Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 36

Thread: Infected... Please help...

  1. 2008-02-24, 23:26 #21
    newyork85
    newyork85 is offline
    Member
    Join Date
    Jan 2008
    Posts
    39

    Default

    ComboFix 08-02-25 - Cody 2008-02-24 14:14:42.3 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1110 [GMT -8:00]
    Running from: C:\Users\Cody\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
    .

    2008-02-19 11:22 . 2008-02-19 11:22 <DIR> d-------- C:\Program Files\doubleTwist
    2008-02-19 11:22 . 2008-02-19 11:22 563,712 --a------ C:\Windows\System32\Redemption.dll
    2008-02-17 17:47 . 2008-02-17 17:47 <DIR> d-------- C:\Users\Cody\AppData\Roaming\Malwarebytes
    2008-02-17 17:46 . 2008-02-17 17:46 <DIR> d-------- C:\Users\All Users\Malwarebytes
    2008-02-17 17:46 . 2008-02-17 17:47 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-02-17 17:46 . 2008-02-17 17:46 <DIR> d-------- C:\PROGRA~3\Malwarebytes
    2008-02-15 13:06 . 2008-02-15 13:06 <DIR> d-------- C:\Program Files\iPod
    2008-02-15 13:05 . 2008-02-15 13:06 <DIR> d-------- C:\Program Files\iTunes
    2008-02-15 13:03 . 2008-01-09 21:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
    2008-02-13 13:15 . 2008-02-13 13:18 <DIR> d-------- C:\divx
    2008-02-13 03:17 . 2008-02-13 03:17 194,560 --a------ C:\Windows\System32\WebClnt.dll
    2008-02-13 03:17 . 2008-02-13 03:17 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
    2008-02-13 03:07 . 2008-02-13 03:07 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
    2008-02-13 03:07 . 2008-02-13 03:07 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
    2008-02-13 03:07 . 2008-02-13 03:07 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
    2008-02-13 03:07 . 2008-02-13 03:07 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
    2008-02-13 03:07 . 2008-02-13 03:07 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
    2008-02-13 03:07 . 2008-02-13 03:07 25,656 --a------ C:\Windows\System32\drivers\msahci.sys
    2008-02-13 03:07 . 2008-02-13 03:07 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
    2008-02-13 03:07 . 2008-02-13 03:07 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
    2008-02-13 03:06 . 2008-02-13 03:06 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-02-13 03:06 . 2008-02-13 03:06 1,686,528 --a------ C:\Windows\System32\gameux.dll
    2008-02-13 03:06 . 2008-02-13 03:06 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
    2008-02-13 03:06 . 2008-02-13 03:06 216,632 --a------ C:\Windows\System32\drivers\netio.sys
    2008-02-13 03:06 . 2008-02-13 03:06 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
    2008-02-13 03:06 . 2008-02-13 03:06 24,064 --a------ C:\Windows\System32\netcfg.exe
    2008-02-13 03:06 . 2008-02-13 03:06 22,016 --a------ C:\Windows\System32\netiougc.exe
    2008-02-13 03:03 . 2008-02-13 03:03 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-02-13 03:03 . 2008-02-13 03:03 824,832 --a------ C:\Windows\System32\wininet.dll
    2008-02-08 14:15 . 2008-02-08 14:15 <DIR> d-------- C:\Program Files\Bonjour
    2008-02-08 14:14 . 2008-02-08 14:15 <DIR> d-------- C:\Program Files\QuickTime
    2008-02-07 23:48 . 2008-02-07 23:48 <DIR> d-------- C:\Windows\Sun
    2008-02-07 23:39 . 2008-02-07 23:39 <DIR> d-------- C:\Program Files\EsetOnlineScanner
    2008-02-02 20:08 . 2008-02-02 20:08 2,016,256 --a------ C:\Windows\System32\milcore.dll
    2008-02-02 20:08 . 2008-02-02 20:08 39,936 --a------ C:\Windows\System32\dwmapi.dll
    2008-02-02 20:07 . 2008-02-02 20:07 38,912 --a------ C:\Windows\System32\drivers\hidclass.sys
    2008-02-02 20:07 . 2008-02-02 20:07 25,472 --a------ C:\Windows\System32\drivers\hidparse.sys
    2008-02-02 20:07 . 2008-02-02 20:07 12,288 --a------ C:\Windows\System32\drivers\hidusb.sys
    2008-02-02 20:00 . 2008-02-02 20:00 140,392 --a------ C:\Windows\System32\drivers\pci.sys
    2008-02-02 20:00 . 2008-02-02 20:00 50,792 --a------ C:\Windows\System32\drivers\termdd.sys
    2008-02-02 20:00 . 2008-02-02 20:00 50,280 --a------ C:\Windows\System32\drivers\volmgr.sys
    2008-02-02 20:00 . 2008-02-02 20:00 28,776 --a------ C:\Windows\System32\drivers\mssmbios.sys
    2008-02-02 20:00 . 2008-02-02 20:00 22,632 --a------ C:\Windows\System32\streamci.dll
    2008-02-02 20:00 . 2008-02-02 20:00 13,928 --a------ C:\Windows\System32\drivers\msisadrv.sys
    2008-02-02 20:00 . 2008-02-02 20:00 12,776 --a------ C:\Windows\System32\drivers\swenum.sys
    2008-02-02 19:56 . 2008-02-02 19:56 0 -rahs---- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv6000 (RN967UA#ABL)_Y5335KV_0U_QCNF6512HN7_E419857-DB1_4A_I30BB_SQuanta_V66.34_F.11_T061208_WV3-0_L409_M2038_J120_7Intel_86F6_91.67_#080202_N80861092;80864222_(RN967UA#ABL)_XMOBILE_CN10_Z.MRK
    2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
    2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\Windows\System32\QuickTime.qts
    2008-01-28 17:53 . 2008-01-28 17:53 <DIR> d-------- C:\Users\Cody\AppData\Roaming\MessengerGadget
    2008-01-27 16:05 . 2008-02-01 15:05 323,254,477 --a------ C:\Windows\MEMORY.DMP

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-24 22:00 --------- d-----w C:\Users\Cody\AppData\Roaming\Azureus
    2008-02-24 16:00 --------- d-----w C:\Users\Cody\AppData\Roaming\AVG7
    2008-02-22 22:20 --------- d---a-w C:\PROGRA~3\TEMP
    2008-02-22 01:31 --------- d-----w C:\Program Files\TagRename
    2008-02-13 21:07 --------- d-----w C:\Program Files\dvdSanta
    2008-02-13 11:06 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-13 11:06 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-13 11:06 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-13 11:06 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-13 11:02 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-13 11:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-13 11:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-13 01:21 --------- d-----w C:\Users\Cody\AppData\Roaming\mIRC
    2008-02-07 23:44 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-02-05 00:47 --------- d-----w C:\Users\Cody\AppData\Roaming\Skype
    2008-02-03 04:10 --------- d-----w C:\Users\Cody\AppData\Roaming\Hewlett-Packard
    2008-02-03 03:56 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Pavilion dv6000 (RN967UA#ABL)_Y5335KV_0U_QCNF6512HN7_E419857-DB1_4A_I30BB_SQuanta_V66.34_F.11_T061208_WV3-0_L409_M2038_J120_7Intel_86F6_91.67_#080202_N80861092;80864222_(RN967UA#ABL)_XMOBILE_CN10_Z.MRK
    2008-02-03 03:56 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-02-03 03:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-21 23:09 --------- d-----w C:\Program Files\Common Files\Totem Shared
    2008-01-21 07:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-01-21 07:55 --------- d-----w C:\Program Files\Winamp
    2008-01-16 21:53 --------- d-----w C:\Program Files\Spyware Doctor
    2008-01-13 23:22 --------- d-----w C:\Users\Cody\AppData\Roaming\GrabIt
    2008-01-13 23:12 --------- d-----w C:\Program Files\GrabIt
    2008-01-10 20:21 --------- d-----w C:\Program Files\YoutubeGet
    2008-01-10 09:57 --------- d-----w C:\Users\Cody\AppData\Roaming\Winamp
    2008-01-09 08:05 --------- d-----w C:\Program Files\Trend Micro
    2008-01-09 07:30 --------- d-----w C:\Program Files\Windows Sidebar
    2008-01-09 07:30 --------- d-----w C:\Program Files\Windows Mail
    2008-01-09 06:28 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-01-09 06:28 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
    2008-01-09 06:27 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-08 21:21 580,114 ----a-w C:\Windows\System32\x264vfw.dll
    2008-01-08 21:21 --------- d-----w C:\Program Files\x264
    2008-01-07 03:16 --------- d-----w C:\Program Files\mIRC
    2008-01-05 23:44 --------- d-----w C:\Users\Cody\AppData\Roaming\Roxio
    2008-01-05 22:54 --------- d-----w C:\Program Files\MumboJumbo
    2008-01-05 22:54 --------- d-----w C:\PROGRA~3\MumboJumbo
    2008-01-05 02:33 --------- d-----w C:\PROGRA~3\Microsoft Help
    2008-01-05 01:53 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-01-03 20:12 74,240 ----a-w C:\Windows\system32\drivers\iksyssec.sys
    2008-01-03 20:12 56,832 ----a-w C:\Windows\system32\drivers\iksysflt.sys
    2008-01-03 20:08 --------- d-----w C:\Users\Cody\AppData\Roaming\PC Tools
    2007-12-30 16:48 55,304 ----a-w C:\Windows\system32\drivers\avgwfp.sys
    2007-12-30 09:25 --------- d-----w C:\Program Files\DVDlabPro2
    2007-12-29 20:44 --------- d-----w C:\Program Files\TweakMASTER
    2007-12-29 20:43 --------- d-----w C:\Program Files\Avi2Dvd
    2007-12-29 20:38 --------- d-----w C:\Program Files\Sony
    2007-12-29 20:24 --------- d-----w C:\PROGRA~3\avg7
    2007-12-29 19:32 --------- d-----w C:\PROGRA~3\Grisoft
    2007-12-26 01:36 --------- d-----w C:\Users\Cody\AppData\Roaming\muvee Technologies
    2007-12-26 01:34 --------- d-----w C:\PROGRA~3\muvee Technologies
    2007-12-26 00:42 --------- d-----w C:\Program Files\AviSynth 2.5
    2007-12-25 22:21 --------- d-----w C:\Program Files\Common Files\Nero
    2007-12-25 22:07 --------- d-----w C:\Program Files\Nero
    2007-12-25 22:07 --------- d-----w C:\PROGRA~3\Nero
    2007-12-12 11:10 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2007-12-12 11:09 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2007-12-12 11:09 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2007-12-04 01:33 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
    2007-12-04 01:33 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
    2007-12-04 01:33 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
    2007-12-04 01:33 682,496 ----a-w C:\Windows\System32\DivX.dll
    2007-11-29 22:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
    2007-11-29 22:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
    2007-11-29 22:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
    2007-11-29 22:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
    2007-11-29 22:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
    2007-11-29 22:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
    2007-11-28 21:55 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
    2007-11-28 21:53 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
    2007-11-28 21:53 57,344 ----a-w C:\Windows\System32\dpv11.dll
    2007-11-28 21:53 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
    2007-11-28 21:53 344,064 ----a-w C:\Windows\System32\dpus11.dll
    2007-11-28 21:53 294,912 ----a-w C:\Windows\System32\dpu11.dll
    2007-11-28 21:53 294,912 ----a-w C:\Windows\System32\dpu10.dll
    2007-11-28 21:52 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
    2007-08-30 10:14 174 --sha-w C:\Program Files\desktop.ini
    .
    Code:
    <pre>
----a-w           325,204 2006-12-22 04:56:28  C:\SWSetup\SP34746\WCAMC\FW_210_Silence Install .exe
</pre>

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 22:27 1232896]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-04-23 16:56 5674352]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 04:35 125440]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 15:15 221184]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 04:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-21 21:05 1006264]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 09:58 159744]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 14:02 815104]
    "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 11:39 46704]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 15:32 167936]
    "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 08:56 317152]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 08:32 472800]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-02-26 17:54 131072]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-02-26 17:54 151552]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-02-26 17:54 126976]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-30 08:48 579072]
    "MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 01:45 222208]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-29 12:17 219136]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    --a------ 2007-08-08 09:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2007-08-25 20:54 23090984 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2007-11-03 13:20 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{0FFC45FC-30D5-404D-BB2F-4644DD7C5058}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
    "{7470011F-1B79-4B18-9CAE-7FC9E86C34CC}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
    "{9C8E356D-3BF4-4CA5-B395-15064F16FEC1}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
    "{39711155-DA48-4198-AAF0-F6F2C35BC5F5}"= C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
    "{979F5ED3-6EC3-4EF7-AA96-581262C05D5D}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
    "{3A29DA65-BA4C-47C1-A495-EEB02BD2EF2C}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
    "{BC342946-347B-42D6-8CC7-7259193C2D69}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
    "{4D73A558-AED2-4BE4-AE76-D57ABB923B7B}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
    "{35D05333-F505-4F47-947E-37E998BE6D7B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{D04AF63B-B5A0-41CE-AF5A-5B116A0A8660}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{E9DCDED4-E43A-4719-B9C9-3B99135009C2}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
    "{33A4A4C0-2E55-474A-9D39-2AE2DE36640F}"= UDP:C:\Program Files\WinRAR\WinRAR.exe:WinRAR
    "{CF0CB864-DEF3-44E4-8E64-2F1A83F568BE}"= TCP:C:\Program Files\WinRAR\WinRAR.exe:WinRAR
    "{231A0941-2F6B-4049-80B5-222CE4C37087}"= UDP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
    "{9C208305-5499-4566-9DAE-5E2E00EA57DE}"= TCP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
    "{62BD1DF3-9E0F-40E6-9F43-BFCDB913C884}"= UDP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
    "{6BC08085-212E-4568-A23C-EC17E2B7B262}"= TCP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
    "{16341D64-5514-4A58-8289-5F25398A5772}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
    "{90D1367C-25B6-4B60-8F4E-3E24F6ECC398}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
    "{AB32B559-B602-42FB-8357-0EB8D644F563}"= UDP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
    "{A2C2B91C-7D00-4C1B-9FE5-6D02EE75A052}"= TCP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
    "TCP Query User{8A935855-27E8-42B2-A37A-CF8CE59AFF84}C:\program files\azureus\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus
    "UDP Query User{B3BE9242-3D92-4C87-ACC3-CA3CFC23DFE1}C:\program files\azureus\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus
    "TCP Query User{9C803DED-7656-4DFC-90CF-C9814907982D}C:\program files\mozilla firefox\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
    "UDP Query User{0F8172CD-34E4-4D67-86B7-0E206DBA235F}C:\program files\mozilla firefox\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
    "TCP Query User{4A87BD83-95A6-4F8A-8A9F-47FCB1B57879}C:\program files\skype\phone\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath |Desc=Skype. Take a deep breath
    "UDP Query User{DDDD61D0-9241-41C3-9927-BACC88B693B0}C:\program files\skype\phone\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath |Desc=Skype. Take a deep breath
    "TCP Query User{483C1F32-DF7D-47A4-A33D-EB018C3A5A67}C:\program files\mirc\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC|Desc=mIRC
    "UDP Query User{0ACF5EE8-2821-42E6-9B4E-9B98196514EA}C:\program files\mirc\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC|Desc=mIRC
    "{E659FC16-1999-45ED-A69B-57C0F84A6745}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{B2106032-B53C-460C-ABF1-0AAEB286537A}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{4ECC193F-E9F3-4DA0-B9D0-042B1F39F634}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{D78FA1B8-FA98-45FD-A14E-30F1679E4E12}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 01:39]
    R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2007-12-30 08:48]
    R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-02-26 17:54]
    R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-08 17:02]
    R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\system32\DRIVERS\snp2uvc.sys [2006-10-24 15:40]


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D48g43BC-4266-43f0-B6ED-9D38C4202C7E}]
    C:\Program Files\Common Files\mscd.exe
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-02-25 22:15:24 C:\Windows\Tasks\User_Feed_Synchronization-{96677E4F-F3E8-4B68-8555-8AE741E93A45}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-25 14:22:52
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-02-25 14:24:04
    .
    2008-02-20 04:00:13 --- E O F ---
  2. 2008-02-24, 23:27 #22
    newyork85
    newyork85 is offline
    Member
    Join Date
    Jan 2008
    Posts
    39

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:25:20 PM, on 25/02/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    C:\Program Files\iPod Access for Windows\iPAHelper.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
    C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe
    C:\Program Files\Windows Media Player\wmprph.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUni...al_1_0_0_7.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 12572 bytes
  3. 2008-02-24, 23:28 #23
    newyork85
    newyork85 is offline
    Member
    Join Date
    Jan 2008
    Posts
    39

    Default

    After the Comboscan, a shortcut for Internet Explorer showed up on my desktop???
  4. 2008-02-25, 05:27 #24
    little eagle
    little eagle is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    Texas
    Posts
    1,144

    Default

    a shortcut for Internet Explorer showed up on my desktop???
    Humm have not heard about that before.


    Open notepad and copy/paste the text in the codebox below into it:

    Code:
    RenV::
C:\SWSetup\SP34746\WCAMC\FW_210_Silence Install .exe
    Save this as Save this as "CFScript"




    Refering to the picture above, drag CFScript.txt into ComboFix.exe

    Then post the results log and a new HijackThis log.
    MS-MVP Windows Security 2006,2007,2008 & 2009
    ASAP member since 2004
  5. 2008-02-25, 23:56 #25
    newyork85
    newyork85 is offline
    Member
    Join Date
    Jan 2008
    Posts
    39

    Default

    ComboFix 08-02-25 - Cody 2008-02-26 14:50:45.4 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.870 [GMT -8:00]
    Running from: C:\Users\Cody\Desktop\ComboFix.exe
    Command switches used :: C:\Users\Cody\Desktop\CFScript.txt
    .

    ((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
    .

    2008-02-19 11:22 . 2008-02-19 11:22 <DIR> d-------- C:\Program Files\doubleTwist
    2008-02-19 11:22 . 2008-02-19 11:22 563,712 --a------ C:\Windows\System32\Redemption.dll
    2008-02-17 17:47 . 2008-02-17 17:47 <DIR> d-------- C:\Users\Cody\AppData\Roaming\Malwarebytes
    2008-02-17 17:46 . 2008-02-17 17:46 <DIR> d-------- C:\Users\All Users\Malwarebytes
    2008-02-17 17:46 . 2008-02-17 17:47 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-02-17 17:46 . 2008-02-17 17:46 <DIR> d-------- C:\PROGRA~3\Malwarebytes
    2008-02-15 13:06 . 2008-02-15 13:06 <DIR> d-------- C:\Program Files\iPod
    2008-02-15 13:05 . 2008-02-15 13:06 <DIR> d-------- C:\Program Files\iTunes
    2008-02-15 13:03 . 2008-01-09 21:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
    2008-02-13 13:15 . 2008-02-13 13:18 <DIR> d-------- C:\divx
    2008-02-13 03:17 . 2008-02-13 03:17 194,560 --a------ C:\Windows\System32\WebClnt.dll
    2008-02-13 03:17 . 2008-02-13 03:17 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
    2008-02-13 03:07 . 2008-02-13 03:07 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
    2008-02-13 03:07 . 2008-02-13 03:07 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
    2008-02-13 03:07 . 2008-02-13 03:07 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
    2008-02-13 03:07 . 2008-02-13 03:07 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
    2008-02-13 03:07 . 2008-02-13 03:07 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
    2008-02-13 03:07 . 2008-02-13 03:07 25,656 --a------ C:\Windows\System32\drivers\msahci.sys
    2008-02-13 03:07 . 2008-02-13 03:07 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
    2008-02-13 03:07 . 2008-02-13 03:07 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
    2008-02-13 03:06 . 2008-02-13 03:06 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-02-13 03:06 . 2008-02-13 03:06 1,686,528 --a------ C:\Windows\System32\gameux.dll
    2008-02-13 03:06 . 2008-02-13 03:06 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
    2008-02-13 03:06 . 2008-02-13 03:06 216,632 --a------ C:\Windows\System32\drivers\netio.sys
    2008-02-13 03:06 . 2008-02-13 03:06 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
    2008-02-13 03:06 . 2008-02-13 03:06 24,064 --a------ C:\Windows\System32\netcfg.exe
    2008-02-13 03:06 . 2008-02-13 03:06 22,016 --a------ C:\Windows\System32\netiougc.exe
    2008-02-13 03:03 . 2008-02-13 03:03 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-02-13 03:03 . 2008-02-13 03:03 824,832 --a------ C:\Windows\System32\wininet.dll
    2008-02-08 14:15 . 2008-02-08 14:15 <DIR> d-------- C:\Program Files\Bonjour
    2008-02-08 14:14 . 2008-02-08 14:15 <DIR> d-------- C:\Program Files\QuickTime
    2008-02-07 23:48 . 2008-02-07 23:48 <DIR> d-------- C:\Windows\Sun
    2008-02-07 23:39 . 2008-02-07 23:39 <DIR> d-------- C:\Program Files\EsetOnlineScanner
    2008-02-02 20:08 . 2008-02-02 20:08 2,016,256 --a------ C:\Windows\System32\milcore.dll
    2008-02-02 20:08 . 2008-02-02 20:08 39,936 --a------ C:\Windows\System32\dwmapi.dll
    2008-02-02 20:07 . 2008-02-02 20:07 38,912 --a------ C:\Windows\System32\drivers\hidclass.sys
    2008-02-02 20:07 . 2008-02-02 20:07 25,472 --a------ C:\Windows\System32\drivers\hidparse.sys
    2008-02-02 20:07 . 2008-02-02 20:07 12,288 --a------ C:\Windows\System32\drivers\hidusb.sys
    2008-02-02 20:00 . 2008-02-02 20:00 140,392 --a------ C:\Windows\System32\drivers\pci.sys
    2008-02-02 20:00 . 2008-02-02 20:00 50,792 --a------ C:\Windows\System32\drivers\termdd.sys
    2008-02-02 20:00 . 2008-02-02 20:00 50,280 --a------ C:\Windows\System32\drivers\volmgr.sys
    2008-02-02 20:00 . 2008-02-02 20:00 28,776 --a------ C:\Windows\System32\drivers\mssmbios.sys
    2008-02-02 20:00 . 2008-02-02 20:00 22,632 --a------ C:\Windows\System32\streamci.dll
    2008-02-02 20:00 . 2008-02-02 20:00 13,928 --a------ C:\Windows\System32\drivers\msisadrv.sys
    2008-02-02 20:00 . 2008-02-02 20:00 12,776 --a------ C:\Windows\System32\drivers\swenum.sys
    2008-02-02 19:56 . 2008-02-02 19:56 0 -rahs---- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv6000 (RN967UA#ABL)_Y5335KV_0U_QCNF6512HN7_E419857-DB1_4A_I30BB_SQuanta_V66.34_F.11_T061208_WV3-0_L409_M2038_J120_7Intel_86F6_91.67_#080202_N80861092;80864222_(RN967UA#ABL)_XMOBILE_CN10_Z.MRK
    2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
    2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\Windows\System32\QuickTime.qts
    2008-01-28 17:53 . 2008-01-28 17:53 <DIR> d-------- C:\Users\Cody\AppData\Roaming\MessengerGadget
    2008-01-27 16:05 . 2008-02-01 15:05 323,254,477 --a------ C:\Windows\MEMORY.DMP

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-26 22:54 --------- d-----w C:\Users\Cody\AppData\Roaming\Azureus
    2008-02-26 16:00 --------- d-----w C:\Users\Cody\AppData\Roaming\AVG7
    2008-02-22 22:20 --------- d---a-w C:\PROGRA~3\TEMP
    2008-02-22 01:31 --------- d-----w C:\Program Files\TagRename
    2008-02-13 21:07 --------- d-----w C:\Program Files\dvdSanta
    2008-02-13 11:06 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-13 11:06 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-13 11:06 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-13 11:06 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-13 11:02 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-13 11:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-13 11:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-13 01:21 --------- d-----w C:\Users\Cody\AppData\Roaming\mIRC
    2008-02-07 23:44 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-02-05 00:47 --------- d-----w C:\Users\Cody\AppData\Roaming\Skype
    2008-02-03 04:10 --------- d-----w C:\Users\Cody\AppData\Roaming\Hewlett-Packard
    2008-02-03 03:56 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Pavilion dv6000 (RN967UA#ABL)_Y5335KV_0U_QCNF6512HN7_E419857-DB1_4A_I30BB_SQuanta_V66.34_F.11_T061208_WV3-0_L409_M2038_J120_7Intel_86F6_91.67_#080202_N80861092;80864222_(RN967UA#ABL)_XMOBILE_CN10_Z.MRK
    2008-02-03 03:56 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-02-03 03:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-21 23:09 --------- d-----w C:\Program Files\Common Files\Totem Shared
    2008-01-21 07:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-01-21 07:55 --------- d-----w C:\Program Files\Winamp
    2008-01-16 21:53 --------- d-----w C:\Program Files\Spyware Doctor
    2008-01-13 23:22 --------- d-----w C:\Users\Cody\AppData\Roaming\GrabIt
    2008-01-13 23:12 --------- d-----w C:\Program Files\GrabIt
    2008-01-10 20:21 --------- d-----w C:\Program Files\YoutubeGet
    2008-01-10 09:57 --------- d-----w C:\Users\Cody\AppData\Roaming\Winamp
    2008-01-09 08:05 --------- d-----w C:\Program Files\Trend Micro
    2008-01-09 07:30 --------- d-----w C:\Program Files\Windows Sidebar
    2008-01-09 07:30 --------- d-----w C:\Program Files\Windows Mail
    2008-01-09 06:28 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-01-09 06:28 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
    2008-01-09 06:27 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-08 21:21 580,114 ----a-w C:\Windows\System32\x264vfw.dll
    2008-01-08 21:21 --------- d-----w C:\Program Files\x264
    2008-01-07 03:16 --------- d-----w C:\Program Files\mIRC
    2008-01-05 23:44 --------- d-----w C:\Users\Cody\AppData\Roaming\Roxio
    2008-01-05 22:54 --------- d-----w C:\Program Files\MumboJumbo
    2008-01-05 22:54 --------- d-----w C:\PROGRA~3\MumboJumbo
    2008-01-05 02:33 --------- d-----w C:\PROGRA~3\Microsoft Help
    2008-01-05 01:53 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-01-03 20:12 74,240 ----a-w C:\Windows\system32\drivers\iksyssec.sys
    2008-01-03 20:12 56,832 ----a-w C:\Windows\system32\drivers\iksysflt.sys
    2008-01-03 20:08 --------- d-----w C:\Users\Cody\AppData\Roaming\PC Tools
    2007-12-30 16:48 55,304 ----a-w C:\Windows\system32\drivers\avgwfp.sys
    2007-12-30 09:25 --------- d-----w C:\Program Files\DVDlabPro2
    2007-12-29 20:44 --------- d-----w C:\Program Files\TweakMASTER
    2007-12-29 20:43 --------- d-----w C:\Program Files\Avi2Dvd
    2007-12-29 20:38 --------- d-----w C:\Program Files\Sony
    2007-12-29 20:24 --------- d-----w C:\PROGRA~3\avg7
    2007-12-29 19:32 --------- d-----w C:\PROGRA~3\Grisoft
    2007-12-26 01:36 --------- d-----w C:\Users\Cody\AppData\Roaming\muvee Technologies
    2007-12-26 01:34 --------- d-----w C:\PROGRA~3\muvee Technologies
    2007-12-26 00:42 --------- d-----w C:\Program Files\AviSynth 2.5
    2007-12-12 11:10 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2007-12-12 11:09 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2007-12-12 11:09 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2007-12-04 01:33 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
    2007-12-04 01:33 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
    2007-12-04 01:33 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
    2007-12-04 01:33 682,496 ----a-w C:\Windows\System32\DivX.dll
    2007-11-29 22:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
    2007-11-29 22:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
    2007-11-29 22:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
    2007-11-29 22:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
    2007-11-29 22:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
    2007-11-29 22:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
    2007-11-28 21:55 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
    2007-11-28 21:53 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
    2007-11-28 21:53 57,344 ----a-w C:\Windows\System32\dpv11.dll
    2007-11-28 21:53 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
    2007-11-28 21:53 344,064 ----a-w C:\Windows\System32\dpus11.dll
    2007-11-28 21:53 294,912 ----a-w C:\Windows\System32\dpu11.dll
    2007-11-28 21:53 294,912 ----a-w C:\Windows\System32\dpu10.dll
    2007-11-28 21:52 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
    2007-08-30 10:14 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 22:27 1232896]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-04-23 16:56 5674352]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 04:35 125440]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 15:15 221184]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 04:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-21 21:05 1006264]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 09:58 159744]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 14:02 815104]
    "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 11:39 46704]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 15:32 167936]
    "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 08:56 317152]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 08:32 472800]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-02-26 17:54 131072]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-02-26 17:54 151552]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-02-26 17:54 126976]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-30 08:48 579072]
    "MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 01:45 222208]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-29 12:17 219136]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    --a------ 2007-08-08 09:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2007-08-25 20:54 23090984 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2007-11-03 13:20 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{0FFC45FC-30D5-404D-BB2F-4644DD7C5058}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
    "{7470011F-1B79-4B18-9CAE-7FC9E86C34CC}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
    "{9C8E356D-3BF4-4CA5-B395-15064F16FEC1}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
    "{39711155-DA48-4198-AAF0-F6F2C35BC5F5}"= C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
    "{979F5ED3-6EC3-4EF7-AA96-581262C05D5D}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
    "{3A29DA65-BA4C-47C1-A495-EEB02BD2EF2C}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
    "{BC342946-347B-42D6-8CC7-7259193C2D69}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
    "{4D73A558-AED2-4BE4-AE76-D57ABB923B7B}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
    "{35D05333-F505-4F47-947E-37E998BE6D7B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{D04AF63B-B5A0-41CE-AF5A-5B116A0A8660}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{E9DCDED4-E43A-4719-B9C9-3B99135009C2}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
    "{33A4A4C0-2E55-474A-9D39-2AE2DE36640F}"= UDP:C:\Program Files\WinRAR\WinRAR.exe:WinRAR
    "{CF0CB864-DEF3-44E4-8E64-2F1A83F568BE}"= TCP:C:\Program Files\WinRAR\WinRAR.exe:WinRAR
    "{231A0941-2F6B-4049-80B5-222CE4C37087}"= UDP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
    "{9C208305-5499-4566-9DAE-5E2E00EA57DE}"= TCP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
    "{62BD1DF3-9E0F-40E6-9F43-BFCDB913C884}"= UDP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
    "{6BC08085-212E-4568-A23C-EC17E2B7B262}"= TCP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
    "{16341D64-5514-4A58-8289-5F25398A5772}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
    "{90D1367C-25B6-4B60-8F4E-3E24F6ECC398}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
    "{AB32B559-B602-42FB-8357-0EB8D644F563}"= UDP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
    "{A2C2B91C-7D00-4C1B-9FE5-6D02EE75A052}"= TCP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
    "TCP Query User{8A935855-27E8-42B2-A37A-CF8CE59AFF84}C:\program files\azureus\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus
    "UDP Query User{B3BE9242-3D92-4C87-ACC3-CA3CFC23DFE1}C:\program files\azureus\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus
    "TCP Query User{9C803DED-7656-4DFC-90CF-C9814907982D}C:\program files\mozilla firefox\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
    "UDP Query User{0F8172CD-34E4-4D67-86B7-0E206DBA235F}C:\program files\mozilla firefox\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
    "TCP Query User{4A87BD83-95A6-4F8A-8A9F-47FCB1B57879}C:\program files\skype\phone\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath |Desc=Skype. Take a deep breath
    "UDP Query User{DDDD61D0-9241-41C3-9927-BACC88B693B0}C:\program files\skype\phone\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath |Desc=Skype. Take a deep breath
    "TCP Query User{483C1F32-DF7D-47A4-A33D-EB018C3A5A67}C:\program files\mirc\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC|Desc=mIRC
    "UDP Query User{0ACF5EE8-2821-42E6-9B4E-9B98196514EA}C:\program files\mirc\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC|Desc=mIRC
    "{E659FC16-1999-45ED-A69B-57C0F84A6745}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{B2106032-B53C-460C-ABF1-0AAEB286537A}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{4ECC193F-E9F3-4DA0-B9D0-042B1F39F634}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{D78FA1B8-FA98-45FD-A14E-30F1679E4E12}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 01:39]
    R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2007-12-30 08:48]
    R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-02-26 17:54]
    R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-08 17:02]
    R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\system32\DRIVERS\snp2uvc.sys [2006-10-24 15:40]


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D48g43BC-4266-43f0-B6ED-9D38C4202C7E}]
    C:\Program Files\Common Files\mscd.exe
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-02-25 22:35:26 C:\Windows\Tasks\User_Feed_Synchronization-{96677E4F-F3E8-4B68-8555-8AE741E93A45}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-26 14:54:43
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-02-26 14:55:40
    ComboFix2.txt 2008-02-25 22:24:05
    .
    2008-02-20 04:00:13 --- E O F ---
  6. 2008-02-25, 23:57 #26
    newyork85
    newyork85 is offline
    Member
    Join Date
    Jan 2008
    Posts
    39

    Default

    The internet explorer icon showed up again...
  7. 2008-02-25, 23:58 #27
    newyork85
    newyork85 is offline
    Member
    Join Date
    Jan 2008
    Posts
    39

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:57:24 PM, on 26/02/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUni...al_1_0_0_7.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10680 bytes
  8. 2008-02-26, 01:41 #28
    little eagle
    little eagle is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    Texas
    Posts
    1,144

    Default

    Well things look ok. Can you enable everything in msconfig and post a new hijackthis log.
    MS-MVP Windows Security 2006,2007,2008 & 2009
    ASAP member since 2004
  9. 2008-02-26, 03:55 #29
    newyork85
    newyork85 is offline
    Member
    Join Date
    Jan 2008
    Posts
    39

    Default

    Sorry, how do I do that?
  10. 2008-02-26, 13:46 #30
    little eagle
    little eagle is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    Texas
    Posts
    1,144

    Default

    Click start > run > in the run box type msconfig
    MS-MVP Windows Security 2006,2007,2008 & 2009
    ASAP member since 2004
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules