Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Windows update turned off alert balloon will not go away

  1. #1
    Junior Member
    Join Date
    May 2008
    Posts
    10

    Default Windows update turned off alert balloon will not go away

    I'm having an issue with not being able to turn on the Automatic Updates. An
    alert balloon is on all the time telling me that my Automatic updates are not
    turned on and if I click on "Turn on Automatic Updates" in the security
    center I get the following message "We're sorry. The Security Center could
    not chage your Automatic Update setting. To try changing these settings
    yourself, go to System n Ctrl Panel. On the Automatic Updates tab, select
    Automatic and then click Ok."

    The ironic thing is when I did that the "Automatic" option is selected
    already. Nothing is grayed out or abnormal. If I click on it and close I
    still get the alert balloon.

    More searching led me to checking the Services (services.msc) and check the
    Automatic Updates and ensure it's enabled and started. It wasn't it was
    disabled. I set it to Automatic and clicked Appy, then clicked on Start in
    the Automatic Updates Properties. I got an error. "Could not start the
    Automatic Updates service on Local Computer. Error 1058: The service cannot
    be started, either because it is disabled ro because it has no enabled
    devices associated with it."

    Additionally, in other searches I've found reference to a Key in the
    registery that I don't have "HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \
    Microsoft \ Windows \ WindowsUpdate \ AU" I don't know why it's not there or
    how to get it.

    I'm running Windows XP Professional and Norton 360.

    I also had a Trojan.Pandex virus which I've "cleaned and killed". Or so I'm told.

    Here is my Highjack this log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:17:20 PM, on 5/19/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Maxtor\Sync\SyncServices.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\ZuneBusEnum.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\nvraidservice.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\BOINC\boincmgr.exe
    C:\WINDOWS\DvzCommon\DvzMsgr.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Palm\HOTSYNC.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\BOINC\boinc.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    C:\Program Files\Symantec\LiveUpdate\luall.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [806788f8] rundll32.exe "C:\WINDOWS\system32\lmpxiivt.dll",b
    O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
    O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
    O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1211170065375
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1199331003109
    O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) -
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...89/mcfscan.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 14204 bytes


    Any advice or assistance on how to resolve this would be greatly appreciated.

    Thank you

  2. #2
    Retired Security Volunteer
    Join Date
    Sep 2007
    Location
    Ireland
    Posts
    1,620

    Default

    Hello

    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only
    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.





    Please visit this web page for instructions for downloading and running ComboFix

    http://www.bleepingcomputer.com/comb...o-use-combofix

    This includes installing the Windows XP Recovery Console in case you have not installed it yet.

    For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

    Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

    Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
    Who watches The Watchmen?

    It's like you said. All I am is what I'm going after.

    ~Scratch~

  3. #3
    Junior Member
    Join Date
    May 2008
    Posts
    10

    Default

    Thanks for the reply.

    I used ATF and installed the Recovery Console and ran Combofix. Below is the Combofix and the Highjackthis.log.

    Thanks for you help!

    ComboFix 08-05-20.4 - Dad 2008-05-20 21:35:42.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1262 [GMT -7:00]
    Running from: C:\Documents and Settings\Dad\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\Downloaded Program Files\ODCTOOLS
    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\rs.txt
    C:\WINDOWS\system32\aatlqlit.ini
    C:\WINDOWS\system32\jmxjskko.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mpfhryme.ini
    C:\WINDOWS\system32\rqRIcdDs.dll
    C:\WINDOWS\system32\sDdcIRqr.ini
    C:\WINDOWS\system32\sDdcIRqr.ini2
    C:\WINDOWS\system32\tviixpml.ini
    F:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_DRIVER


    ((((((((((((((((((((((((( Files Created from 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))
    .

    2008-05-20 21:59 . 2008-05-20 21:59 14,336 --a------ C:\WINDOWS\system32\WinCtrl32.dl_
    2008-05-20 21:08 . 2008-05-20 21:08 91,264 --a------ C:\WINDOWS\system32\tilqltaa.dll
    2008-05-18 20:36 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
    2008-05-18 20:36 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
    2008-05-18 20:36 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
    2008-05-18 20:36 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
    2008-05-18 20:36 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
    2008-05-18 20:35 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
    2008-05-18 20:35 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
    2008-05-18 20:35 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
    2008-05-18 20:35 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
    2008-05-18 20:35 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
    2008-05-18 20:35 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
    2008-05-18 20:35 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
    2008-05-18 20:35 . 2004-08-03 23:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
    2008-05-18 20:35 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
    2008-05-18 20:33 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
    2008-05-18 20:32 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
    2008-05-18 20:31 . 2001-08-17 14:56 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
    2008-05-18 20:30 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
    2008-05-18 20:29 . 2001-08-17 22:36 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
    2008-05-18 20:28 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
    2008-05-18 20:27 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
    2008-05-18 20:26 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
    2008-05-18 20:25 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
    2008-05-18 20:24 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
    2008-05-18 20:23 . 2004-08-04 00:56 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
    2008-05-18 20:22 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
    2008-05-18 20:21 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
    2008-05-18 20:20 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
    2008-05-18 20:19 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
    2008-05-18 20:18 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
    2008-05-18 20:17 . 2001-08-17 22:36 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
    2008-05-18 20:16 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
    2008-05-18 20:15 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
    2008-05-18 20:14 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
    2008-05-18 20:13 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
    2008-05-18 20:12 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
    2008-05-18 20:11 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
    2008-05-18 20:10 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
    2008-05-18 20:09 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
    2008-05-18 20:08 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
    2008-05-18 12:33 . 2008-05-18 12:33 <DIR> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
    2008-05-18 12:33 . 2008-05-18 12:39 <DIR> d-------- C:\Documents and Settings\Dad\SecurityScans
    2008-05-18 12:25 . 2008-05-18 12:25 <DIR> d-------- C:\Program Files\Sun
    2008-05-18 11:53 . 2008-05-18 11:57 5,024 --a------ C:\WINDOWS\system32\tmp.reg
    2008-05-18 11:14 . 2008-05-18 11:14 <DIR> d-------- C:\Documents and Settings\Dad\DoctorWeb
    2008-05-18 10:43 . 2008-05-18 10:43 <DIR> d-------- C:\Program Files\Trend Micro
    2008-05-17 23:05 . 2008-05-17 23:05 <DIR> d-------- C:\kav
    2008-05-17 21:52 . 2008-05-17 21:52 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-05-17 21:47 . 2008-05-17 22:35 <DIR> d-------- C:\SDFix
    2008-05-17 21:11 . 2008-05-17 21:12 <DIR> d-------- C:\Program Files\RogueRemover FREE
    2008-05-17 21:03 . 2008-05-17 21:03 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\TmpRecentIcons
    2008-05-17 17:08 . 2006-05-03 14:31 1,019,904 --a------ C:\WINDOWS\system32\cmdvdpak.cpl
    2008-05-17 14:57 . 2008-05-17 14:57 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\TmpRecentIcons
    2008-05-17 10:54 . 2008-05-17 10:54 29,824 --a------ C:\WINDOWS\system32\khfEUljg.dll
    2008-05-17 10:54 . 2008-05-20 21:26 14,336 --a------ C:\WINDOWS\system32\WinCtrl32.dll
    2008-05-17 10:53 . 2008-05-17 10:53 29,824 --a------ C:\WINDOWS\system32\pmnlkJyY.dll
    2008-05-14 19:18 . 2008-05-14 19:18 0 --a------ C:\pspbrwse.jbf
    2008-05-08 17:54 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2008-05-08 17:54 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2008-05-08 17:53 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-05-08 17:53 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-04-29 19:04 . 2008-01-08 17:16 25,272 --a------ C:\WINDOWS\system32\drivers\purendis.sys
    2008-04-29 19:04 . 2008-01-08 17:16 23,992 --a------ C:\WINDOWS\system32\drivers\pnarp.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-21 05:00 --------- d-----w C:\Program Files\BOINC
    2008-05-21 04:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-05-21 02:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-05-18 19:25 --------- d-----w C:\Program Files\Java
    2008-05-18 02:30 --------- d-----w C:\Program Files\Norton Security Scan
    2008-05-18 00:08 --------- d-----w C:\Program Files\Common Files\Sonic Shared
    2008-05-17 21:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-05-17 17:29 --------- d-----w C:\Program Files\Agent
    2008-05-16 03:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
    2008-04-30 02:04 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
    2008-04-29 00:08 --------- d-----w C:\Program Files\Safari
    2008-04-29 00:07 --------- d-----w C:\Program Files\Apple Software Update
    2008-04-22 22:55 --------- d-----w C:\Program Files\Norton 360
    2008-04-20 00:56 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-04-19 19:40 --------- d-----w C:\Program Files\LimeWire
    2008-04-16 04:16 --------- d-----w C:\Documents and Settings\Dad\Application Data\LimeWire
    2008-04-08 03:27 --------- d-----w C:\Program Files\iTunes
    2008-04-08 03:27 --------- d-----w C:\Program Files\iPod
    2008-04-08 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-04-07 00:00 --------- d-----w C:\Program Files\QuickTime
    2008-04-05 07:11 --------- d-----w C:\Documents and Settings\Dad\Application Data\Apple Computer
    2008-04-05 05:34 --------- d-----w C:\Program Files\Palm
    2008-04-05 00:56 --------- d-----w C:\Program Files\BFVCC Server Manager
    2008-04-05 00:55 737,280 -c--a-w C:\WINDOWS\iun6002.exe
    2008-04-05 00:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-05 00:44 --------- d-----w C:\Program Files\GameSpy Arcade
    2008-04-01 01:01 --------- d-----w C:\Program Files\Common Files\Apple
    2008-03-30 01:59 --------- d-----w C:\Program Files\Documents To Go
    2008-03-28 02:13 --------- d-----w C:\Program Files\FirstClass
    2008-03-22 00:18 --------- d-----w C:\Program Files\Maxis
    2008-03-13 01:50 4,063,800 ----a-w C:\office2003-KB948073-ENU.exe
    2007-11-15 00:00 560 -c--a-w C:\Documents and Settings\Dad\Application Data\ViewerApp.dat
    2006-05-30 23:52 496,749 -c--a-w C:\Program Files\elevatorsuck1.rm
    2006-04-14 17:44 104 --sha-r C:\WINDOWS\system32\1E179C0C29.sys
    2006-07-05 18:25 88 --sha-r C:\WINDOWS\system32\290C9C171E.sys
    2007-12-06 03:04 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18F4FBD5-CDE8-492C-9365-1912378EECFE}]
    2008-05-17 10:53 29824 --a------ C:\WINDOWS\system32\pmnlkJyY.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCB2FF38-FD1A-4FFF-8D4A-303556A31CC9}]
    2008-05-20 22:04 319360 --a------ C:\WINDOWS\system32\rqRJAtuS.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 20:25 81920]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-02 21:49 68856]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 13:09 460784]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 17:25 49152]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]
    "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 10:34 122880]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2005-07-22 15:02 126464]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-08 17:20 451896]
    "nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-18 10:32 451896]
    "LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
    "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
    "CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 04:07 19968 C:\WINDOWS\system32\Ctxfihlp.exe]
    "CTHelper"="CTHELPER.EXE" [2006-12-12 11:46 19456 C:\WINDOWS\system32\CtHelper.exe]
    "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 00:00 45056]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-14 20:10 116328]
    "Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 18:54 166304]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
    "mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 15:53 169264]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 17:19 29744]
    "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "806788f8"="C:\WINDOWS\system32\tilqltaa.dll" [2008-05-20 21:08 91264]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SetDefaultMIDI"="MIDIDEF.exe" [2005-09-20 09:51 25600 C:\WINDOWS\MIDIDEF.EXE]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 04:00 44544]

    C:\Documents and Settings\Dad\Start Menu\Programs\Startup\
    HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2003-07-25 17:29:32 299008]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2007-03-01 11:19:50 3604480]
    DataViz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe [2003-07-01 22:16:46 24576]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-05 01:02:54 784912]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{18F4FBD5-CDE8-492C-9365-1912378EECFE}"= C:\WINDOWS\system32\pmnlkJyY.dll [2008-05-17 10:53 29824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlkJyY]
    pmnlkJyY.dll 2008-05-17 10:53 29824 C:\WINDOWS\system32\pmnlkJyY.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
    WinCtrl32.dll 2008-05-20 21:26 14336 C:\WINDOWS\system32\WinCtrl32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\rqRJAtuS

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bbF88.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bdL08.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\crV50.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dgL71.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dgW14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dwR47.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\egJ48.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eoV73.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fwF18.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gkN72.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gmT16.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\huC00.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lbL30.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\otL10.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\phL55.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qtY84.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rhY40.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\suL66.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmD23.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vwN12.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vyR14.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xdN48.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\yqK76.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
    "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
    "C:\\Program Files\\Palm\\HOTSYNC.EXE"=
    "C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
    "C:\\WINDOWS\\system32\\ftp.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service

    R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 02:00]
    R2 Maxtor Sync Service;Maxtor Service;"C:\Program Files\Maxtor\Sync\SyncServices.exe" [2007-09-28 13:24]
    R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
    R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
    R2 ZuneBusEnum;Zune Bus Enumerator;C:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 18:54]
    R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 09:36]
    S0 bbF88;bbF88;C:\WINDOWS\system32\Drivers\bbF88.sys []
    S0 bdL08;bdL08;C:\WINDOWS\system32\Drivers\bdL08.sys []
    S0 dgL71;dgL71;C:\WINDOWS\system32\Drivers\dgL71.sys []
    S0 egJ48;egJ48;C:\WINDOWS\system32\Drivers\egJ48.sys []
    S0 fwF18;fwF18;C:\WINDOWS\system32\Drivers\fwF18.sys []
    S0 gkN72;gkN72;C:\WINDOWS\system32\Drivers\gkN72.sys []
    S0 gmT16;gmT16;C:\WINDOWS\system32\Drivers\gmT16.sys []
    S0 lbL30;lbL30;C:\WINDOWS\system32\Drivers\lbL30.sys []
    S0 otL10;otL10;C:\WINDOWS\system32\Drivers\otL10.sys []
    S0 phL55;phL55;C:\WINDOWS\system32\Drivers\phL55.sys []
    S0 qtY84;qtY84;C:\WINDOWS\system32\Drivers\qtY84.sys []
    S0 suL66;suL66;C:\WINDOWS\system32\Drivers\suL66.sys []
    S0 vmD23;vmD23;C:\WINDOWS\system32\Drivers\vmD23.sys []
    S0 vwN12;vwN12;C:\WINDOWS\system32\Drivers\vwN12.sys []
    S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 17:19]
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
    S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2005-02-14 15:10]
    S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;C:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-05-17 18:05:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-05-21 04:45:21 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-20 21:59:41
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    C:\WINDOWS\TEMP\TMP0000002955604107134E5826
    C:\WINDOWS\system32\aatlqlit.ini 294 bytes
    C:\Documents and Settings\Dad\Local Settings\Application Data\ApplicationHistory\dsca.exe.cf6b816f.ini.inuse

    scan completed successfully
    hidden files: 3

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\pmnlkJyY.dll
    -> C:\WINDOWS\system32\WinCtrl32.dll

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\system32\nview.dll
    -> C:\WINDOWS\system32\tilqltaa.dll
    -> C:\WINDOWS\system32\rqRJAtuS.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\WINDOWS\system32\CTxfispi.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\BOINC\boinc.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    C:\WINDOWS\system32\rundll32.exe
    .
    **************************************************************************
    .
    Completion time: 2008-05-20 22:05:23 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-21 05:05:16

    Pre-Run: 370,964,545,536 bytes free
    Post-Run: 370,870,185,984 bytes free

    358 --- E O F --- 2008-05-21 04:45:34


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:07:45 PM, on 5/20/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Maxtor\Sync\SyncServices.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\ZuneBusEnum.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\nvraidservice.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\BOINC\boincmgr.exe
    C:\WINDOWS\DvzCommon\DvzMsgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Palm\HOTSYNC.EXE
    C:\Program Files\BOINC\boinc.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [806788f8] rundll32.exe "C:\WINDOWS\system32\tilqltaa.dll",b
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
    O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
    O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1211170065375
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1199331003109
    O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) -
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...89/mcfscan.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 14247 bytes

  4. #4
    Retired Security Volunteer
    Join Date
    Sep 2007
    Location
    Ireland
    Posts
    1,620

    Default

    Hello

    1. Close any open browsers.

    2. Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::

    File::
    C:\WINDOWS\system32\khfEUljg.dll
    C:\WINDOWS\system32\WinCtrl32.dll
    C:\WINDOWS\system32\pmnlkJyY.dll
    D:\Autorun.exe

    Rootkit::
    C:\WINDOWS\system32\aatlqlit.ini

    Registry::
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{18F4FBD5-CDE8-492C-9365-1912378EECFE}"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bbF88.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bdL08.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\crV50.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dgL71.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dgW14.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dwR47.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\egJ48.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eoV73.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fwF18.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gkN72.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gmT16.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\huC00.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lbL30.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\otL10.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\phL55.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qtY84.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rhY40.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\suL66.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmD23.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vwN12.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vyR14.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xdN48.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\yqK76.sys]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

    Driver::
    bbF88
    bdL08
    dgL71
    egJ48
    fwF18
    gkN72
    gmT16
    lbL30
    otL10
    phL55
    qtY84
    vmD23
    suL66
    vwN12
    Save this as CFScript.txt, in the same location as ComboFix.exe




    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at "C:\ComboFix.txt"

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall






    Please download and unzip Icesword to its own folder on your desktop


    If you get a lot of "red entries" in an IceSword log, don't panic.

    Step 1 : Close all windows and run IceSword. Click the Processes tab and watch for processes displayed in red color. A red colored process in this list indicates that it's hidden. Write down the PathName of any processes in red color. Then click on LOG at the top left. It will prompt you to save the log, call this Processes and save it to your desktop.


    Step 2 : Click the Win32 Services tab and look out for red colored entries in the services list. Write down the Module name of any services in red color, you will need to expand out the Module tab to see the full name. Then click on LOG. It will prompt you to save the log, call this Services and save it to your desktop.


    Step 3 : Click the Startup tab and look out for red colored entries in the startup list. Write down the Path of any startup entries in red color. Then click on LOG. It will prompt you to save the log, call this Startup and save it to your desktop.


    Step 4 : Click the SSDT tab and check for red colored entries. If there are any, write down the KModule name.


    Step 5 : Click the Message Hooks tab and check for any entries that are underneath Type and labelled WH_KEYBOARD. Write down the Process Path of these entries if present.



    Now post all of the data collected under the headings for :

    Processes
    Win32 Services
    Startup
    SSDT
    Message Hooks
    Who watches The Watchmen?

    It's like you said. All I am is what I'm going after.

    ~Scratch~

  5. #5
    Junior Member
    Join Date
    May 2008
    Posts
    10

    Default

    Hopefully I did this correctly. Here is the data. Thanks for your help!

    ComboFix 08-05-20.4 - Dad 2008-05-22 16:56:49.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1195 [GMT -7:00]
    Running from: C:\Documents and Settings\Dad\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\ageyfrgy.ini
    C:\WINDOWS\system32\SutAJRqr.ini
    C:\WINDOWS\system32\SutAJRqr.ini2
    F:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
    .

    2008-05-22 17:35 . 2008-05-22 17:35 294 ---hs---- C:\WINDOWS\system32\ageyfrgy.ini
    2008-05-22 17:34 . 2008-05-22 17:34 14,336 --a------ C:\WINDOWS\system32\WinCtrl32.dl_
    2008-05-21 22:01 . 2008-05-21 22:01 90,112 --a------ C:\WINDOWS\system32\ygrfyega.dll
    2008-05-21 21:54 . 2008-05-21 21:59 354 ---hs---- C:\WINDOWS\system32\xlfbgern.ini
    2008-05-21 21:51 . 2008-05-22 16:21 14,336 --a------ C:\WINDOWS\system32\WinCtrl32.dll
    2008-05-21 21:27 . 2008-05-21 21:27 <DIR> d-------- C:\VundoFix Backups
    2008-05-20 22:32 . 2008-05-20 22:32 <DIR> d-------- C:\Program Files\Lavasoft
    2008-05-20 22:32 . 2008-05-20 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-05-20 22:04 . 2008-05-20 22:04 319,360 --a------ C:\WINDOWS\system32\rqRJAtuS.dll
    2008-05-18 20:36 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
    2008-05-18 20:36 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
    2008-05-18 20:36 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
    2008-05-18 20:36 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
    2008-05-18 20:36 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
    2008-05-18 20:35 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
    2008-05-18 20:35 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
    2008-05-18 20:35 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
    2008-05-18 20:35 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
    2008-05-18 20:35 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
    2008-05-18 20:35 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
    2008-05-18 20:35 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
    2008-05-18 20:35 . 2004-08-03 23:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
    2008-05-18 20:35 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
    2008-05-18 20:33 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
    2008-05-18 20:32 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
    2008-05-18 20:31 . 2001-08-17 14:56 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
    2008-05-18 20:30 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
    2008-05-18 20:29 . 2001-08-17 22:36 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
    2008-05-18 20:28 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
    2008-05-18 20:27 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
    2008-05-18 20:26 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
    2008-05-18 20:25 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
    2008-05-18 20:24 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
    2008-05-18 20:23 . 2004-08-04 00:56 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
    2008-05-18 20:22 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
    2008-05-18 20:21 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
    2008-05-18 20:20 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
    2008-05-18 20:19 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
    2008-05-18 20:18 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
    2008-05-18 20:17 . 2001-08-17 22:36 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
    2008-05-18 20:16 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
    2008-05-18 20:15 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
    2008-05-18 20:14 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
    2008-05-18 20:13 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
    2008-05-18 20:12 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
    2008-05-18 20:11 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
    2008-05-18 20:10 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
    2008-05-18 20:09 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
    2008-05-18 20:08 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
    2008-05-18 12:33 . 2008-05-18 12:33 <DIR> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
    2008-05-18 12:33 . 2008-05-18 12:39 <DIR> d-------- C:\Documents and Settings\Dad\SecurityScans
    2008-05-18 12:25 . 2008-05-18 12:25 <DIR> d-------- C:\Program Files\Sun
    2008-05-18 11:53 . 2008-05-18 11:57 5,024 --a------ C:\WINDOWS\system32\tmp.reg
    2008-05-18 11:14 . 2008-05-18 11:14 <DIR> d-------- C:\Documents and Settings\Dad\DoctorWeb
    2008-05-18 10:43 . 2008-05-18 10:43 <DIR> d-------- C:\Program Files\Trend Micro
    2008-05-17 23:05 . 2008-05-17 23:05 <DIR> d-------- C:\kav
    2008-05-17 21:52 . 2008-05-17 21:52 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-05-17 21:47 . 2008-05-17 22:35 <DIR> d-------- C:\SDFix
    2008-05-17 21:11 . 2008-05-17 21:12 <DIR> d-------- C:\Program Files\RogueRemover FREE
    2008-05-17 21:03 . 2008-05-17 21:03 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\TmpRecentIcons
    2008-05-17 17:08 . 2006-05-03 14:31 1,019,904 --a------ C:\WINDOWS\system32\cmdvdpak.cpl
    2008-05-17 14:57 . 2008-05-17 14:57 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\TmpRecentIcons
    2008-05-14 19:18 . 2008-05-14 19:18 0 --a------ C:\pspbrwse.jbf
    2008-05-08 17:54 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2008-05-08 17:54 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2008-05-08 17:53 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-05-08 17:53 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-04-29 19:04 . 2008-01-08 17:16 25,272 --a------ C:\WINDOWS\system32\drivers\purendis.sys
    2008-04-29 19:04 . 2008-01-08 17:16 23,992 --a------ C:\WINDOWS\system32\drivers\pnarp.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-23 00:36 --------- d-----w C:\Program Files\BOINC
    2008-05-22 05:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-05-22 03:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-05-22 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-05-21 05:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-05-21 05:20 --------- d-----w C:\Program Files\WildTangent
    2008-05-18 19:25 --------- d-----w C:\Program Files\Java
    2008-05-18 02:30 --------- d-----w C:\Program Files\Norton Security Scan
    2008-05-18 00:08 --------- d-----w C:\Program Files\Common Files\Sonic Shared
    2008-05-17 17:29 --------- d-----w C:\Program Files\Agent
    2008-05-16 03:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
    2008-04-30 02:04 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
    2008-04-29 00:08 --------- d-----w C:\Program Files\Safari
    2008-04-29 00:07 --------- d-----w C:\Program Files\Apple Software Update
    2008-04-22 22:55 --------- d-----w C:\Program Files\Norton 360
    2008-04-20 00:56 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-04-19 19:40 --------- d-----w C:\Program Files\LimeWire
    2008-04-16 04:16 --------- d-----w C:\Documents and Settings\Dad\Application Data\LimeWire
    2008-04-08 03:27 --------- d-----w C:\Program Files\iTunes
    2008-04-08 03:27 --------- d-----w C:\Program Files\iPod
    2008-04-08 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-04-07 00:00 --------- d-----w C:\Program Files\QuickTime
    2008-04-05 07:11 --------- d-----w C:\Documents and Settings\Dad\Application Data\Apple Computer
    2008-04-05 05:34 --------- d-----w C:\Program Files\Palm
    2008-04-05 00:56 --------- d-----w C:\Program Files\BFVCC Server Manager
    2008-04-05 00:55 737,280 -c--a-w C:\WINDOWS\iun6002.exe
    2008-04-05 00:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-05 00:44 --------- d-----w C:\Program Files\GameSpy Arcade
    2008-04-01 01:01 --------- d-----w C:\Program Files\Common Files\Apple
    2008-03-30 01:59 --------- d-----w C:\Program Files\Documents To Go
    2008-03-28 02:13 --------- d-----w C:\Program Files\FirstClass
    2008-03-13 01:50 4,063,800 ----a-w C:\office2003-KB948073-ENU.exe
    2007-11-15 00:00 560 -c--a-w C:\Documents and Settings\Dad\Application Data\ViewerApp.dat
    2006-05-30 23:52 496,749 -c--a-w C:\Program Files\elevatorsuck1.rm
    2006-04-14 17:44 104 --sha-r C:\WINDOWS\system32\1E179C0C29.sys
    2006-07-05 18:25 88 --sha-r C:\WINDOWS\system32\290C9C171E.sys
    2007-12-06 03:04 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-20_22.04.54.40 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-21 04:42:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-23 00:03:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-21 05:32:12 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
    + 2008-05-21 05:32:12 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
    + 2008-05-21 05:32:12 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
    + 2008-05-21 05:32:12 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
    - 2008-05-20 15:24:54 215,616 ----a-w C:\WINDOWS\SoftwareDistribution\Download\Install\mpas-d.exe
    - 2008-05-21 04:45:40 2,868 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{AB70612D-302F-497B-8CB9-2BA24B87D6E5}.bin
    + 2008-05-23 00:10:05 2,866 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{AB70612D-302F-497B-8CB9-2BA24B87D6E5}.bin
    + 2007-07-11 21:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
    + 2007-08-07 20:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    + 2007-08-07 20:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    + 2007-12-14 19:32:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    + 2008-05-23 00:03:40 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2a0.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF179F55-67A6-4C26-8EEE-0BE42EBAF340}]
    2008-05-20 22:04 319360 --a------ C:\WINDOWS\system32\rqRJAtuS.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 20:25 81920]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-02 21:49 68856]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 13:09 460784]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 17:25 49152]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]
    "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 10:34 122880]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2005-07-22 15:02 126464]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-08 17:20 451896]
    "nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-18 10:32 451896]
    "LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
    "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
    "CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 04:07 19968 C:\WINDOWS\system32\Ctxfihlp.exe]
    "CTHelper"="CTHELPER.EXE" [2006-12-12 11:46 19456 C:\WINDOWS\system32\CtHelper.exe]
    "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 00:00 45056]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-14 20:10 116328]
    "Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 18:54 166304]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
    "mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 15:53 169264]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 17:19 29744]
    "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "806788f8"="C:\WINDOWS\system32\ygrfyega.dll" [2008-05-21 22:01 90112]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SetDefaultMIDI"="MIDIDEF.exe" [2005-09-20 09:51 25600 C:\WINDOWS\MIDIDEF.EXE]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 04:00 44544]

    C:\Documents and Settings\Dad\Start Menu\Programs\Startup\
    HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2003-07-25 17:29:32 299008]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2007-03-01 11:19:50 3604480]
    DataViz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe [2003-07-01 22:16:46 24576]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-05 01:02:54 784912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlkJyY]
    pmnlkJyY.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
    WinCtrl32.dll 2008-05-22 16:21 14336 C:\WINDOWS\system32\WinCtrl32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\byH31.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dkA71.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gvM56.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gvY04.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nuK16.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ouO65.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vbH21.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
    "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
    "C:\\Program Files\\Palm\\HOTSYNC.EXE"=
    "C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
    "C:\\WINDOWS\\system32\\ftp.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service

    R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 02:00]
    R2 Maxtor Sync Service;Maxtor Service;"C:\Program Files\Maxtor\Sync\SyncServices.exe" [2007-09-28 13:24]
    R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
    R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
    R2 ZuneBusEnum;Zune Bus Enumerator;C:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 18:54]
    R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 09:36]
    S0 byH31;byH31;C:\WINDOWS\system32\Drivers\byH31.sys []
    S0 dkA71;dkA71;C:\WINDOWS\system32\Drivers\dkA71.sys []
    S0 gvY04;gvY04;C:\WINDOWS\system32\Drivers\gvY04.sys []
    S0 nuK16;nuK16;C:\WINDOWS\system32\Drivers\nuK16.sys []
    S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 17:19]
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
    S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2005-02-14 15:10]
    S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;C:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-05-17 18:05:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-05-23 00:06:26 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-22 17:35:48
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\WinCtrl32.dll

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\system32\nview.dll
    -> C:\WINDOWS\system32\ygrfyega.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\CTxfispi.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\BOINC\boinc.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_5.27_windows_intelx86.exe
    C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_5.27_windows_intelx86.exe
    .
    **************************************************************************
    .
    Completion time: 2008-05-22 17:40:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-23 00:40:28
    ComboFix2.txt 2008-05-22 04:59:03
    ComboFix3.txt 2008-05-21 05:05:24

    Pre-Run: 370,727,669,760 bytes free
    Post-Run: 370,698,264,576 bytes free

    314 --- E O F --- 2008-05-23 00:10:00

    PROCESSES

    Process:

    System Idle Process
    System
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\WINDOWS\DvzCommon\DvzMsgr.exe
    C:\Program Files\Maxtor\Sync\SyncServices.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\BOINC\boincmgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Documents and Settings\Dad\Desktop\IceSword122en\IceSword.exe
    C:\WINDOWS\system32\smss.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\WINDOWS\system32\csrss.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZuneBusEnum.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTxfispi.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Palm\HOTSYNC.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\WINDOWS\system32\CtHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
    C:\WINDOWS\system32\nvraidservice.exe
    C:\WINDOWS\system32\alg.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\BOINC\boinc.exe
    C:\WINDOWS\explorer.exe

    WIN32 SERVICES

    Started Service:

    Service Name:aawservice Display Name:Ad-Aware 2007 Service
    Service Name:ALG Display Name:Application Layer Gateway Service
    Service Name:Apple Mobile Device Display Name:Apple Mobile Device
    Service Name:AudioSrv Display Name:Windows Audio
    Service Name:bgsvcgen Display Name:B's Recorder GOLD Library General Service
    Service Name:BITS Display Name:Background Intelligent Transfer Service
    Service Name:Browser Display Name:Computer Browser
    Service Name:ccEvtMgr Display Name:Symantec Event Manager
    Service Name:ccProxy Display Name:Symantec Network Proxy
    Service Name:ccSetMgr Display Name:Symantec Settings Manager
    Service Name:CLTNetCnService Display Name:Symantec Lic NetConnect service
    Service Name:Creative Service for CDROM Access Display Name:Creative Service for CDROM Access
    Service Name:CryptSvc Display Name:Cryptographic Services
    Service Name:DcomLaunch Display Name:DCOM Server Process Launcher
    Service Name:Dhcp Display Name:DHCP Client
    Service Name:dmserver Display Name:Logical Disk Manager
    Service Name:Dnscache Display Name:DNS Client
    Service Name:ERSvc Display Name:Error Reporting Service
    Service Name:Eventlog Display Name:Event Log
    Service Name:EventSystem Display Name:COM+ Event System
    Service Name:FastUserSwitchingCompatibility Display Name:Fast User Switching Compatibility
    Service Name:gusvc Display Name:Google Updater Service
    Service Name:helpsvc Display Name:Help and Support
    Service Name:HidServ Display Name:HID Input Service
    Service Name:HTTPFilter Display Name:HTTP SSL
    Service Name:iPod Service Display Name:iPod Service
    Service Name:lanmanserver Display Name:Server
    Service Name:lanmanworkstation Display Name:Workstation
    Service Name:LiveUpdate Notice Ex Display Name:LiveUpdate Notice Service Ex
    Service Name:LmHosts Display Name:TCP/IP NetBIOS Helper
    Service Name:Maxtor Sync Service Display Name:Maxtor Service
    Service Name:MDM Display Name:Machine Debug Manager
    Service Name:MSSQL$MICROSOFTSMLBIZ Display Name:MSSQL$MICROSOFTSMLBIZ
    Service Name:Netman Display Name:Network Connections
    Service Name:Nla Display Name:Network Location Awareness (NLA)
    Service Name:nmservice Display Name:Pure Networks Platform Service
    Service Name:nTuneService Display Name:nTune Service
    Service Name:NVSvc Display Name:NVIDIA Display Driver Service
    Service Name:PlugPlay Display Name:Plug and Play
    Service Name:PnkBstrA Display Name:PnkBstrA
    Service Name:PolicyAgent Display Name:IPSEC Services
    Service Name:ProtectedStorage Display Name:Protected Storage
    Service Name:RasMan Display Name:Remote Access Connection Manager
    Service Name:RemoteRegistry Display Name:Remote Registry
    Service Name:RpcSs Display Name:Remote Procedure Call (RPC)
    Service Name:SamSs Display Name:Security Accounts Manager
    Service Name:Schedule Display Name:Task Scheduler
    Service Name:seclogon Display Name:Secondary Logon
    Service Name:SENS Display Name:System Event Notification
    Service Name:SharedAccess Display Name:Windows Firewall/Internet Connection Sharing (ICS)
    Service Name:ShellHWDetection Display Name:Shell Hardware Detection
    Service Name:Spooler Display Name:Print Spooler
    Service Name:sprtsvc_dellsupportcenter Display Name:SupportSoft Sprocket Service (dellsupportcenter)
    Service Name:srservice Display Name:System Restore Service
    Service Name:SSDPSRV Display Name:SSDP Discovery Service
    Service Name:stisvc Display Name:Windows Image Acquisition (WIA)
    Service Name:TapiSrv Display Name:Telephony
    Service Name:TermService Display Name:Terminal Services
    Service Name:Themes Display Name:Themes
    Service Name:TrkWks Display Name:Distributed Link Tracking Client
    Service Name:UPHClean Display Name:User Profile Hive Cleanup
    Service Name:upnphost Display Name:Universal Plug and Play Device Host
    Service Name:w32time Display Name:Windows Time
    Service Name:WebClient Display Name:WebClient
    Service Name:WinDefend Display Name:Windows Defender
    Service Name:winmgmt Display Name:Windows Management Instrumentation
    Service Name:WMPNetworkSvc Display Name:Windows Media Player Network Sharing Service
    Service Name:wscsvc Display Name:Security Center
    Service Name:wuauserv Display Name:Automatic Updates
    Service Name:WudfSvc Display Name:Windows Driver Foundation - User-mode Driver Framework
    Service Name:WZCSVC Display Name:Wireless Zero Configuration
    Service Name:ZuneBusEnum Display Name:Zune Bus Enumerator

    STARTUP

    Startup:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    AudioDrvEmulator
    "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Symantec PIF AlertEng
    "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Windows Defender
    "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    VolPanel
    "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    UpdReg
    C:\WINDOWS\UpdReg.EXE

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    SunJavaUpdateSched
    "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    nwiz
    nwiz.exe /install

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    NVRaidService
    C:\WINDOWS\system32\nvraidservice.exe

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    NvMediaCenter
    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    NvCplDaemon
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    nmctxth
    "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    nmapp
    "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    LVCOMS
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    ISUSScheduler
    "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    ISUSPM Startup
    "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    DellSupportCenter
    "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    CTxfiHlp
    CTXFIHLP.EXE

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    CTHelper
    CTHELPER.EXE

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    CTDVDDET
    "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    ccApp
    "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Zune Launcher
    "C:\Program Files\Zune\ZuneLauncher.exe"

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    QuickTime Task
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    mxomssmenu
    "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    iTunesHelper
    "C:\Program Files\iTunes\iTunesHelper.exe"

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Google Desktop Search
    "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    dscactivate
    "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Adobe Reader Speed Launcher
    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    806788f8
    rundll32.exe "C:\WINDOWS\system32\ygrfyega.dll",b

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    NVIDIA nTune
    "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    ctfmon.exe
    C:\WINDOWS\system32\ctfmon.exe

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    swg
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    DellSupport
    "C:\Program Files\DellSupport\DSAgnt.exe" /startup

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    WMPNSCFG
    C:\Program Files\Windows Media Player\WMPNSCFG.exe

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    BOINC Manager.lnk
    C:\Program Files\BOINC\boincmgr.exe (Remark£ºAllows you to control the core client, attach to new projects, detach from old projects, and otherwise maintain the health of the BOINC system)

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    DataViz Messenger.lnk
    C:\WINDOWS\DvzCommon\DvzMsgr.exe (Remark£ºDataViz Messenger component)

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    desktop.ini


    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Logitech SetPoint.lnk
    C:\Program Files\Logitech\SetPoint\SetPoint.exe (Remark£º)

    C:\Documents and Settings\Dad\Start Menu\Programs\Startup
    desktop.ini


    C:\Documents and Settings\Dad\Start Menu\Programs\Startup
    HotSync Manager.lnk
    C:\Program Files\Palm\HOTSYNC.EXE (Remark£º)

    SSDT

    Unknown
    Unknown
    Unknown
    Unknown
    \??\C:\Windows\system32\drivers\symevent.sys
    Unknown
    Unknown
    \??\C:\Windows\system32\drivers\symevent.sys
    \??\C:\Windows\system32\drivers\symevent.sys
    Unknown
    Unknown
    Unknown
    Unknown
    Unknown
    Unknown
    Unknown
    Unknown
    Unknown
    Unknown
    Unknown
    \??\C:\Windows\system32\drivers\symevent.sys
    Unknown
    Unknown
    Unknown
    Unknown
    \??\C:\Windows\system32\drivers\uphcleanhlp.sys
    Unknown
    Unknown

    MESSAGE HOOKS

    C:\ Windows\explorer.exe
    C:\ Windows\explorer.exe
    C:\ Windows\explorer.exe
    C:\ Windows\DvzCommon\DvzMsgr.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\Google\googletoolbarnotifier\googletoolbarnotifier.exe
    C:\Windows\system32\ctxfispi.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\common files\logitech\QCDriver3\LVComS.exe
    C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
    C:\Program Files\Google\googletoolbarnotifier\googletoolbarnotifier.exe
    C:\Windows\system32\CTHelper.exe
    C:\Program Files\common files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Boinc\boincmgr.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Boinc\boincmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\ Windows\explorer.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\ Windows\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe

  6. #6
    Retired Security Volunteer
    Join Date
    Sep 2007
    Location
    Ireland
    Posts
    1,620

    Default

    Hello

    1. Close any open browsers.

    2. Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::

    File::
    C:\WINDOWS\system32\ageyfrgy.ini
    C:\WINDOWS\system32\WinCtrl32.dl_
    C:\WINDOWS\system32\ygrfyega.dll
    C:\WINDOWS\system32\xlfbgern.ini
    C:\WINDOWS\system32\WinCtrl32.dll
    C:\WINDOWS\system32\rqRJAtuS.dll

    Folder::

    Registry::
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\byH31.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dkA71.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gvM56.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gvY04.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nuK16.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ouO65.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vbH21.sys]

    Driver::
    byH31
    dkA71
    gvY04
    nuK16

    SysRst::
    Save this as CFScript.txt, in the same location as ComboFix.exe




    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at "C:\ComboFix.txt"

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall





    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner and click Accept

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.
    • Copy and paste that information in your next post.



    Also post a new HijackThis log
    Who watches The Watchmen?

    It's like you said. All I am is what I'm going after.

    ~Scratch~

  7. #7
    Junior Member
    Join Date
    May 2008
    Posts
    10

    Default

    I'm not sure if I saved the Kaspersky data correctly, but here is the Combofix.txt file and the display from the Kaspersky online scanner.

    When Kaspersky finished with the scan there was no prompt to save a report, and when it finished the scan and I clicked "Stop Scan" a pop up said that I have not saved the Scan Report and that if I continue all the scan results will be lost. Also, it shows in the save display the is was 99% complete, however, it showed as done. I ran during the night and when I woke up it had finished. Again, I don't know if I saved the correct information for Kaspersky

    Thanks

    ComboFix 08-05-21.3 - Dad 2008-05-23 17:58:48.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1387 [GMT -7:00]
    Running from: C:\Documents and Settings\Dad\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Dad\Desktop\CFScript.txt
    * Created a new restore point

    FILE ::
    C:\WINDOWS\system32\ageyfrgy.ini
    C:\WINDOWS\system32\rqRJAtuS.dll
    C:\WINDOWS\system32\WinCtrl32.dl_
    C:\WINDOWS\system32\WinCtrl32.dll
    C:\WINDOWS\system32\xlfbgern.ini
    C:\WINDOWS\system32\ygrfyega.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Google\googletoolbar1.dll
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\ageyfrgy.ini
    C:\WINDOWS\system32\jboqublm.ini
    C:\WINDOWS\system32\rqRJAtuS.dll
    C:\WINDOWS\system32\SutAJRqr.ini
    C:\WINDOWS\system32\SutAJRqr.ini2
    C:\WINDOWS\system32\WinCtrl32.dl_
    C:\WINDOWS\system32\WinCtrl32.dll
    C:\WINDOWS\system32\xlfbgern.ini
    F:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_byH31
    -------\Service_dkA71
    -------\Service_gvY04
    -------\Service_nuK16


    ((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
    .

    2008-05-22 23:03 . 2008-05-22 23:03 90,624 --a------ C:\WINDOWS\system32\mlbuqobj.dll
    2008-05-21 21:27 . 2008-05-21 21:27 <DIR> d-------- C:\VundoFix Backups
    2008-05-20 22:32 . 2008-05-20 22:32 <DIR> d-------- C:\Program Files\Lavasoft
    2008-05-20 22:32 . 2008-05-20 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-05-18 20:36 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
    2008-05-18 20:36 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
    2008-05-18 20:36 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
    2008-05-18 20:36 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
    2008-05-18 20:36 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
    2008-05-18 20:35 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
    2008-05-18 20:35 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
    2008-05-18 20:35 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
    2008-05-18 20:35 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
    2008-05-18 20:35 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
    2008-05-18 20:35 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
    2008-05-18 20:35 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
    2008-05-18 20:35 . 2004-08-03 23:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
    2008-05-18 20:35 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
    2008-05-18 20:33 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
    2008-05-18 20:32 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
    2008-05-18 20:31 . 2001-08-17 14:56 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
    2008-05-18 20:30 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
    2008-05-18 20:29 . 2001-08-17 22:36 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
    2008-05-18 20:28 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
    2008-05-18 20:27 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
    2008-05-18 20:26 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
    2008-05-18 20:25 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
    2008-05-18 20:24 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
    2008-05-18 20:23 . 2004-08-04 00:56 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
    2008-05-18 20:22 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
    2008-05-18 20:21 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
    2008-05-18 20:20 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
    2008-05-18 20:19 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
    2008-05-18 20:18 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
    2008-05-18 20:17 . 2001-08-17 22:36 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
    2008-05-18 20:16 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
    2008-05-18 20:15 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
    2008-05-18 20:14 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
    2008-05-18 20:13 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
    2008-05-18 20:12 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
    2008-05-18 20:11 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
    2008-05-18 20:10 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
    2008-05-18 20:09 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
    2008-05-18 20:08 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
    2008-05-18 12:33 . 2008-05-18 12:33 <DIR> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
    2008-05-18 12:33 . 2008-05-18 12:39 <DIR> d-------- C:\Documents and Settings\Dad\SecurityScans
    2008-05-18 12:25 . 2008-05-18 12:25 <DIR> d-------- C:\Program Files\Sun
    2008-05-18 11:53 . 2008-05-18 11:57 5,024 --a------ C:\WINDOWS\system32\tmp.reg
    2008-05-18 11:14 . 2008-05-18 11:14 <DIR> d-------- C:\Documents and Settings\Dad\DoctorWeb
    2008-05-18 10:43 . 2008-05-18 10:43 <DIR> d-------- C:\Program Files\Trend Micro
    2008-05-17 23:05 . 2008-05-17 23:05 <DIR> d-------- C:\kav
    2008-05-17 21:52 . 2008-05-17 21:52 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-05-17 21:47 . 2008-05-17 22:35 <DIR> d-------- C:\SDFix
    2008-05-17 21:11 . 2008-05-17 21:12 <DIR> d-------- C:\Program Files\RogueRemover FREE
    2008-05-17 21:03 . 2008-05-17 21:03 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\TmpRecentIcons
    2008-05-17 17:08 . 2006-05-03 14:31 1,019,904 --a------ C:\WINDOWS\system32\cmdvdpak.cpl
    2008-05-17 14:57 . 2008-05-17 14:57 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\TmpRecentIcons
    2008-05-14 19:18 . 2008-05-14 19:18 0 --a------ C:\pspbrwse.jbf
    2008-05-08 17:54 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2008-05-08 17:54 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2008-05-08 17:53 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-05-08 17:53 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-04-29 19:04 . 2008-01-08 17:16 25,272 --a------ C:\WINDOWS\system32\drivers\purendis.sys
    2008-04-29 19:04 . 2008-01-08 17:16 23,992 --a------ C:\WINDOWS\system32\drivers\pnarp.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-24 00:59 --------- d-----w C:\Program Files\Google
    2008-05-24 00:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-05-24 00:38 --------- d-----w C:\Program Files\BOINC
    2008-05-23 05:53 --------- d-----w C:\Program Files\Agent
    2008-05-23 04:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-05-22 03:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-05-21 05:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-05-21 05:20 --------- d-----w C:\Program Files\WildTangent
    2008-05-18 19:25 --------- d-----w C:\Program Files\Java
    2008-05-18 02:30 --------- d-----w C:\Program Files\Norton Security Scan
    2008-05-18 00:08 --------- d-----w C:\Program Files\Common Files\Sonic Shared
    2008-05-16 03:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
    2008-04-30 02:04 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
    2008-04-29 00:08 --------- d-----w C:\Program Files\Safari
    2008-04-29 00:07 --------- d-----w C:\Program Files\Apple Software Update
    2008-04-22 22:55 --------- d-----w C:\Program Files\Norton 360
    2008-04-20 00:56 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-04-19 19:40 --------- d-----w C:\Program Files\LimeWire
    2008-04-16 04:16 --------- d-----w C:\Documents and Settings\Dad\Application Data\LimeWire
    2008-04-08 03:27 --------- d-----w C:\Program Files\iTunes
    2008-04-08 03:27 --------- d-----w C:\Program Files\iPod
    2008-04-08 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-04-07 00:00 --------- d-----w C:\Program Files\QuickTime
    2008-04-05 07:11 --------- d-----w C:\Documents and Settings\Dad\Application Data\Apple Computer
    2008-04-05 05:34 --------- d-----w C:\Program Files\Palm
    2008-04-05 00:56 --------- d-----w C:\Program Files\BFVCC Server Manager
    2008-04-05 00:55 737,280 -c--a-w C:\WINDOWS\iun6002.exe
    2008-04-05 00:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-05 00:44 --------- d-----w C:\Program Files\GameSpy Arcade
    2008-04-01 01:01 --------- d-----w C:\Program Files\Common Files\Apple
    2008-03-30 01:59 --------- d-----w C:\Program Files\Documents To Go
    2008-03-28 02:13 --------- d-----w C:\Program Files\FirstClass
    2008-03-13 01:50 4,063,800 ----a-w C:\office2003-KB948073-ENU.exe
    2007-11-15 00:00 560 -c--a-w C:\Documents and Settings\Dad\Application Data\ViewerApp.dat
    2006-05-30 23:52 496,749 -c--a-w C:\Program Files\elevatorsuck1.rm
    2006-04-14 17:44 104 --sha-r C:\WINDOWS\system32\1E179C0C29.sys
    2006-07-05 18:25 88 --sha-r C:\WINDOWS\system32\290C9C171E.sys
    2007-12-06 03:04 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-20_22.04.54.40 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-21 04:42:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-24 01:05:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-21 05:32:12 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
    + 2008-05-21 05:32:12 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
    + 2008-05-21 05:32:12 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
    + 2008-05-21 05:32:12 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
    + 2007-07-11 21:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
    + 2007-08-07 20:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    + 2007-08-07 20:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    + 2007-12-14 19:32:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    + 2008-05-24 01:08:19 16,384 --sha-w C:\WINDOWS\Temp\Cookies\index.dat
    + 2008-05-24 01:08:19 16,384 --sha-w C:\WINDOWS\Temp\History\History.IE5\index.dat
    + 2008-05-24 01:06:00 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6e4.dat
    + 2008-05-24 01:08:19 32,768 --sha-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{1D986C8D-8D09-4A9F-BD4C-69778A2D5AAE}\mpengine.dll
    2008-05-12 16:14 3308624 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0002373.dll

    C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{77FE39B6-E49A-40B8-B0DE-0A3C040E72CE}\mpengine.dll
    2008-05-12 16:14 3308624 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0000023.dll

    C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{782A04A0-AD2E-4406-9710-DB2682C5012C}\mpengine.dll
    2008-05-12 16:14 3308624 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0000194.dll

    C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{E81435C7-A71E-4268-A519-7B728A351ED0}\mpengine.dll
    2008-05-12 16:14 3308624 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000243.dll

    2008-05-12 16:14 3308624 C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2008-04-01 10:33 3251280 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0000022.dll
    2008-05-12 16:14 3308624 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0002372.dll

    2004-08-04 05:00 25600 C:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
    2004-08-04 05:00 25600 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP10\A0002450.dll
    2004-08-04 05:00 25600 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002370.dll

    2008-02-08 19:04 72264 C:\kav\kav7.0\english\setup.exe
    2008-02-08 19:04 72264 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0002425.exe

    2007-08-02 16:53 536 C:\kav\kav7.0\english\setup.reg
    2007-08-02 16:53 536 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0002426.reg

    2008-05-22 18:53 88 C:\Program Files\BOINC\slots\0\libfftw3f-3-1-1a_upx.dll
    2008-05-16 20:50 88 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0001282.dll
    2008-05-22 02:25 88 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0002419.dll

    2008-05-22 18:53 100 C:\Program Files\BOINC\slots\0\setiathome_5.27_windows_intelx86.exe
    2008-05-16 20:50 100 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0001283.exe
    2008-05-22 02:25 100 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0002420.exe

    2008-05-21 23:23 88 C:\Program Files\BOINC\slots\1\libfftw3f-3-1-1a_upx.dll
    2008-05-18 14:09 88 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0001279.dll

    2008-05-21 23:23 100 C:\Program Files\BOINC\slots\1\setiathome_5.27_windows_intelx86.exe
    2008-05-18 14:09 100 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0001280.exe

    2008-05-23 17:41 531932 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
    2008-05-22 17:01 531932 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP10\A0002456.dll
    2008-05-22 04:38 531932 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002306.dll

    C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20080508.002\IDS9xx86.dll
    2007-12-04 19:05 157120 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000212.dll

    C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20080508.002\IDSviA64.sys
    2008-02-13 09:18 359472 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000215.sys

    C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20080508.002\IDSvix86.sys
    2008-02-13 09:18 261680 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000218.sys

    C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20080508.002\IDSxpx86.dll
    2008-02-13 09:18 685424 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000219.dll

    C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20080508.002\SymIDSco.sys
    2008-02-13 09:18 240496 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000220.sys

    C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20080508.002\SymIDSI.dll
    2008-02-13 09:18 173424 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000222.dll

    C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080520.001\hub.scr
    2006-12-22 09:12 290 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000211.scr

    C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080521.001\hub.scr
    2006-12-22 09:12 290 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0001281.scr

    C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080522.001\hub.scr
    2006-12-22 09:12 290 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002307.scr

    C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080522.002\hub.scr
    2006-12-22 09:12 290 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0002421.scr

    C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080519.003\CCERASER.DLL
    2008-01-18 02:00 2561072 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000223.DLL

    C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080519.003\ECMSVR32.DLL
    2008-04-17 01:00 284016 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000225.DLL

    C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080519.003\EECTRL.SYS
    2008-01-18 02:00 385072 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000226.SYS

    C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080519.003\ERASER.SYS
    2008-01-18 02:00 109616 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000228.SYS

    C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080519.003\NAVENG.SYS
    2008-04-17 01:00 82256 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000229.SYS

    C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080519.003\NAVENG32.DLL
    2008-04-17 01:00 128368 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000231.DLL

    C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080519.003\NAVEX15.SYS
    2008-04-17 01:00 895408 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000232.SYS

    C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080519.003\NAVEX32A.DLL
    2008-04-17 01:00 943472 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000234.DLL

    C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080520.004\CCERASER.DLL
    2008-01-18 02:00 2561072 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002308.DLL

    C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080520.004\ECMSVR32.DLL
    2008-04-17 01:00 284016 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002310.DLL

    C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080520.004\EECTRL.SYS
    2008-01-18 02:00 385072 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002311.SYS

    C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080520.004\ERASER.SYS
    2008-01-18 02:00 109616 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002313.SYS

    C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080520.004\NAVENG.SYS
    2008-04-17 01:00 82256 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002314.SYS

    C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080520.004\NAVENG32.DLL
    2008-04-17 01:00 128368 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002316.DLL

    C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080520.004\NAVEX15.SYS
    2008-04-17 01:00 895408 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002317.SYS

    C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080520.004\NAVEX32A.DLL
    2008-04-17 01:00 943472 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002319.DLL

    C:\Program Files\Google\GoogleToolbar1.dll
    2007-10-13 11:50 2554944 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP11\A0002506.dll

    C:\Program Files\WildTangent\Apps\ActiveLauncher\ActiveLauncher0200.dll
    2004-09-08 08:56 298456 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000145.dll

    C:\Program Files\WildTangent\Apps\CDA\CDAEngine0400.dll
    2005-08-13 18:07 302528 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000144.dll

    C:\Program Files\WildTangent\Apps\CDA\CDAEngine0501.dll
    2005-08-13 18:07 302528 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000143.dll

    C:\Program Files\WildTangent\Apps\CDA\CDALogger0402.dll
    2005-07-26 22:12 36864 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000147.dll

    C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
    2006-03-16 18:24 41688 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000152.exe

    C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
    2005-08-13 18:08 28616 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000148.exe

    C:\Program Files\WildTangent\Apps\CDA\wtControlPanel.dll
    2005-09-02 13:51 58320 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000150.dll

    C:\Program Files\WildTangent\Apps\CDA\wtControlPanel.exe
    2005-09-02 13:52 86016 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000151.exe

    C:\Program Files\WildTangent\Apps\DRM0302.dll
    2003-09-04 16:12 21504 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000101.dll

    C:\Program Files\WildTangent\Apps\rDRM0302.dll
    2003-09-04 16:14 24576 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000102.dll

    C:\Program Files\WildTangent\Apps\WireControl.dll
    2005-08-30 11:50 98304 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000142.dll

    C:\Program Files\WildTangent\Components\wtAppConfig0501.dll
    2005-08-13 18:07 31696 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000153.dll

    C:\Program Files\WildTangent\Components\wtCache0200.dll
    2004-11-08 17:51 35840 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000170.dll

    C:\Program Files\WildTangent\Components\wtCache0300.dll
    2005-08-12 15:38 98272 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000158.dll

    C:\Program Files\WildTangent\Components\wtCookie0501.dll
    2005-08-13 18:07 18376 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000154.dll

    C:\Program Files\WildTangent\Components\wtDownloader0200.dll
    2004-11-08 17:52 55296 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000171.dll

    C:\Program Files\WildTangent\Components\wtDownloader0301b.dll
    2005-08-12 15:37 223208 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000159.dll

    C:\Program Files\WildTangent\Components\wtGameData0501.dll
    2005-08-13 18:08 56776 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000155.dll

    C:\Program Files\WildTangent\Components\wtGUI0501.dll
    2005-08-13 18:08 161728 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000156.dll

    C:\Program Files\WildTangent\Components\wtIO0200.dll
    2004-11-08 17:52 22016 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000172.dll

    C:\Program Files\WildTangent\Components\wtIO0300.dll
    2005-08-12 15:36 81880 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000160.dll

    C:\Program Files\WildTangent\Components\wtKernel0200.dll
    2004-11-08 17:52 22528 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000173.dll

    C:\Program Files\WildTangent\Components\wtKernel0300.dll
    2005-08-12 15:36 140768 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000161.dll

    C:\Program Files\WildTangent\Components\wtLua0200.dll
    2004-11-08 17:50 51200 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000174.dll

    C:\Program Files\WildTangent\Components\wtLua0300.dll
    2005-08-12 15:39 116696 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000162.dll

    C:\Program Files\WildTangent\Components\wtNetworking0200.dll
    2004-11-08 17:51 16896 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000175.dll

    C:\Program Files\WildTangent\Components\wtPropertyBag0200.dll
    2004-11-08 17:51 21504 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000176.dll

    C:\Program Files\WildTangent\Components\wtPropertyBag0300.dll
    2005-08-12 15:38 146408 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000163.dll

    C:\Program Files\WildTangent\Components\wtScript0200.dll
    2004-11-08 17:50 18944 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000177.dll

    C:\Program Files\WildTangent\Components\wtScript0300.dll
    2005-08-12 15:38 23008 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000164.dll

    C:\Program Files\WildTangent\Components\wtSerialization0200.dll
    2004-11-08 17:51 16384 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000178.dll

    C:\Program Files\WildTangent\Components\wtSerialization0300.dll
    2005-08-12 15:39 86000 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000165.dll

    C:\Program Files\WildTangent\Components\wtStreamProcessing0200.dll
    2004-11-08 17:51 14848 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000179.dll

    C:\Program Files\WildTangent\Components\wtStreamProcessing0301.dll
    2005-08-12 15:38 46584 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000166.dll

    C:\Program Files\WildTangent\Components\wtSystem0200.dll
    2004-11-08 17:51 17920 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000180.dll

    C:\Program Files\WildTangent\Components\wtSystem0300.dll
    2005-08-12 15:38 74720 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000167.dll

    C:\Program Files\WildTangent\Components\wtSystemConfig0300.dll
    2005-08-12 15:38 51696 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000168.dll

    C:\Program Files\WildTangent\Components\wtUserSupport0501.dll
    2005-08-13 18:07 19400 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000157.dll

    C:\Program Files\WildTangent\Components\wtXml0200.dll
    2004-11-08 17:51 17920 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000181.dll

    C:\Program Files\WildTangent\Components\wtXml0300.dll
    2005-08-12 15:37 92632 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000169.dll

    C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustCall64.dll
    2008-05-20 22:31 41449 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0000187.dll

    C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCall.dll
    2008-05-20 22:31 27113 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0000188.dll

    C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla.dll
    2008-05-20 22:31 73728 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0000189.dll

    C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla1.dll
    2008-05-20 22:31 73728 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0000190.dll

    C:\WINDOWS\system32\drivers\gvM56.sys
    2008-05-21 20:22 29056 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000205.sys

    C:\WINDOWS\system32\drivers\IsDrv122.sys
    2008-05-21 22:12 211893 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0001275.sys

    C:\WINDOWS\system32\drivers\vbH21.sys
    2008-05-22 06:05 29056 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002305.sys

    C:\WINDOWS\system32\khfEUljg.dll
    2008-05-17 10:54 29824 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP7\A0000253.dll

    C:\WINDOWS\system32\nregbflx.dll
    2008-05-20 22:08 91264 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0001264.dll

    C:\WINDOWS\system32\pmnlkJyY.dll
    2008-05-17 10:53 29824 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP7\A0000254.dll

    C:\WINDOWS\system32\rqRIcdDs.dll
    2008-05-17 10:59 318848 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP2\A0000015.dll

    C:\WINDOWS\system32\tilqltaa.dll
    2008-05-20 21:08 91264 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0000197.dll

    C:\WINDOWS\system32\WinCtrl32.dll
    2008-05-22 17:34 14336 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP11\A0002508.dll
    2008-05-22 16:17 14336 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0002366.dll

    C:\WINDOWS\system32\ygrfyega.dll
    2008-05-21 22:01 90112 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP10\A0002445.dll

    C:\WINDOWS\wt\updater\wcmdmgr.exe
    2005-09-02 13:50 9168 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000183.exe

    C:\WINDOWS\wt\updater\wcmdmgrl.exe
    2005-09-02 13:50 9168 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000184.exe

    C:\WINDOWS\wt\webdriver.dll
    2005-06-13 13:10 71 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000106.dll

    C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll
    2004-05-14 07:56 102400 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000127.dll

    C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll
    2004-05-14 07:56 45056 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000128.dll

    C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll
    2004-05-14 07:55 65536 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000129.dll

    C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll
    2004-05-14 07:55 155648 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000130.dll

    C:\WINDOWS\wt\webdriver\4.1.1\sound.dll
    2004-05-14 07:56 98304 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000138.dll

    C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll
    2004-05-14 07:55 737280 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000131.dll

    C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll
    2004-05-14 07:58 712704 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000132.dll

    C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe
    2004-04-26 14:19 61440 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000133.exe

    C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll
    2004-04-26 14:19 57344 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000134.dll

    C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll
    2004-03-09 18:57 73728 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000135.dll

    C:\WINDOWS\wt\webdriver\jdriver.dll
    2004-05-24 13:37 167936 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000103.dll

    C:\WINDOWS\wt\webdriver\rdriver.dll
    2004-05-24 13:37 159744 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000104.dll

    C:\WINDOWS\wt\webdriver\wtdmmp.dll
    2003-10-27 12:42 36864 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000096.dll

    C:\WINDOWS\wt\webdriver\wtdmmpv.dll
    2003-11-10 18:38 49152 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000097.dll

    C:\WINDOWS\wt\wt3d.dll
    2005-06-13 13:10 71 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000107.dll

    C:\WINDOWS\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmp.dll
    2003-10-27 12:42 36864 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000094.dll

    C:\WINDOWS\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpv.dll
    2003-11-10 18:38 49152 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000095.dll

    C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll
    2003-09-04 16:12 21504 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000098.dll

    C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll
    2003-09-04 16:13 24576 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000100.dll

    C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll
    2003-09-04 16:14 24576 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000099.dll

    C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll
    2004-05-14 07:56 102400 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000109.dll

    C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll
    2004-05-14 07:56 45056 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000110.dll

    C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll
    2004-05-14 07:55 65536 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000111.dll

    C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll
    2003-08-20 14:53 167936 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000112.dll

    C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll
    2004-05-18 17:30 71 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000124.dll

    C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll
    2004-05-18 17:30 71 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000125.dll

    C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll
    2004-04-26 14:19 32768 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000140.dll

    C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll
    2004-05-14 07:55 155648 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000113.dll

    C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll
    2003-08-20 14:53 159744 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000114.dll

    C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll
    2004-05-14 07:56 98304 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000123.dll

    C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll
    2004-05-14 07:55 737280 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000115.dll

    C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll
    2004-05-14 07:58 712704 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000116.dll

    C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe
    2004-04-26 14:19 61440 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000117.exe

    C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll
    2004-04-26 14:19 57344 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000118.dll

    C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll
    2004-03-09 18:57 73728 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000119.dll

    C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll
    2004-02-16 10:47 53248 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000120.dll

    C:\WINDOWS\wt\wtupdates\WireControl\1.0.0.63\files\WireControl.dll
    2005-04-04 18:01 98304 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000141.dll

    C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll
    2005-08-30 11:50 98304 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000185.dll

    C:\WINDOWS\wt\wtvh.dll
    2004-02-16 10:47 53248 {46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000105.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 20:25 81920]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-02 21:49 68856]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 13:09 460784]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 17:25 49152]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
    "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 10:34 122880]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2005-07-22 15:02 126464]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-08 17:20 451896]
    "nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-18 10:32 451896]
    "LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
    "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
    "CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 04:07 19968 C:\WINDOWS\system32\Ctxfihlp.exe]
    "CTHelper"="CTHELPER.EXE" [2006-12-12 11:46 19456 C:\WINDOWS\system32\CtHelper.exe]
    "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 00:00 45056]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-14 20:10 116328]
    "Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 18:54 166304]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
    "mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 15:53 169264]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 17:19 29744]
    "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "806788f8"="C:\WINDOWS\system32\mlbuqobj.dll" [2008-05-22 23:03 90624]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SetDefaultMIDI"="MIDIDEF.exe" [2005-09-20 09:51 25600 C:\WINDOWS\MIDIDEF.EXE]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 04:00 44544]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2007-03-01 11:19:50 3604480]
    DataViz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe [2003-07-01 22:16:46 24576]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-05 01:02:54 784912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlkJyY]
    pmnlkJyY.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
    WinCtrl32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\meA23.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
    "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
    "C:\\Program Files\\Palm\\HOTSYNC.EXE"=
    "C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
    "C:\\WINDOWS\\system32\\ftp.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service

    R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 02:00]
    R2 Maxtor Sync Service;Maxtor Service;"C:\Program Files\Maxtor\Sync\SyncServices.exe" [2007-09-28 13:24]
    R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
    R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
    R2 ZuneBusEnum;Zune Bus Enumerator;C:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 18:54]
    R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 09:36]
    S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 17:19]
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
    S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2005-02-14 15:10]
    S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;C:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-05-17 18:05:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-05-24 01:08:50 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-23 18:06:54
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    C:\WINDOWS\TEMP\TMP000000088FF057223A44AD41 524288 bytes executable
    C:\WINDOWS\system32\jboqublm.ini 294 bytes

    scan completed successfully
    hidden files: 2

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\system32\nview.dll
    -> C:\WINDOWS\system32\mlbuqobj.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\CTxfispi.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Palm\HOTSYNC.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\BOINC\boinc.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_5.27_windows_intelx86.exe
    C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_5.27_windows_intelx86.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    .
    **************************************************************************
    .
    Completion time: 2008-05-23 18:13:34 - machine was rebooted [Dad]
    ComboFix-quarantined-files.txt 2008-05-24 01:13:28
    ComboFix2.txt 2008-05-23 00:40:35
    ComboFix3.txt 2008-05-22 04:59:03
    ComboFix4.txt 2008-05-21 05:05:24

    Pre-Run: 370,494,963,712 bytes free
    Post-Run: 370,493,329,408 bytes free

    595 --- E O F --- 2008-05-23 00:10:00


    Kaspersky Online ScannerWelcome to the Kaspersky Online Scanner! Use it to
    scan your PC for viruses and other malware for free
    Warning: if you have installed Kaspersky Online Scanner Pro, please
    manually uninstall it using "Add/Remove Programs" before installing this
    version! Otherwise this version will not function correctly.

    Benefits:


    Kaspersky Anti-Virus exceptional detection rates and thorough scanning
    Hourly AV database updates available each time the Online Scanner is
    launched
    Heuristic analysis to detect unknown viruses
    Simple installation (just click on a link)

    Requirements and limitations:


    When using this service for the first time, you have to run with
    Administrator privileges in order to install the product. Also, you will
    need to download and install files about 400 KB in size followed by 9 MB
    of virus definitions.
    However, if you use the Online Scanner again, you will only need to
    download the files that have been updated since your last scan.
    The Online Scanner service offered by Kaspersky Lab uses Microsoft ActiveX
    technology. Microsoft ActiveX Technology and the Kaspersky Online Scanner
    work only with MS Internet Explorer 6.0 or higher.
    We cannot guarantee that the Online Scanner will function correctly if you
    are using any other browser or any Internet Explorer extensions (such as
    AvantBrowser). If you use a different browser, you can use the Kaspersky
    File Scanner to scan individual files.
    The free Kaspersky Online Scanner does not scan boot sectors and MBRs, so
    it cannot detect malicious code located in these areas.
    Please note: The free Kaspersky Online Scanner does not protect against
    malicious code, and cannot prevent future infections. It only detects
    malware that has already penetrated your computer. We strongly recommend
    that you install a full antivirus solution to protect your system.

    Privacy statement:

    The Kaspersky Online Scanner will collect information about the malicious
    programs found on your computer during the scanning process. The
    information will be sent to the Kaspersky Virus Lab for statistical
    purposes. No personal information about you or specific information about
    your system will be collected or transmitted to Kaspersky Lab.
    Select: All, None, Suspicious Selected objects: 0

    Scan settings:
    Here you can configure the scanning process.

    Scan using the following antivirus database:
    standard - detect viruses, worms, Trojans,
    rootkits
    extended - protect your computer from Spyware,
    adware, dialers and potentially dangerous
    software such as remote access utilities, prank
    programs and jokes. We do not recommend this
    option to beginners or inexperienced users.

    Scan options:
    Scan Archives - scan files inside archives
    Note: affects all targets except 'A
    File...' scan target.
    Scan Mail Bases - scan e-mails/attachments
    inside mail base files
    Note: affects all targets except 'My
    Email' and 'A File...' scan targets.

    Initialize Kaspersky Online Scanner
    (downloading and installing Kaspersky Online
    Scanner ActiveX from the server into your
    computer)

    Update Kaspersky Anti-Virus Databases [100%]:
    (downloading and installing the latest Kaspersky
    Anti-Virus Databases)

    Update finished. Ready to scan.
    Next
    Please select a target to scan:
    You can configure the scanning process by
    pressing "Scan Settings" button.

    Critical Areas
    scan critical areas of your hard disks
    specified in %windir% and %tmp% system variables
    Memory
    scan disk modules of running processes
    My Computer
    scan all your hard and mapped disks
    My Email
    scan all your hard and mapped disks only for the
    following extensions: *.PST; *.MSG; *.OST;
    *.MDB; *.DBX; *.EML; *.MBS
    Folders...
    scan selected folders
    A File...
    scan a one file

    Warning: The Kaspersky Online Scanner may not
    run successfully while any other Anti-Virus
    software is running. If you have Anti-Virus
    software installed, please disable your AV
    protection before running the Kaspersky Online
    Scanner.
    Selected target: My Computer
    Source: C:\; D:\; E:\; F:\; G:\; H:\; I:\; J:\;

    Report is empty.
    Please note: The free Kaspersky Online Scanner
    does not provide comprehensive protection and
    cannot prevent future infections. It only
    detects malware that has already penetrated your
    storage devices. We strongly recommend that you
    use a fully-functional antivirus solution to
    protect your computer at all times.

    Please wait, this process may take a long time
    depending on the selected target. If you want to
    continue browsing, open a new window.

    Scan Progress [99%]:

    Total number of scanned objects:294083
    Number of viruses found:11
    Number of infected objects:32
    Number of suspicious objects:0
    Duration of the scan process:03:59:59
    Stop Scan

    Product Info
    You have Kaspersky Online Scanner version 5.0.98.0
    installed. The current anti-virus database was
    released on Saturday, May 24, 2008 and contains
    799443 records.

    System Info
    Operating System: Microsoft Windows XP
    Professional, Service Pack 2 (Build 2600)Please
    wait while the Kaspersky Online Scanner is
    initializing and updating...

  8. #8
    Retired Security Volunteer
    Join Date
    Sep 2007
    Location
    Ireland
    Posts
    1,620

    Default

    Hello


    1. Close any open browsers.

    2. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    C:\WINDOWS\system32\mlbuqobj.dll
    C:\WINDOWS\system32\drivers\gvM56.sys
    C:\WINDOWS\system32\drivers\vbH21.sys
    C:\WINDOWS\system32\khfEUljg.dll
    C:\WINDOWS\system32\nregbflx.dll
    C:\WINDOWS\system32\pmnlkJyY.dll
    C:\WINDOWS\system32\rqRIcdDs.dll
    C:\WINDOWS\system32\tilqltaa.dll
    C:\WINDOWS\system32\WinCtrl32.dll
    C:\WINDOWS\system32\ygrfyega.dll

    Folder::
    C:\WINDOWS\wt

    Rootkit::
    C:\WINDOWS\system32\jboqublm.ini

    Driver::
    Save this as CFScript.txt, in the same location as ComboFix.exe




    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at "C:\ComboFix.txt"

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall





    Also post a new HijackThis log
    Who watches The Watchmen?

    It's like you said. All I am is what I'm going after.

    ~Scratch~

  9. #9
    Junior Member
    Join Date
    May 2008
    Posts
    10

    Default

    Here's the data you asked for. Thank you

    ComboFix 08-05-21.3 - Dad 2008-05-24 8:56:18.5 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1216 [GMT -7:00]
    Running from: C:\Documents and Settings\Dad\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Dad\Desktop\CFScript.txt
    * Created a new restore point

    FILE ::
    C:\WINDOWS\system32\drivers\gvM56.sys
    C:\WINDOWS\system32\drivers\vbH21.sys
    C:\WINDOWS\system32\khfEUljg.dll
    C:\WINDOWS\system32\mlbuqobj.dll
    C:\WINDOWS\system32\nregbflx.dll
    C:\WINDOWS\system32\pmnlkJyY.dll
    C:\WINDOWS\system32\rqRIcdDs.dll
    C:\WINDOWS\system32\tilqltaa.dll
    C:\WINDOWS\system32\WinCtrl32.dll
    C:\WINDOWS\system32\ygrfyega.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\jboqublm.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mlbuqobj.dll
    F:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
    .

    2008-05-23 18:26 . 2008-05-23 18:26 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-05-23 18:26 . 2008-05-23 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-05-21 21:27 . 2008-05-21 21:27 <DIR> d-------- C:\VundoFix Backups
    2008-05-20 22:32 . 2008-05-20 22:32 <DIR> d-------- C:\Program Files\Lavasoft
    2008-05-20 22:32 . 2008-05-20 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-05-18 20:36 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
    2008-05-18 20:36 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
    2008-05-18 20:36 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
    2008-05-18 20:36 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
    2008-05-18 20:36 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
    2008-05-18 20:35 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
    2008-05-18 20:35 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
    2008-05-18 20:35 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
    2008-05-18 20:35 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
    2008-05-18 20:35 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
    2008-05-18 20:35 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
    2008-05-18 20:35 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
    2008-05-18 20:35 . 2004-08-03 23:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
    2008-05-18 20:35 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
    2008-05-18 20:33 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
    2008-05-18 20:32 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
    2008-05-18 20:31 . 2001-08-17 14:56 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
    2008-05-18 20:30 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
    2008-05-18 20:29 . 2001-08-17 22:36 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
    2008-05-18 20:28 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
    2008-05-18 20:27 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
    2008-05-18 20:26 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
    2008-05-18 20:25 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
    2008-05-18 20:24 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
    2008-05-18 20:23 . 2004-08-04 00:56 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
    2008-05-18 20:22 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
    2008-05-18 20:21 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
    2008-05-18 20:20 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
    2008-05-18 20:19 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
    2008-05-18 20:18 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
    2008-05-18 20:17 . 2001-08-17 22:36 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
    2008-05-18 20:16 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
    2008-05-18 20:15 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
    2008-05-18 20:14 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
    2008-05-18 20:13 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
    2008-05-18 20:12 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
    2008-05-18 20:11 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
    2008-05-18 20:10 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
    2008-05-18 20:09 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
    2008-05-18 20:08 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
    2008-05-18 12:33 . 2008-05-18 12:33 <DIR> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
    2008-05-18 12:33 . 2008-05-18 12:39 <DIR> d-------- C:\Documents and Settings\Dad\SecurityScans
    2008-05-18 12:25 . 2008-05-18 12:25 <DIR> d-------- C:\Program Files\Sun
    2008-05-18 11:53 . 2008-05-18 11:57 5,024 --a------ C:\WINDOWS\system32\tmp.reg
    2008-05-18 11:14 . 2008-05-18 11:14 <DIR> d-------- C:\Documents and Settings\Dad\DoctorWeb
    2008-05-18 10:43 . 2008-05-18 10:43 <DIR> d-------- C:\Program Files\Trend Micro
    2008-05-17 23:05 . 2008-05-17 23:05 <DIR> d-------- C:\kav
    2008-05-17 21:52 . 2008-05-17 21:52 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-05-17 21:47 . 2008-05-17 22:35 <DIR> d-------- C:\SDFix
    2008-05-17 21:11 . 2008-05-17 21:12 <DIR> d-------- C:\Program Files\RogueRemover FREE
    2008-05-17 21:03 . 2008-05-17 21:03 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\TmpRecentIcons
    2008-05-17 17:08 . 2006-05-03 14:31 1,019,904 --a------ C:\WINDOWS\system32\cmdvdpak.cpl
    2008-05-17 14:57 . 2008-05-17 14:57 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\TmpRecentIcons
    2008-05-14 19:18 . 2008-05-14 19:18 0 --a------ C:\pspbrwse.jbf
    2008-05-08 17:54 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2008-05-08 17:54 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2008-05-08 17:53 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-05-08 17:53 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-04-29 19:04 . 2008-01-08 17:16 25,272 --a------ C:\WINDOWS\system32\drivers\purendis.sys
    2008-04-29 19:04 . 2008-01-08 17:16 23,992 --a------ C:\WINDOWS\system32\drivers\pnarp.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-24 16:00 --------- d-----w C:\Program Files\BOINC
    2008-05-24 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-05-24 05:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-05-24 00:59 --------- d-----w C:\Program Files\Google
    2008-05-23 05:53 --------- d-----w C:\Program Files\Agent
    2008-05-22 03:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-05-21 05:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-05-21 05:20 --------- d-----w C:\Program Files\WildTangent
    2008-05-18 19:25 --------- d-----w C:\Program Files\Java
    2008-05-18 02:30 --------- d-----w C:\Program Files\Norton Security Scan
    2008-05-18 00:08 --------- d-----w C:\Program Files\Common Files\Sonic Shared
    2008-05-16 03:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
    2008-04-30 02:04 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
    2008-04-29 00:08 --------- d-----w C:\Program Files\Safari
    2008-04-29 00:07 --------- d-----w C:\Program Files\Apple Software Update
    2008-04-22 22:55 --------- d-----w C:\Program Files\Norton 360
    2008-04-20 00:56 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-04-19 19:40 --------- d-----w C:\Program Files\LimeWire
    2008-04-16 04:16 --------- d-----w C:\Documents and Settings\Dad\Application Data\LimeWire
    2008-04-08 03:27 --------- d-----w C:\Program Files\iTunes
    2008-04-08 03:27 --------- d-----w C:\Program Files\iPod
    2008-04-08 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-04-07 00:00 --------- d-----w C:\Program Files\QuickTime
    2008-04-05 07:11 --------- d-----w C:\Documents and Settings\Dad\Application Data\Apple Computer
    2008-04-05 05:34 --------- d-----w C:\Program Files\Palm
    2008-04-05 00:56 --------- d-----w C:\Program Files\BFVCC Server Manager
    2008-04-05 00:55 737,280 -c--a-w C:\WINDOWS\iun6002.exe
    2008-04-05 00:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-05 00:44 --------- d-----w C:\Program Files\GameSpy Arcade
    2008-04-01 01:01 --------- d-----w C:\Program Files\Common Files\Apple
    2008-03-30 01:59 --------- d-----w C:\Program Files\Documents To Go
    2008-03-28 02:13 --------- d-----w C:\Program Files\FirstClass
    2008-03-13 01:50 4,063,800 ----a-w C:\office2003-KB948073-ENU.exe
    2007-11-15 00:00 560 -c--a-w C:\Documents and Settings\Dad\Application Data\ViewerApp.dat
    2006-05-30 23:52 496,749 -c--a-w C:\Program Files\elevatorsuck1.rm
    2006-04-14 17:44 104 --sha-r C:\WINDOWS\system32\1E179C0C29.sys
    2006-07-05 18:25 88 --sha-r C:\WINDOWS\system32\290C9C171E.sys
    2007-12-06 03:04 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-20_22.04.54.40 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-21 04:42:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-24 16:03:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-21 05:32:12 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
    + 2008-05-21 05:32:12 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
    + 2008-05-21 05:32:12 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
    + 2008-05-21 05:32:12 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
    + 2007-07-11 21:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
    + 2007-08-07 20:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    + 2007-08-07 20:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    + 2005-05-24 19:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
    + 2007-08-29 22:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    + 2007-08-29 22:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    + 2007-12-14 19:32:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    + 2008-05-24 16:03:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_25c.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 20:25 81920]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-02 21:49 68856]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 13:09 460784]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 17:25 49152]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
    "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 10:34 122880]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2005-07-22 15:02 126464]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-08 17:20 451896]
    "nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-18 10:32 451896]
    "LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
    "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
    "CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 04:07 19968 C:\WINDOWS\system32\Ctxfihlp.exe]
    "CTHelper"="CTHELPER.EXE" [2006-12-12 11:46 19456 C:\WINDOWS\system32\CtHelper.exe]
    "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 00:00 45056]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-14 20:10 116328]
    "Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 18:54 166304]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
    "mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 15:53 169264]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 17:19 29744]
    "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "806788f8"="C:\WINDOWS\system32\mlbuqobj.dll" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SetDefaultMIDI"="MIDIDEF.exe" [2005-09-20 09:51 25600 C:\WINDOWS\MIDIDEF.EXE]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 04:00 44544]

    C:\Documents and Settings\Dad\Start Menu\Programs\Startup\
    HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2003-07-25 17:29:32 299008]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2007-03-01 11:19:50 3604480]
    DataViz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe [2003-07-01 22:16:46 24576]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-05 01:02:54 784912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlkJyY]
    pmnlkJyY.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
    WinCtrl32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\meA23.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
    "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
    "C:\\Program Files\\Palm\\HOTSYNC.EXE"=
    "C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
    "C:\\WINDOWS\\system32\\ftp.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service

    R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 02:00]
    R2 Maxtor Sync Service;Maxtor Service;"C:\Program Files\Maxtor\Sync\SyncServices.exe" [2007-09-28 13:24]
    R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
    R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
    R2 ZuneBusEnum;Zune Bus Enumerator;C:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 18:54]
    R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 09:36]
    S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 17:19]
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
    S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2005-02-14 15:10]
    S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;C:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-05-17 18:05:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-05-24 16:06:24 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-24 09:04:25
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\CTxfispi.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\BOINC\boinc.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    .
    **************************************************************************
    .
    Completion time: 2008-05-24 9:10:47 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-24 16:10:43
    ComboFix2.txt 2008-05-24 01:13:36
    ComboFix3.txt 2008-05-23 00:40:35
    ComboFix4.txt 2008-05-22 04:59:03
    ComboFix5.txt 2008-05-21 05:05:24

    Pre-Run: 370,398,167,040 bytes free
    Post-Run: 370,383,257,600 bytes free

    298 --- E O F --- 2008-05-23 00:10:00

    **********************************************************

    \Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:11:34 AM, on 5/24/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Maxtor\Sync\SyncServices.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\ZuneBusEnum.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\nvraidservice.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\BOINC\boincmgr.exe
    C:\WINDOWS\DvzCommon\DvzMsgr.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Palm\HOTSYNC.EXE
    C:\Program Files\BOINC\boinc.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [806788f8] rundll32.exe "C:\WINDOWS\system32\mlbuqobj.dll",b
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
    O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
    O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1211170065375
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1199331003109
    O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) -
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...89/mcfscan.cab
    O20 - Winlogon Notify: pmnlkJyY - pmnlkJyY.dll (file missing)
    O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 15001 bytes

    thanks for your help

  10. #10
    Retired Security Volunteer
    Join Date
    Sep 2007
    Location
    Ireland
    Posts
    1,620

    Default

    Hello

    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [806788f8] rundll32.exe "C:\WINDOWS\system32\mlbuqobj.dll",b
    O20 - Winlogon Notify: pmnlkJyY - pmnlkJyY.dll (file missing)
    O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)


    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




    1. Close any open browsers.

    2. Open notepad and copy/paste the text in the quotebox below into it:

    File::

    Folder::

    Registry::
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\meA23.sys]

    Driver::
    Save this as CFScript.txt, in the same location as ComboFix.exe




    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at "C:\ComboFix.txt"

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall






    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



    Reboot and post a new HijackThis log and tell me how the PC is running
    Who watches The Watchmen?

    It's like you said. All I am is what I'm going after.

    ~Scratch~

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •