 163840 c:\windows\system32\dllcache\diskpart.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 181760 c:\windows\system32\dllcache\dinput8.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 159232 c:\windows\system32\dllcache\dinput.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 394240 c:\windows\system32\dllcache\diactfrm.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 370176 c:\windows\system32\dllcache\dhcpmon.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 111104 c:\windows\system32\dllcache\dgnet.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 123904 c:\windows\system32\dllcache\dfrgui.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 104960 c:\windows\system32\dllcache\dfrgntfs.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 282624 c:\windows\system32\dllcache\devmgr.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 266240 c:\windows\system32\dllcache\ddraw.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 110592 c:\windows\system32\dllcache\dbnetlib.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 152064 c:\windows\system32\dllcache\datime.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 350208 c:\windows\system32\dllcache\d3drm.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 590336 c:\windows\system32\dllcache\d3dramp.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 825344 c:\windows\system32\dllcache\d3dim700.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 436224 c:\windows\system32\dllcache\d3dim.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 149019 c:\windows\system32\dllcache\crtdll.dll
+ 2009-04-16 16:27 . 2007-07-22 13:13 539648 c:\windows\system32\dllcache\comuid.dll
+ 2009-04-16 16:27 . 2001-08-23 14:00 147456 c:\windows\system32\dllcache\comsnap.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 229376 c:\windows\system32\dllcache\compstui.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 252928 c:\windows\system32\dllcache\compatui.dll
+ 2009-04-16 16:26 . 2004-08-04 01:56 185344 c:\windows\system32\dllcache\cmprops.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 388608 c:\windows\system32\dllcache\cmd.exe
+ 2009-04-16 16:27 . 2007-07-22 13:13 110080 c:\windows\system32\dllcache\clbcatex.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 148480 c:\windows\system32\dllcache\cic.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 229376 c:\windows\system32\dllcache\cewmdm.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 457728 c:\windows\system32\dllcache\certmgr.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 142848 c:\windows\system32\dllcache\capesnpn.dll
+ 2009-04-16 16:27 . 2001-08-23 14:00 114688 c:\windows\system32\dllcache\calc.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 136704 c:\windows\system32\dllcache\bootcfg.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 361472 c:\windows\system32\dllcache\blue_ss.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 542720 c:\windows\system32\dllcache\blackbox.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 109456 c:\windows\system32\dllcache\avifile.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 580608 c:\windows\system32\dllcache\autofmt.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 588800 c:\windows\system32\dllcache\autochk.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 295936 c:\windows\system32\dllcache\appmgr.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 256512 c:\windows\system32\dllcache\agentsvr.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 214016 c:\windows\system32\dllcache\agentctl.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 109568 c:\windows\system32\dllcache\adsnw.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 263680 c:\windows\system32\dllcache\adsnt.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 161792 c:\windows\system32\dllcache\adsnds.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 175616 c:\windows\system32\dllcache\adsldp.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 116224 c:\windows\system32\dllcache\acxtrnal.dll
+ 2007-07-22 13:31 . 2007-07-22 13:31 245248 c:\windows\system32\dllcache\acspecfc.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 114688 c:\windows\system32\dllcache\aclui.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 141312 c:\windows\system32\dllcache\aclua.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 129536 c:\windows\system32\dllcache\acledit.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 450048 c:\windows\system32\dllcache\aclayers.dll
+ 2009-04-16 16:27 . 2004-08-04 01:56 183808 c:\windows\system32\dllcache\accwiz.exe
+ 2007-07-22 13:13 . 2007-07-22 13:13 100352 c:\windows\system32\dllcache\6to4svc.dll
+ 2009-01-18 23:05 . 2009-01-18 23:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 1913344 c:\windows\system32\dllcache\mmcndmgr.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 1354752 c:\windows\system32\dllcache\mmc.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 1114896 c:\windows\system32\dllcache\esent97.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 2113536 c:\windows\system32\dllcache\dxdiagn.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 1298432 c:\windows\system32\dllcache\dxdiag.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 1227264 c:\windows\system32\dllcache\dx8vb.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 1294336 c:\windows\system32\dllcache\dsound3d.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 1501696 c:\windows\system32\dllcache\diskcopy.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 1054208 c:\windows\system32\dllcache\danim.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 1689088 c:\windows\system32\dllcache\d3d9.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 1179648 c:\windows\system32\dllcache\d3d8.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 2068480 c:\windows\system32\dllcache\cdosys.dll
+ 2009-08-17 09:10 . 2009-08-17 09:10 1757696 c:\windows\Installer\3d570.msi
+ 2009-08-17 09:03 . 2009-08-17 09:03 1697792 c:\windows\Installer\3d56c.msp
+ 2009-08-17 09:04 . 2009-08-17 09:04 6653952 c:\windows\Installer\3d55e.msp
+ 2009-08-17 09:03 . 2009-08-17 09:03 2150400 c:\windows\Installer\3d53a.msp
+ 2009-08-17 09:06 . 2009-08-17 09:06 3938816 c:\windows\Installer\3d52c.msi
+ 2008-12-18 23:48 . 2008-12-18 23:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll
+ 2009-02-27 23:37 . 2009-02-27 23:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-27 17567744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-07-22 124928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Linksys Wireless Network Monitor.lnk - c:\program files\Linksys\WUSBF54G\wlMonitor.exe [2009-6-14 3205632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/16/2009 3:36 AM 108289]
R2 NICSer_WUSBF54G;NICSer_WUSBF54G;c:\program files\Linksys\WUSBF54G\NICServ.exe [6/14/2009 1:06 PM 529920]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [6/9/2009 1:47 AM 40576]
R3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [5/5/2009 9:18 AM 219648]
R3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [5/5/2009 9:19 AM 475264]
R3 ZD1211U(Linksys);Linksys Wireless-G USB Network Adapter Driver(Linksys);c:\windows\system32\drivers\ZD1211U.sys [6/14/2009 1:06 PM 278528]
S2 FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;c:\docume~1\JOHNDO~1\LOCALS~1\Temp\IXP001.TMP\FAH.exe -svcstart --> c:\docume~1\JOHNDO~1\LOCALS~1\Temp\IXP001.TMP\FAH.exe -svcstart [?]
S2 gupdate1c9bf8863d9adfc;Google Update Service (gupdate1c9bf8863d9adfc);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 11:14 AM 133104]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/3/2004 6:56 PM 14336]
beani
2009-08-20, 20:24
--- Other Services/Drivers In Memory ---

*NewlyCreated* - BEEP

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 18:14]

2009-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 18:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\g8ttv7fh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - plugin: c:\documents and settings\John Doe\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\John Doe\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 23:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-725345543-73586283-2147019285-1001\Software\SecuROM\License information*]
"datasecu"=hex:d6,69,a9,ab,f9,d8,98,45,66,82,74,9d,ad,9f,a8,42,86,c8,5b,16,9d,
dc,32,d7,a3,87,86,f8,ef,84,28,4c,1b,c0,de,e2,89,80,2b,f8,8a,ec,a7,a0,1c,d8,\
"rkeysecu"=hex:69,47,ec,71,f6,de,af,cf,2b,90,e4,90,fe,0e,c4,20
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3164)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2009-08-20 23:13
ComboFix-quarantined-files.txt 2009-08-20 06:13
ComboFix2.txt 2009-08-16 08:16

Pre-Run: 99,018,489,856 bytes free
Post-Run: 98,982,486,016 bytes free

724
beani
2009-08-20, 20:29
DDS (Ver_09-07-30.01) - NTFSx86
Run by John Doe at 23:21:11.14 on Wed 08/19/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.564 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\WUSBF54G\NICServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
K:\Security\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\linksy~1.lnk - c:\program files\linksys\wusbf54g\wlMonitor.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\johndo~1\applic~1\mozilla\firefox\profiles\g8ttv7fh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - plugin: c:\documents and settings\john doe\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\john doe\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-16 11608]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-8-16 353672]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-16 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-16 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-16 55656]
R2 NICSer_WUSBF54G;NICSer_WUSBF54G;c:\program files\linksys\wusbf54g\NICServ.exe [2009-6-14 529920]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2009-6-9 40576]
R3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [2009-5-5 219648]
R3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [2009-5-5 475264]
R3 ZD1211U(Linksys);Linksys Wireless-G USB Network Adapter Driver(Linksys);c:\windows\system32\drivers\ZD1211U.sys [2009-6-14 278528]
S2 FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;c:\docume~1\johndo~1\locals~1\temp\ixp001.tmp\fah.exe -svcstart --> c:\docume~1\johndo~1\locals~1\temp\ixp001.tmp\FAH.exe -svcstart [?]
S2 gupdate1c9bf8863d9adfc;Google Update Service (gupdate1c9bf8863d9adfc);c:\program files\google\update\GoogleUpdate.exe [2009-4-17 133104]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-3 14336]

=============== Created Last 30 ================

2009-08-19 23:06 <DIR> --ds---- C:\ComboFix
2009-08-19 22:42 4,224 a------- c:\windows\system32\drivers\beep.sys
2009-08-19 22:42 4,224 a------- c:\windows\system32\dllcache\beep.sys
2009-08-19 10:42 435,200 a------- c:\windows\system32\ntmssvc.dll
2009-08-19 10:42 435,200 a------- c:\windows\system32\dllcache\ntmssvc.dll
2009-08-19 10:42 33,792 a------- c:\windows\system32\msgsvc.dll
2009-08-19 10:42 33,792 a------- c:\windows\system32\dllcache\msgsvc.dll
2009-08-19 10:42 13,824 a------- c:\windows\system32\wscntfy.exe
2009-08-19 10:42 13,824 a------- c:\windows\system32\dllcache\wscntfy.exe
2009-08-18 11:59 <DIR> a-dshr-- C:\autorun.inf
2009-08-17 02:11 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-17 01:53 <DIR> --d----- c:\windows\system32\appmgmt
2009-08-17 01:42 <DIR> a-dshr-- C:\cmdcons
2009-08-16 03:46 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-08-16 03:46 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-08-16 03:46 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-08-16 03:46 <DIR> --d----- c:\program files\Zone Labs
2009-08-16 03:46 350,192 a------- c:\windows\system32\vsconfig.xml
2009-08-16 03:45 <DIR> --d----- c:\windows\Internet Logs
2009-08-16 03:36 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-16 03:36 <DIR> --d----- c:\program files\Avira
2009-08-16 03:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-08-16 01:15 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-08-16 01:13 <DIR> --d----- c:\windows\system32\wbem\snmp
2009-08-16 01:13 <DIR> --d----- c:\windows\system32\xircom
2009-08-16 01:13 <DIR> --d----- c:\windows\system32\ime
2009-08-16 01:13 <DIR> --d----- c:\windows\srchasst
2009-08-16 01:13 <DIR> --d----- c:\program files\msn gaming zone
2009-08-16 01:13 <DIR> --d----- c:\program files\common files\speechengines
2009-08-16 01:04 228,864 a------- c:\windows\PEV.exe
2009-08-16 01:04 161,792 a------- c:\windows\SWREG.exe
2009-08-16 01:04 98,816 a------- c:\windows\sed.exe
2009-08-11 12:12 1,334 a------- c:\windows\wininit.ini
2009-08-09 00:28 <DIR> --d----- c:\program files\IZArc
2009-08-07 23:11 <DIR> --d----- C:\ILLUSION
2009-08-07 23:02 <DIR> --d----- c:\windows\system32\URTTemp
2009-07-24 02:32 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-07-24 02:21 <DIR> --d----- c:\windows\system32\DirectX
2009-07-24 02:21 <DIR> --d----- c:\windows\Logs
2009-07-24 02:21 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-07-24 02:21 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-07-24 02:00 <DIR> --d----- c:\program files\Deep Silver
2009-07-24 02:00 <DIR> --d----- c:\windows\system32\AGEIA
2009-07-24 01:59 <DIR> --d----- c:\docume~1\johndo~1\applic~1\DAEMON Tools Pro
2009-07-24 01:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-07-24 01:04 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-07-24 01:04 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-07-24 01:01 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-07-24 01:01 <DIR> --d----- c:\docume~1\johndo~1\applic~1\DAEMON Tools Lite
2009-07-23 03:46 67 a------- c:\windows\lz_scm.ini
2009-07-22 11:00 97,792 a------- c:\windows\system32\drivers\ACEDRV05.sys
2009-07-22 10:44 221,184 a------- c:\windows\system32\wmpns.dll
2009-07-21 09:13 <DIR> --d----- c:\program files\Ascaron Entertainment

==================== Find3M ====================

2009-08-17 02:10 411,368 ac------ c:\windows\system32\deploytk.dll
2009-07-25 08:21 98,304 a------- c:\windows\DUMP76e5.tmp
2009-07-01 17:55 90,112 ac------ c:\windows\DUMP853d.tmp
2009-06-27 08:14 2,048 a------- c:\windows\system32\Tr_sttool.dat
2009-06-06 09:38 692,224 ac------ c:\windows\system32\bsrmgcv.dll
2009-06-06 09:38 192,512 ac------ c:\windows\system32\bsrmgps.dll
2009-06-06 09:38 585,728 ac------ c:\windows\system32\bsratswf.dll
2009-06-06 09:38 147,456 ac------ c:\windows\system32\bsratwmv.dll

============= FINISH: 23:21:34.04 ===============
beani
2009-08-20, 20:31
replace reg.svc? re-run combofix?:confused:
Blade81
2009-08-20, 21:55
Hi,

Yes, looks like there's probably one more file missing.

Please run SystemLook like you did earlier by having following instructions set in:

:filefind
regsvc.dll

Post back the results.
beani
2009-08-21, 01:09
okay, ran systemlook, no files found, replaced from a different p/c again...

SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 03:36 on 20/08/2009 by John Doe (Administrator - Elevation successful)

========== filefind ==========

Searching for "regsvc.dll"
C:\WINDOWS\system32\dllcache\regsvc.dll --a--- 59904 bytes [10:36 20/08/2009] [07:56 04/08/2004] 3151427DB7D87107D1C5BE58FAC53960
C:\WINDOWS\system32\regsvc.dll --a--- 59904 bytes [10:36 20/08/2009] [07:56 04/08/2004] 3151427DB7D87107D1C5BE58FAC53960

-=End Of File=-


and here is a new combofix report:

ComboFix 09-08-19.0C - John Doe 08/20/2009 3:38.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.556 [GMT -7:00]
Running from: k:\security\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.

2009-08-20 10:36 . 2004-08-04 07:56 59904 ----a-w- c:\windows\system32\regsvc.dll
2009-08-20 10:36 . 2004-08-04 07:56 59904 ----a-w- c:\windows\system32\dllcache\regsvc.dll
2009-08-20 05:42 . 2002-08-29 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-20 05:42 . 2002-08-29 12:00 4224 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-08-19 17:42 . 2004-08-04 07:56 13824 ----a-w- c:\windows\system32\wscntfy.exe
2009-08-19 17:42 . 2004-08-04 07:56 13824 ----a-w- c:\windows\system32\dllcache\wscntfy.exe
2009-08-19 17:42 . 2004-08-04 07:56 435200 ----a-w- c:\windows\system32\ntmssvc.dll
2009-08-19 17:42 . 2004-08-04 07:56 435200 ----a-w- c:\windows\system32\dllcache\ntmssvc.dll
2009-08-19 17:42 . 2004-08-04 07:56 33792 ----a-w- c:\windows\system32\msgsvc.dll
2009-08-19 17:42 . 2004-08-04 07:56 33792 ----a-w- c:\windows\system32\dllcache\msgsvc.dll
2009-08-17 09:14 . 2009-08-17 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-17 09:14 . 2009-08-17 09:14 -------- d-----w- c:\program files\NOS
2009-08-17 09:14 . 2009-08-07 19:44 30400 ----a-w- c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\g8ttv7fh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-08-17 09:14 . 2009-08-07 19:44 22848 ----a-w- c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\g8ttv7fh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-08-17 09:14 . 2009-08-07 19:44 19792 ----a-w- c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\g8ttv7fh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-08-17 09:10 . 2009-08-17 09:10 -------- d-----w- c:\program files\Java
2009-08-16 10:46 . 2009-08-16 10:46 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-16 10:46 . 2009-02-16 07:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-08-16 10:46 . 2009-02-16 07:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-08-16 10:46 . 2009-08-16 10:46 -------- d-----w- c:\windows\system32\ZoneLabs
2009-08-16 10:46 . 2009-08-16 10:46 -------- d-----w- c:\program files\Zone Labs
2009-08-16 10:46 . 2009-02-16 07:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-08-16 10:45 . 2009-08-20 10:34 -------- d-----w- c:\windows\Internet Logs
2009-08-16 10:36 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-16 10:36 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-16 10:36 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-16 10:36 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-16 10:36 . 2009-08-16 10:36 -------- d-----w- c:\program files\Avira
2009-08-16 10:36 . 2009-08-16 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\system32\wbem\snmp
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\system32\xircom
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\srchasst
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\program files\microsoft frontpage
2009-08-09 07:28 . 2009-08-09 07:29 -------- d-----w- c:\program files\IZArc
2009-08-08 06:11 . 2009-08-08 12:08 -------- d-----w- C:\ILLUSION
2009-08-08 06:02 . 2009-08-08 06:04 -------- d-----w- c:\windows\system32\URTTemp
2009-07-24 09:48 . 2009-07-24 09:48 -------- d-----w- c:\documents and settings\John Doe\Local Settings\Application Data\Ascaron Entertainment
2009-07-24 09:32 . 2009-07-24 09:32 -------- d--h--r- c:\documents and settings\John Doe\Application Data\SecuROM
2009-07-24 09:32 . 2009-07-24 09:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-24 09:21 . 2009-07-24 09:21 -------- d-----w- c:\windows\Logs
2009-07-24 09:21 . 2009-07-24 09:21 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-24 09:21 . 2009-07-24 09:21 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\program files\Deep Silver
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\windows\system32\AGEIA
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-24 08:59 . 2009-07-24 08:59 -------- d-----w- c:\documents and settings\John Doe\Application Data\DAEMON Tools Pro
2009-07-24 08:05 . 2009-07-24 08:05 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-07-24 08:04 . 2009-07-24 08:04 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-24 08:04 . 2009-07-24 08:04 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-24 08:01 . 2009-07-24 08:01 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-24 08:01 . 2009-07-24 08:05 -------- d-----w- c:\documents and settings\John Doe\Application Data\DAEMON Tools Lite
2009-07-22 18:00 . 2009-07-22 18:00 97792 ----a-w- c:\windows\system32\drivers\ACEDRV05.sys
2009-07-22 17:47 . 2009-07-22 17:47 -------- d-----w- c:\documents and settings\Karma\Local Settings\Application Data\Mozilla
2009-07-21 16:13 . 2009-07-21 16:13 -------- d-----w- c:\program files\Ascaron Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 17:50 . 2009-08-19 17:50 562297 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-08-17 09:10 . 2009-04-18 17:35 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-08-17 09:06 . 2009-04-16 21:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-16 10:09 . 2009-06-09 10:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-13 07:52 . 2009-05-19 16:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-08 12:08 . 2009-04-16 22:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 10:55 . 2009-04-21 21:22 10808 ----a-w- c:\documents and settings\John Doe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-25 15:21 . 2009-04-17 09:15 98304 ----a-w- c:\windows\DUMP76e5.tmp
2009-07-24 09:00 . 2009-04-16 22:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 17:47 . 2009-04-17 19:36 -------- d-----w- c:\documents and settings\John Doe\Application Data\Move Networks
2009-07-12 17:47 . 2009-05-14 17:42 127872 ----a-w- c:\documents and settings\John Doe\Application Data\Move Networks\uninstall.exe
2009-07-12 17:47 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\John Doe\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-07-12 17:47 . 2009-07-12 17:47 1685856 ----a-w- c:\documents and settings\John Doe\Application Data\Move Networks\MoveMediaPlayerWinSilent_071503000010.exe
2009-07-02 00:55 . 2009-04-17 09:15 90112 -c--a-w- c:\windows\DUMP853d.tmp
2009-06-27 15:14 . 2009-06-06 16:38 2048 ----a-w- c:\windows\system32\Tr_sttool.dat
2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\documents and settings\John Doe\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-09 08:47 . 2009-06-09 08:47 40576 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
2009-06-06 16:38 . 2009-06-06 16:38 692224 -c--a-w- c:\windows\system32\bsrmgcv.dll
2009-06-06 16:38 . 2009-06-06 16:38 192512 -c--a-w- c:\windows\system32\bsrmgps.dll
2009-06-06 16:38 . 2009-06-06 16:38 585728 -c--a-w- c:\windows\system32\bsratswf.dll
2009-06-06 16:38 . 2009-06-06 16:38 147456 -c--a-w- c:\windows\system32\bsratwmv.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2007-07-24 20:09 360704 A11391BE25035570AE4B8970920F2C74 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot_2009-08-20_06.12.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-20 07:08 . 2009-08-20 07:08 16384 c:\windows\Temp\Perflib_Perfdata_4ec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-27 17567744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-07-22 124928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Linksys Wireless Network Monitor.lnk - c:\program files\Linksys\WUSBF54G\wlMonitor.exe [2009-6-14 3205632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/16/2009 3:36 AM 108289]
R2 NICSer_WUSBF54G;NICSer_WUSBF54G;c:\program files\Linksys\WUSBF54G\NICServ.exe [6/14/2009 1:06 PM 529920]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [6/9/2009 1:47 AM 40576]
R3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [5/5/2009 9:18 AM 219648]
R3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [5/5/2009 9:19 AM 475264]
R3 ZD1211U(Linksys);Linksys Wireless-G USB Network Adapter Driver(Linksys);c:\windows\system32\drivers\ZD1211U.sys [6/14/2009 1:06 PM 278528]
S2 FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;c:\docume~1\JOHNDO~1\LOCALS~1\Temp\IXP001.TMP\FAH.exe -svcstart --> c:\docume~1\JOHNDO~1\LOCALS~1\Temp\IXP001.TMP\FAH.exe -svcstart [?]
S2 gupdate1c9bf8863d9adfc;Google Update Service (gupdate1c9bf8863d9adfc);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 11:14 AM 133104]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/3/2004 6:56 PM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 18:14]

2009-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 18:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\g8ttv7fh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - plugin: c:\documents and settings\John Doe\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\John Doe\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-20 03:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-725345543-73586283-2147019285-1001\Software\SecuROM\License information*]
"datasecu"=hex:d6,69,a9,ab,f9,d8,98,45,66,82,74,9d,ad,9f,a8,42,86,c8,5b,16,9d,
dc,32,d7,a3,87,86,f8,ef,84,28,4c,1b,c0,de,e2,89,80,2b,f8,8a,ec,a7,a0,1c,d8,\
"rkeysecu"=hex:69,47,ec,71,f6,de,af,cf,2b,90,e4,90,fe,0e,c4,20
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1012)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2009-08-20 3:44
ComboFix-quarantined-files.txt 2009-08-20 10:44
ComboFix2.txt 2009-08-16 08:16

Pre-Run: 99,003,863,040 bytes free
Post-Run: 98,967,572,480 bytes free

240
beani
2009-08-21, 01:13
when running spybot, win32.tdss.rtk no longer shows up :bigthumb:

but--- found this... says spybot needs to restart in order to fix, since it's stored in memory... says that after every restart. lol

--- Report generated: 2009-08-20 03:18 ---

Win32.FraudLoad.edt: [SBI $7312D32F] Type library (Registry key, fixing failed)
HKEY_CLASSES_ROOT\TypeLib\{E24211B3-A78A-C6A9-D317-70979ACE5058}


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-06-09 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-08-18 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-08-19 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-08-04 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-08-19 Includes\Malware.sbi (*)
2009-08-19 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-08-18 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-07-30 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-08-11 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-08-19 Includes\Trojans.sbi (*)
2009-08-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Blade81
2009-08-21, 06:31
Good. No other files missing this time :D:


Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file & a fresh dds.txt log in your next reply.
beani
2009-08-21, 08:54
go-go-gadget malware death!:flame:

Malwarebytes' Anti-Malware 1.40
Database version: 2667
Windows 5.1.2600 Service Pack 2

8/20/2009 11:41:27 AM
mbam-log-2009-08-20 (11-41-27).txt

Scan type: Full Scan (C:\|K:\|)
Objects scanned: 149887
Time elapsed: 23 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\msxml71.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
beani
2009-08-21, 08:55
DDS (Ver_09-07-30.01) - NTFSx86
Run by John Doe at 11:45:56.12 on Thu 08/20/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.658 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\WUSBF54G\NICServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\John Doe\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\linksy~1.lnk - c:\program files\linksys\wusbf54g\wlMonitor.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\johndo~1\applic~1\mozilla\firefox\profiles\g8ttv7fh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - plugin: c:\documents and settings\john doe\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\john doe\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-16 11608]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-8-16 353672]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-16 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-16 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-16 55656]
R2 NICSer_WUSBF54G;NICSer_WUSBF54G;c:\program files\linksys\wusbf54g\NICServ.exe [2009-6-14 529920]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2009-6-9 40576]
R3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [2009-5-5 219648]
R3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [2009-5-5 475264]
R3 ZD1211U(Linksys);Linksys Wireless-G USB Network Adapter Driver(Linksys);c:\windows\system32\drivers\ZD1211U.sys [2009-6-14 278528]
S2 FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;c:\docume~1\johndo~1\locals~1\temp\ixp001.tmp\fah.exe -svcstart --> c:\docume~1\johndo~1\locals~1\temp\ixp001.tmp\FAH.exe -svcstart [?]
S2 gupdate1c9bf8863d9adfc;Google Update Service (gupdate1c9bf8863d9adfc);c:\program files\google\update\GoogleUpdate.exe [2009-4-17 133104]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-3 14336]

=============== Created Last 30 ================

2009-08-20 11:16 <DIR> --d----- c:\docume~1\johndo~1\applic~1\Malwarebytes
2009-08-20 11:16 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 11:15 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-20 11:15 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-20 11:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-20 03:37 <DIR> --ds---- C:\ComboFix
2009-08-20 03:36 59,904 a------- c:\windows\system32\regsvc.dll
2009-08-20 03:36 59,904 a------- c:\windows\system32\dllcache\regsvc.dll
2009-08-19 22:42 4,224 a------- c:\windows\system32\drivers\beep.sys
2009-08-19 22:42 4,224 a------- c:\windows\system32\dllcache\beep.sys
2009-08-19 10:42 435,200 a------- c:\windows\system32\ntmssvc.dll
2009-08-19 10:42 435,200 a------- c:\windows\system32\dllcache\ntmssvc.dll
2009-08-19 10:42 33,792 a------- c:\windows\system32\msgsvc.dll
2009-08-19 10:42 33,792 a------- c:\windows\system32\dllcache\msgsvc.dll
2009-08-19 10:42 13,824 a------- c:\windows\system32\wscntfy.exe
2009-08-19 10:42 13,824 a------- c:\windows\system32\dllcache\wscntfy.exe
2009-08-18 11:59 <DIR> a-dshr-- C:\autorun.inf
2009-08-17 02:11 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-17 01:53 <DIR> --d----- c:\windows\system32\appmgmt
2009-08-17 01:42 <DIR> a-dshr-- C:\cmdcons
2009-08-16 03:46 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-08-16 03:46 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-08-16 03:46 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-08-16 03:46 <DIR> --d----- c:\program files\Zone Labs
2009-08-16 03:46 350,192 a------- c:\windows\system32\vsconfig.xml
2009-08-16 03:45 <DIR> --d----- c:\windows\Internet Logs
2009-08-16 03:36 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-16 03:36 <DIR> --d----- c:\program files\Avira
2009-08-16 03:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-08-16 01:15 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-08-16 01:13 <DIR> --d----- c:\windows\system32\wbem\snmp
2009-08-16 01:13 <DIR> --d----- c:\windows\system32\xircom
2009-08-16 01:13 <DIR> --d----- c:\windows\system32\ime
2009-08-16 01:13 <DIR> --d----- c:\windows\srchasst
2009-08-16 01:13 <DIR> --d----- c:\program files\msn gaming zone
2009-08-16 01:13 <DIR> --d----- c:\program files\common files\speechengines
2009-08-16 01:04 228,864 a------- c:\windows\PEV.exe
2009-08-16 01:04 161,792 a------- c:\windows\SWREG.exe
2009-08-16 01:04 98,816 a------- c:\windows\sed.exe
2009-08-11 12:12 1,334 a------- c:\windows\wininit.ini
2009-08-09 00:28 <DIR> --d----- c:\program files\IZArc
2009-08-07 23:11 <DIR> --d----- C:\ILLUSION
2009-08-07 23:02 <DIR> --d----- c:\windows\system32\URTTemp
2009-07-24 02:32 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-07-24 02:21 <DIR> --d----- c:\windows\system32\DirectX
2009-07-24 02:21 <DIR> --d----- c:\windows\Logs
2009-07-24 02:21 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-07-24 02:21 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-07-24 02:00 <DIR> --d----- c:\program files\Deep Silver
2009-07-24 02:00 <DIR> --d----- c:\windows\system32\AGEIA
2009-07-24 01:59 <DIR> --d----- c:\docume~1\johndo~1\applic~1\DAEMON Tools Pro
2009-07-24 01:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-07-24 01:04 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-07-24 01:04 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-07-24 01:01 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-07-24 01:01 <DIR> --d----- c:\docume~1\johndo~1\applic~1\DAEMON Tools Lite
2009-07-23 03:46 67 a------- c:\windows\lz_scm.ini
2009-07-22 11:00 97,792 a------- c:\windows\system32\drivers\ACEDRV05.sys
2009-07-22 10:44 221,184 a------- c:\windows\system32\wmpns.dll

==================== Find3M ====================

2009-08-17 02:10 411,368 ac------ c:\windows\system32\deploytk.dll
2009-07-25 08:21 98,304 a------- c:\windows\DUMP76e5.tmp
2009-07-01 17:55 90,112 ac------ c:\windows\DUMP853d.tmp
2009-06-27 08:14 2,048 a------- c:\windows\system32\Tr_sttool.dat
2009-06-06 09:38 692,224 ac------ c:\windows\system32\bsrmgcv.dll
2009-06-06 09:38 192,512 ac------ c:\windows\system32\bsrmgps.dll
2009-06-06 09:38 585,728 ac------ c:\windows\system32\bsratswf.dll
2009-06-06 09:38 147,456 ac------ c:\windows\system32\bsratwmv.dll

============= FINISH: 11:46:21.14 ===============
beani
2009-08-21, 09:53
Now, malwarebyte's anti malware did ask me to restart in order to remove the files. so i restarted, but nothing came back up indicating removal... ran spybot again after the reboot and nothing came back!

:bigthumb: can't thank you enough for your time Blade:halo:
Blade81
2009-08-21, 20:44
Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



Now lets uninstall ComboFix:

Click START then RUN
Now copy-paste "k:\security\ComboFix.exe" /u in the runbox and click OK


Next we remove all used tools.

Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.

Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.


hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok



Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:
beani
2009-08-22, 06:41
Yeah, everything is fine. No problems whatsoever! :laugh:

Can't thank you enough for your help! Saved me lots of headache!!!

:rockon: Blade :-)
Blade81
2009-08-22, 09:38
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.