win32.tdss.rtk -no i-net, dev drives/disabled

DDS (Ver_09-07-30.01) - NTFSx86
Run by John Doe at 11:26:43.57 on Mon 08/17/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.579 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Linksys\WUSBF54G\NICServ.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
K:\Security\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\linksy~1.lnk - c:\program files\linksys\wusbf54g\wlMonitor.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\johndo~1\applic~1\mozilla\firefox\profiles\g8ttv7fh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - plugin: c:\documents and settings\john doe\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\john doe\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-16 11608]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-8-16 353672]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-16 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-16 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-16 55656]
R2 NICSer_WUSBF54G;NICSer_WUSBF54G;c:\program files\linksys\wusbf54g\NICServ.exe [2009-6-14 529920]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2009-6-9 40576]
R3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [2009-5-5 219648]
R3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [2009-5-5 475264]
R3 ZD1211U(Linksys);Linksys Wireless-G USB Network Adapter Driver(Linksys);c:\windows\system32\drivers\ZD1211U.sys [2009-6-14 278528]
S2 FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;c:\docume~1\johndo~1\locals~1\temp\ixp001.tmp\fah.exe -svcstart --> c:\docume~1\johndo~1\locals~1\temp\ixp001.tmp\FAH.exe -svcstart [?]
S2 gupdate1c9bf8863d9adfc;Google Update Service (gupdate1c9bf8863d9adfc);c:\program files\google\update\GoogleUpdate.exe [2009-4-17 133104]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-3 14336]

=============== Created Last 30 ================

2009-08-17 02:11 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-17 01:53 <DIR> --d----- c:\windows\system32\appmgmt
2009-08-17 01:42 <DIR> a-dshr-- C:\cmdcons
2009-08-16 03:46 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-08-16 03:46 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-08-16 03:46 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-08-16 03:46 <DIR> --d----- c:\program files\Zone Labs
2009-08-16 03:46 350,192 a------- c:\windows\system32\vsconfig.xml
2009-08-16 03:45 <DIR> --d----- c:\windows\Internet Logs
2009-08-16 03:36 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-16 03:36 <DIR> --d----- c:\program files\Avira
2009-08-16 03:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-08-16 01:15 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-08-16 01:13 <DIR> --d----- c:\windows\system32\wbem\snmp
2009-08-16 01:13 <DIR> --d----- c:\windows\system32\xircom
2009-08-16 01:13 <DIR> --d----- c:\windows\system32\ime
2009-08-16 01:13 <DIR> --d----- c:\windows\srchasst
2009-08-16 01:13 <DIR> --d----- c:\program files\msn gaming zone
2009-08-16 01:13 <DIR> --d----- c:\program files\common files\speechengines
2009-08-16 01:04 216,064 a------- c:\windows\PEV.exe
2009-08-16 01:04 161,792 a------- c:\windows\SWREG.exe
2009-08-16 01:04 98,816 a------- c:\windows\sed.exe
2009-08-11 12:12 1,334 a------- c:\windows\wininit.ini
2009-08-09 00:28 <DIR> --d----- c:\program files\IZArc
2009-08-07 23:11 <DIR> --d----- C:\ILLUSION
2009-08-07 23:02 <DIR> --d----- c:\windows\system32\URTTemp
2009-07-24 02:32 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-07-24 02:21 <DIR> --d----- c:\windows\system32\DirectX
2009-07-24 02:21 <DIR> --d----- c:\windows\Logs
2009-07-24 02:21 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-07-24 02:21 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-07-24 02:00 <DIR> --d----- c:\program files\Deep Silver
2009-07-24 02:00 <DIR> --d----- c:\windows\system32\AGEIA
2009-07-24 01:59 <DIR> --d----- c:\docume~1\johndo~1\applic~1\DAEMON Tools Pro
2009-07-24 01:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-07-24 01:04 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-07-24 01:04 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-07-24 01:01 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-07-24 01:01 <DIR> --d----- c:\docume~1\johndo~1\applic~1\DAEMON Tools Lite
2009-07-23 03:46 67 a------- c:\windows\lz_scm.ini
2009-07-22 11:00 97,792 a------- c:\windows\system32\drivers\ACEDRV05.sys
2009-07-22 10:44 221,184 a------- c:\windows\system32\wmpns.dll
2009-07-21 09:13 <DIR> --d----- c:\program files\Ascaron Entertainment

==================== Find3M ====================

2009-08-17 02:10 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-25 08:21 98,304 a------- c:\windows\DUMP76e5.tmp
2009-07-01 17:55 90,112 a------- c:\windows\DUMP853d.tmp
2009-06-27 08:14 2,048 a------- c:\windows\system32\Tr_sttool.dat
2009-06-06 09:38 692,224 a------- c:\windows\system32\bsrmgcv.dll
2009-06-06 09:38 192,512 a------- c:\windows\system32\bsrmgps.dll
2009-06-06 09:38 585,728 a------- c:\windows\system32\bsratswf.dll
2009-06-06 09:38 147,456 a------- c:\windows\system32\bsratwmv.dll

============= FINISH: 11:27:30.75 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/16/2009 9:29:45 AM
System Uptime: 8/17/2009 1:54:43 AM (10 hours ago)

Motherboard: ASUSTek Computer INC. | | NAGAMI2
Processor: AMD Athlon(tm) 64 Processor 3700+ | Socket 939 | 2204/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 92.135 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
K: is FIXED (FAT32) - 466 GiB total, 323.059 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\AWY0001\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\C3D52F11D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\C3D52F11D800
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&180DF4C5&0&01
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&180DF4C5&0&01
Service: NVENETFD

==== System Restore Points ===================

RP103: 8/16/2009 1:08:28 AM - ComboFix created restore point
RP104: 8/16/2009 3:35:35 AM - Avira AntiVir Personal - 8/16/2009 3:35
RP105: 8/17/2009 1:53:40 AM - Removed Adobe Reader 6.0.1
RP106: 8/17/2009 1:59:04 AM - Removed Java(TM) 6 Update 13
RP107: 8/17/2009 2:06:10 AM - Installed Adobe Reader 9.1.
RP108: 8/17/2009 2:10:48 AM - Installed Java(TM) 6 Update 16

==== Installed Programs ======================

Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
AGEIA PhysX v7.11.13
ArcSoft VideoImpression 2
Artificial Girl 3
Avira AntiVir Personal - Free Antivirus
BSR Screen Recorder 4
Choice Guard
Comcast High-Speed Internet Install Wizard
DAEMON Tools Toolbar
DivX Web Player
Google Chrome
Google Update Helper
HAKO
HP Webcam
IZArc 4.0 beta 1
Java(TM) 6 Update 16
K-Lite Codec Pack 4.7.5 (Basic)
Linksys Wireless Network Monitor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Move Media Player
Mozilla Firefox (3.0.13)
MSVCRT
NVIDIA Drivers
Realtek High Definition Audio Driver
Sacred 2
Sacred Underworld
Segoe UI
Spybot - Search & Destroy
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Virtual Audio Cable 4.9
VLC media player 0.9.9
Winamp
Windows Driver Package - usbvm326 (usbvm328) Image (10/12/2006 326.1.061012.07)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
World of Warcraft
ZoneAlarm

==== Event Viewer Messages From Past Week ========

8/17/2009 1:56:44 AM, error: Service Control Manager [7023] - The wscsvc service terminated with the following error: The specified module could not be found.
8/17/2009 1:56:44 AM, error: Service Control Manager [7023] - The ERSvc service terminated with the following error: The specified module could not be found.
8/16/2009 1:15:13 AM, error: Service Control Manager [7000] - The wscsvc service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
8/16/2009 1:09:00 AM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
8/16/2009 1:09:00 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
8/16/2009 1:09:00 AM, error: Service Control Manager [7000] - The helpsvc service failed to start due to the following error: The system cannot find the file specified.
8/16/2009 1:09:00 AM, error: Service Control Manager [7000] - The FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe service failed to start due to the following error: The system cannot find the path specified.
8/16/2009 1:07:57 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0014BFBE82FD. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
8/13/2009 1:28:27 AM, error: Sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
8/10/2009 11:16:30 AM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
8/10/2009 11:16:30 AM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

==== End Of File ===========================



still infected :-( damn p2p!
 
Hi,

Let's take that SystemLook -part again with following contents:
Code: 
:filefind
beep.sys
msgsvc.dll
wscntfy.exe
ntmssvc.dll

Again, post back the results.


Then delete these files:
c:\windows\system32\xa.tmp
C:\Documents and Settings\John Doe\Desktop\Backup\Brandon's Stuff\MyMusic\Audioslave - Original fire.mp3
C:\Documents and Settings\John Doe\Desktop\Backup\Brandon's Stuff\Porn\Games\EGirl v.1.5 (full) 3D X game\EGirlInstaller_v1.5.EXE
K:\Media\Porn\Games\EGirl v.1.5 (full) 3D X game\EGirlInstaller_v1.5.EXE
 
c:\windows\system32\xa.tmp isn't there. not hidden either... ran systemlook for it, not found under c:\windows\system32\xa.tmp or xa.tmp

========== filefind ==========

Searching for "c:\windows\system32\xa.tmp"
No files found.

-=End Of File=-

========== filefind ==========

Searching for "xa.tmp"
No files found.

-=End Of File=-

deleted files:
C:\Documents and Settings\John Doe\Desktop\Backup\Brandon's Stuff\MyMusic\Audioslave - Original fire.mp3
C:\Documents and Settings\John Doe\Desktop\Backup\Brandon's Stuff\Porn\Games\EGirl v.1.5 (full) 3D X game\EGirlInstaller_v1.5.EXE
K:\Media\Porn\Games\EGirl v.1.5 (full) 3D X game\EGirlInstaller_v1.5.EXE

ran systemlook for those files, still nothing.

SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 04:34 on 18/08/2009 by John Doe (Administrator - Elevation successful)

========== filefind ==========

Searching for "beep.sys"
No files found.

Searching for "msgsvc.dll"
No files found.

Searching for "wscntfy.exe"
No files found.

Searching for "ntmssvc.dll"
No files found.

-=End Of File=-

Thanks Blade for all your help thus far!
Does this mean I am finally clean? :eek:
 
Nope. lol


Spybot reports->
...
--- Search result list ---
Win32.FraudLoad.edt: [SBI $E9CA361A] Data (File, nothing done)
C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
Properties.size=276
Properties.md5=8FB755DA3B65DE4D2CCA958821DC2EDD
Properties.filedate=1250600400
Properties.filedatetext=2009-08-18 06:00:00

Win32.FraudLoad.edt: [SBI $BBEEDD02] Data (File, nothing done)
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
Properties.size=290
Properties.md5=9EE0D1ADF57380CB0E69EABDD4C84825
Properties.filedate=1250600400
Properties.filedatetext=2009-08-18 06:00:00

Win32.FraudLoad.edt: [SBI $E205C221] Data (File, nothing done)
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
Properties.size=246
Properties.md5=9F443575DB1FABBAAAA233311762D8F8
Properties.filedate=1250600400
Properties.filedatetext=2009-08-18 06:00:00

Win32.TDSS.reg: [SBI $A5F61027] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\MSIVX\disallowed

...


*Note I did not take any actions (cleaning, removing, quarantining).


:scratch: hmmm...
 
Hi,

No, we're not ready yet. Let Spybot remove its findings.

Do you have Windows XP Pro installation media available? I'm asking this cos some system files have to be replaced from it.
 
Okay, let Spybot remove the files... Appear to come back with restart still though :-(...
I do indeed have the Xp CD.

How do I go about replacing just
beep.sys
msgsvc.dll
wscntfy.exe
ntmssvc.dll

?

Run a repair?

Mucha Gracias
 
hrmm, wondering if I can use a windows XP setup disk used for floppy boots to extract the files?

http://support.microsoft.com/kb/310994

might be easier since it's more easily accessible?

reading up, it seems that the files missing aren't imperative to running windows, looks like it's just window's "security" mainly *cough *cough probably destroyed by the malware, but i honestly don't mind not having windows updates popping up every five minutes. :2thumb:
 
Hi,

reading up, it seems that the files missing aren't imperative to running windows
Click to expand...
Enough to make your OS vulnerable so I suggest we try to retrieve them ;)

See if you can find following files on your XP Pro media (in i386 folder)
beep.sy_
msgsvc.dl_
wscntfy.ex_
ntmssvc.dl_
 
alright, copied the files from upstairs pc muha: moved them into thier correct places. beep.sys is now a running process, so i'm sure they're working. :bigthumb:

c:\windows\system32\drivers\beep.sys
c:\windows\system32\msgsvc.dll
c:\windows\system32\wscntfy.exe
c:\windows\system32\ntmssvc.dll

and here's a new systemlook report

SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 10:45 on 19/08/2009 by John Doe (Administrator - Elevation successful)

========== filefind ==========

Searching for "beep.sys"
C:\WINDOWS\system32\dllcache\beep.sys --a--- 4224 bytes [05:42 20/08/2009] [12:00 29/08/2002] DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\drivers\beep.sys --a--- 4224 bytes [05:42 20/08/2009] [12:00 29/08/2002] DA1F27D85E0D1525F6621372E7B685E9

Searching for "msgsvc.dll"
C:\WINDOWS\system32\dllcache\msgsvc.dll --a--- 33792 bytes [17:42 19/08/2009] [07:56 04/08/2004] 95FD808E4AC22ABA025A7B3EAC0375D2
C:\WINDOWS\system32\msgsvc.dll --a--- 33792 bytes [17:42 19/08/2009] [07:56 04/08/2004] 95FD808E4AC22ABA025A7B3EAC0375D2

Searching for "wscntfy.exe"
C:\WINDOWS\system32\dllcache\wscntfy.exe --a--- 13824 bytes [17:42 19/08/2009] [07:56 04/08/2004] 49911DD39E023BB6C45E4E436CFBD297
C:\WINDOWS\system32\wscntfy.exe --a--- 13824 bytes [17:42 19/08/2009] [07:56 04/08/2004] 49911DD39E023BB6C45E4E436CFBD297

Searching for "ntmssvc.dll"
C:\WINDOWS\system32\dllcache\ntmssvc.dll --a--- 435200 bytes [17:42 19/08/2009] [07:56 04/08/2004] B62F29C00AC55A761B2E45877D85EA0F
C:\WINDOWS\system32\ntmssvc.dll --a--- 435200 bytes [17:42 19/08/2009] [07:56 04/08/2004] B62F29C00AC55A761B2E45877D85EA0F

-=End Of File=-
 
--- Search result list ---
Win32.FraudLoad.edt: [SBI $0174D446] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-725345543-73586283-2147019285-1001\Software\NordBull

Win32.FraudLoad.edt: [SBI $7312D32F] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{E24211B3-A78A-C6A9-D317-70979ACE5058}


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-06-09 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-08-18 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-08-19 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-08-04 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-08-19 Includes\Malware.sbi (*)
2009-08-19 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-08-18 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-07-30 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-08-11 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-08-19 Includes\Trojans.sbi (*)
2009-08-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ MSXML 2 / SP6: Hotfix for MSXML 2 (KB887606)
/ MSXML 4 / SP2: Security Update for MSXML 4 (KB927978)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB928788)
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929773)
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB932390)
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB933547)
/ Windows Media Player / SP0: Security Update for Windows Media Player (KB911564)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB931756)
/ Windows Media Player 6.4 / SP0: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB928090)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Security Update for Windows XP (KB873339)
/ Windows XP / SP3: Update for Windows XP (KB884575)
/ Windows XP / SP3: Security Update for Windows XP (KB885836)
/ Windows XP / SP3: Update for Windows XP (KB886677)
/ Windows XP / SP3: Security Update for Windows XP (KB887472)
/ Windows XP / SP3: High Definition Audio Driver (KB888111)
/ Windows XP / SP3: Update for Windows XP (KB889016)
/ Windows XP / SP3: Update for Windows XP (KB889320)
/ Windows XP / SP3: Update for Windows XP (KB889673)
/ Windows XP / SP3: Update for Windows XP (KB892489)
/ Windows XP / SP3: Update for Windows XP (KB893008)
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894395)
/ Windows XP / SP3: Update for Windows XP (KB895961)
/ Windows XP / SP3: Update for Windows XP (KB896256)
/ Windows XP / SP3: Update for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB896626)
/ Windows XP / SP3: Update for Windows XP (KB897338)
/ Windows XP / SP3: Update for Windows XP (KB897663)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Update for Windows XP (KB898543)
/ Windows XP / SP3: Update for Windows XP (KB899271)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901190)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Update for Windows XP (KB902149)
/ Windows XP / SP3: Update for Windows XP (KB902845)
/ Windows XP / SP3: Update for Windows XP (KB902853)
/ Windows XP / SP3: Update for Windows XP (KB903250)
/ Windows XP / SP3: Update for Windows XP (KB904412)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Update for Windows XP (KB906216)
/ Windows XP / SP3: Update for Windows XP (KB906569)
/ Windows XP / SP3: Update for Windows XP (KB906866)
/ Windows XP / SP3: Update for Windows XP (KB907865)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB908536)
/ Windows XP / SP3: Update for Windows XP (KB909441)
/ Windows XP / SP3: Microsoft Base Smart Card Cryptographic Service Provider Package
/ Windows XP / SP3: Update for Windows XP (KB909608)
/ Windows XP / SP3: Update for Windows XP (KB909667)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Update for Windows XP (KB911990)
/ Windows XP / SP3: Update for Windows XP (KB912024)
/ Windows XP / SP3: Update for Windows XP (KB912461)
/ Windows XP / SP3: Update for Windows XP (KB913296)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Update for Windows XP (KB913808)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Update for Windows XP (KB914440)
/ Windows XP / SP3: Update for Windows XP (KB914463)
/ Windows XP / SP3: Update for Windows XP (KB914841)
/ Windows XP / SP3: Update for Windows XP (KB914906)
/ Windows XP / SP3: Update for Windows XP (KB915377)
/ Windows XP / SP3: Update for Windows XP (KB915378)
/ Windows XP / SP3: Update for Windows XP (KB915865)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Update for Windows XP (KB917140)
/ Windows XP / SP3: Update for Windows XP (KB917275)
/ Windows XP / SP3: Update for Windows XP (KB917730)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Update for Windows XP (KB918334)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Update for Windows XP (KB918997)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Update for Windows XP (KB920342)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Update for Windows XP (KB921401)
/ Windows XP / SP3: Update for Windows XP (KB921411)
/ Windows XP / SP3: Update for Windows XP (KB922120)
/ Windows XP / SP3: Update for Windows XP (KB922668)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Update for Windows XP (KB923154)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Update for Windows XP (KB923845)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Update for Windows XP (KB924941)
/ Windows XP / SP3: Update for Windows XP (KB925066)
/ Windows XP / SP3: Update for Windows XP (KB925528)
/ Windows XP / SP3: Update for Windows XP (KB925623)
/ Windows XP / SP3: Update for Windows XP (KB925720)
/ Windows XP / SP3: Update for Windows XP (KB925876)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Update for Windows XP (KB925922)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Update for Windows XP (KB926646)
/ Windows XP / SP3: Update for Windows XP (KB927544)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927880)
/ Windows XP / SP3: Update for Windows XP (KB928255)
/ Windows XP / SP3: Update for Windows XP (KB928595)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Update for Windows XP (KB929280)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB931192)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Update for Windows XP (KB932039)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Update for Windows XP (KB932590)
/ Windows XP / SP3: Update for Windows XP (KB932597)
/ Windows XP / SP3: Update for Windows XP (KB932662)
/ Windows XP / SP3: Update for Windows XP (KB932716)
/ Windows XP / SP3: Update for Windows XP (KB933062)
/ Windows XP / SP3: Update for Windows XP (KB933215)
/ Windows XP / SP3: Update for Windows XP (KB933251)
/ Windows XP / SP3: Update for Windows XP (KB933811)
/ Windows XP / SP3: Update for Windows XP (KB933876)
/ Windows XP / SP3: Update for Windows XP (KB934161)
/ Windows XP / SP3: Update for Windows XP (KB934428)
/ Windows XP / SP3: Update for Windows XP (KB935192)
/ Windows XP / SP3: Update for Windows XP (KB935198)
/ Windows XP / SP3: Update for Windows XP (KB935448)
/ Windows XP / SP3: Update for Windows XP (KB935677)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Update for Windows XP (KB935989)
/ Windows XP / SP3: Update for Windows XP (KB936357)
/ Windows XP / SP3: Update for Windows XP (KB936455)
/ Windows XP / SP3: Update for Windows XP (KB936678)
/ Windows XP / SP3: Update for Windows XP (KB937930)
/ Windows XP / SP3: Update for Windows XP (KB938032)
/ Windows XP / SP3: Update for Windows XP (KB939273)


--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35696
MD5: 452FA961163EF4AEE4815796A13AB2CF

Located: HK_LM:Run, avgnt
command: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
size: 209153
MD5: 29680A793F690EEF4AAA68479D2A6DF8

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\NvCpl.dll
size: 13684736
MD5: F20E4E51F989D7FFE247BEE763F5B27A

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\NvMcTray.dll
size: 86016
MD5: 51F2F96BBB602B224A3FBB7135D6D5B6

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1657376
MD5: D13797A3C0F9EAD4E902ED794112C4AC

Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 17567744
MD5: 45D2B5E3384699AD1FBB303684D835B2

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 5E4C9C25D603AE46DEDCBD9674F86E21

Located: HK_LM:Run, WinampAgent
command: "C:\Program Files\Winamp\winampa.exe"
file: C:\Program Files\Winamp\winampa.exe
size: 37888
MD5: B83C63A31F12D912C40544A6C9395AC6

Located: HK_LM:Run, ZoneAlarm Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 981384
MD5: C331D8E6E3AB67A5A1556070E8EA6B13

Located: HK_CU:RunOnce, nltide_3
where: .DEFAULT...
command: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
file: C:\WINDOWS\system32\advpack.dll
size: 124928
MD5: 511CB6E4793D45A567EBD7E761C9B464

Located: HK_CU:RunOnce, ShowDeskFix
where: .DEFAULT...
command: regsvr32 /s /n /i:u shell32
file: regsvr32 /s /n /i:u shell32
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-725345543-73586283-2147019285-1001...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, DAEMON Tools Lite
where: S-1-5-21-725345543-73586283-2147019285-1001...
command: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
file: C:\Program Files\DAEMON Tools Lite\daemon.exe
size: 691656
MD5: 1542D48BEF0C07513453CDEF1577BB79

Located: HK_CU:Run, msnmsgr
where: S-1-5-21-725345543-73586283-2147019285-1001...
command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3885408
MD5: 16C3811F3A5CD8EA7030A42A75892136

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-725345543-73586283-2147019285-500...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:RunOnce, IE7-10
where: S-1-5-21-725345543-73586283-2147019285-500...
command: rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N
file: C:\WINDOWS\system32\advpack.dll
size: 124928
MD5: 511CB6E4793D45A567EBD7E761C9B464

Located: HK_CU:RunOnce, nltide_3
where: S-1-5-21-725345543-73586283-2147019285-500...
command: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
file: C:\WINDOWS\system32\advpack.dll
size: 124928
MD5: 511CB6E4793D45A567EBD7E761C9B464

Located: HK_CU:RunOnce, ShowDeskFix
where: S-1-5-21-725345543-73586283-2147019285-500...
command: regsvr32 /s /n /i:u shell32
file: regsvr32 /s /n /i:u shell32
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, nltide_3
where: S-1-5-18...
command: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
file: C:\WINDOWS\system32\advpack.dll
size: 124928
MD5: 511CB6E4793D45A567EBD7E761C9B464

Located: HK_CU:RunOnce, ShowDeskFix
where: S-1-5-18...
command: regsvr32 /s /n /i:u shell32
file: regsvr32 /s /n /i:u shell32
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (common), Linksys Wireless Network Monitor.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe
file: C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe
size: 3205632
MD5: F8F9E7D64BB71BA92E92F9AA006278E7

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 2/27/2009 12:07:26 PM
Date (last access): 8/17/2009 2:06:22 AM
Date (last write): 2/27/2009 12:07:26 PM
Filesize: 75128
Attributes: archive
MD5: 5CF6190CD875DA6B35256FEE573E7908
CRC32: 764BA81B
Version: 9.1.0.163

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 1/22/2009 3:41:30 PM
Date (last access): 5/5/2009 9:16:26 AM
Date (last write): 1/22/2009 3:41:30 PM
Filesize: 408448
Attributes: archive
MD5: B7899C3E21B299D7A3C0DA96CAE340BD
CRC32: 288935F8
Version: 5.0.818.5

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 8/17/2009 2:10:54 AM
Date (last access): 8/17/2009 2:10:54 AM
Date (last write): 8/17/2009 2:10:54 AM
Filesize: 41760
Attributes: archive
MD5: 7AF9D3B7B88AF81D2F87AA846DC2EE70
CRC32: 00DFC49A
Version: 6.0.160.1

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 8/17/2009 2:10:56 AM
Date (last access): 8/17/2009 2:10:56 AM
Date (last write): 8/17/2009 2:10:56 AM
Filesize: 73728
Attributes: archive
MD5: 37EDBCC7E5E0B89E59941FF79A2F9746
CRC32: 60D1666F
Version: 6.0.160.1



--- ActiveX list ---
{20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class)
DPF name:
CLSID name: Checkers Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: msgrchkr.dll
Short name:
Date (created): 2/28/2007 2:21:04 PM
Date (last access): 2/28/2007 2:21:04 PM
Date (last write): 2/28/2007 2:21:04 PM
Filesize: 131472
Attributes: archive
MD5: 1E5CFDF9AEBDD84305A4C8154277A269
CRC32: 73C871D0
Version: 9.5.7087.1

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_16
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_16.dll
Short name: NPJPI1~1.DLL
Date (created): 8/17/2009 2:10:54 AM
Date (last access): 8/17/2009 2:10:54 AM
Date (last write): 8/17/2009 2:10:54 AM
Filesize: 136992
Attributes: archive
MD5: EF5C38E082CA41D7588621F3DFA09A64
CRC32: D4B4406B
Version: 6.0.160.1

{C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
description:
classification: Legitimate
known filename: MessengerStatsPAClient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MessengerStatsPAClient.dll
Short name: MESSEN~1.DLL
Date (created): 2/22/2007 11:41:12 PM
Date (last access): 2/22/2007 11:41:12 PM
Date (last write): 2/22/2007 11:41:12 PM
Filesize: 304544
Attributes: archive
MD5: 8945CCA5FC4F25168E8B6F401EFAF51F
CRC32: 0F12FD23
Version: 9.5.6907.1

{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_16
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_16.dll
Short name: NPJPI1~1.DLL
Date (created): 8/17/2009 2:10:54 AM
Date (last access): 8/17/2009 2:10:54 AM
Date (last write): 8/17/2009 2:10:54 AM
Filesize: 136992
Attributes: archive
MD5: EF5C38E082CA41D7588621F3DFA09A64
CRC32: D4B4406B
Version: 6.0.160.1

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_16
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_16.dll
Short name: NPJPI1~1.DLL
Date (created): 8/17/2009 2:10:54 AM
Date (last access): 8/17/2009 2:10:54 AM
Date (last write): 8/17/2009 2:10:54 AM
Filesize: 136992
Attributes: archive
MD5: EF5C38E082CA41D7588621F3DFA09A64
CRC32: D4B4406B
Version: 6.0.160.1



--- Process list ---
PID: 0 ( 0) [System]
PID: 628 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 852 ( 628) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 876 ( 628) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 920 ( 876) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 932 ( 876) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1112 ( 920) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1208 ( 920) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1352 ( 920) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1588 ( 920) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1724 ( 920) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1772 ( 920) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
size: 2402184
MD5: D89972DA2C33CC02BC787E4F404B4A01
PID: 468 ( 444) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: DF3F40C1C0C4EA6BFD4CFACD4CB18BF1
PID: 1128 ( 920) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: AD3D9D191AEA7B5445FE1D82FFBB4788
PID: 1276 ( 920) C:\Program Files\Avira\AntiVir Desktop\sched.exe
size: 108289
MD5: 9015BC03F62940527EC92D45EE89E46F
PID: 1288 ( 920) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
size: 185089
MD5: B8720A787C1223492E6F319465E996CE
PID: 1780 ( 920) C:\Program Files\Java\jre6\bin\jqs.exe
size: 153376
MD5: 09417134F248DFCEEA15C72BCC87F592
PID: 1736 ( 920) C:\Program Files\Linksys\WUSBF54G\NICServ.exe
size: 529920
MD5: 870BF28A2EEF124BECA773148C0B4BCF
PID: 2016 ( 920) C:\WINDOWS\system32\nvsvc32.exe
size: 163908
MD5: C501206816F35D20422B4C3F88D62860
PID: 140 ( 920) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2828 ( 468) C:\WINDOWS\RTHDCPL.EXE
size: 17567744
MD5: 45D2B5E3384699AD1FBB303684D835B2
PID: 2840 ( 468) C:\Program Files\Winamp\winampa.exe
size: 37888
MD5: B83C63A31F12D912C40544A6C9395AC6
PID: 2852 ( 468) C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 3352 ( 468) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
size: 209153
MD5: 29680A793F690EEF4AAA68479D2A6DF8
PID: 3820 ( 468) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 981384
MD5: C331D8E6E3AB67A5A1556070E8EA6B13
PID: 2476 ( 468) C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 5E4C9C25D603AE46DEDCBD9674F86E21
PID: 2488 ( 468) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3885408
MD5: 16C3811F3A5CD8EA7030A42A75892136
PID: 2504 ( 468) C:\Program Files\DAEMON Tools Lite\daemon.exe
size: 691656
MD5: 1542D48BEF0C07513453CDEF1577BB79
PID: 2532 ( 468) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 2568 ( 468) C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe
size: 3205632
MD5: F8F9E7D64BB71BA92E92F9AA006278E7
PID: 2736 ( 468) C:\Program Files\Mozilla Firefox\firefox.exe
size: 908280
MD5: 0AF842F82CB567E79D065C12E029560C
PID: 3316 ( 920) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2208 ( 468) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 8/19/2009 11:07:28 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{308B033B-1977-4BA5-AE09-8DA5616DE3F2}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{308B033B-1977-4BA5-AE09-8DA5616DE3F2}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{964C8571-B95D-4428-BC4F-68B6CB87F268}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{964C8571-B95D-4428-BC4F-68B6CB87F268}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{83301772-3304-4022-B6F4-A6771E84E3DE}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{83301772-3304-4022-B6F4-A6771E84E3DE}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8D64E22F-796A-4572-A42B-190B4141D452}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8D64E22F-796A-4572-A42B-190B4141D452}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C73B8AA-088E-48F8-BA93-6B733343C1F7}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C73B8AA-088E-48F8-BA93-6B733343C1F7}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AFACCE8B-306D-463D-9A71-11DF29CDE281}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AFACCE8B-306D-463D-9A71-11DF29CDE281}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3265BAC4-D5E2-4600-B1B8-85AA7DC0C1E1}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3265BAC4-D5E2-4600-B1B8-85AA7DC0C1E1}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B1B9741-111A-42A3-BFDE-6C883657C1C9}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B1B9741-111A-42A3-BFDE-6C883657C1C9}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
 
Good. Now, please run ComboFix again and let it update itself if asked for a permission. Post back its report & fresh dds log.
 
ComboFix 09-08-19.0C - John Doe 08/19/2009 23:07.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.636 [GMT -7:00]
Running from: k:\security\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.

2009-08-20 05:42 . 2002-08-29 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-20 05:42 . 2002-08-29 12:00 4224 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-08-19 17:42 . 2004-08-04 07:56 13824 ----a-w- c:\windows\system32\wscntfy.exe
2009-08-19 17:42 . 2004-08-04 07:56 13824 ----a-w- c:\windows\system32\dllcache\wscntfy.exe
2009-08-19 17:42 . 2004-08-04 07:56 435200 ----a-w- c:\windows\system32\ntmssvc.dll
2009-08-19 17:42 . 2004-08-04 07:56 435200 ----a-w- c:\windows\system32\dllcache\ntmssvc.dll
2009-08-19 17:42 . 2004-08-04 07:56 33792 ----a-w- c:\windows\system32\msgsvc.dll
2009-08-19 17:42 . 2004-08-04 07:56 33792 ----a-w- c:\windows\system32\dllcache\msgsvc.dll
2009-08-17 09:14 . 2009-08-17 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-17 09:14 . 2009-08-17 09:14 -------- d-----w- c:\program files\NOS
2009-08-17 09:14 . 2009-08-07 19:44 30400 ----a-w- c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\g8ttv7fh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-08-17 09:14 . 2009-08-07 19:44 22848 ----a-w- c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\g8ttv7fh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-08-17 09:14 . 2009-08-07 19:44 19792 ----a-w- c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\g8ttv7fh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-08-17 09:10 . 2009-08-17 09:10 -------- d-----w- c:\program files\Java
2009-08-16 10:46 . 2009-08-16 10:46 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-16 10:46 . 2009-02-16 07:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-08-16 10:46 . 2009-02-16 07:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-08-16 10:46 . 2009-08-16 10:46 -------- d-----w- c:\windows\system32\ZoneLabs
2009-08-16 10:46 . 2009-08-16 10:46 -------- d-----w- c:\program files\Zone Labs
2009-08-16 10:46 . 2009-02-16 07:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-08-16 10:45 . 2009-08-19 18:07 -------- d-----w- c:\windows\Internet Logs
2009-08-16 10:36 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-16 10:36 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-16 10:36 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-16 10:36 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-16 10:36 . 2009-08-16 10:36 -------- d-----w- c:\program files\Avira
2009-08-16 10:36 . 2009-08-16 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\system32\wbem\snmp
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\system32\xircom
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\srchasst
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\program files\microsoft frontpage
2009-08-09 07:28 . 2009-08-09 07:29 -------- d-----w- c:\program files\IZArc
2009-08-08 06:11 . 2009-08-08 12:08 -------- d-----w- C:\ILLUSION
2009-08-08 06:02 . 2009-08-08 06:04 -------- d-----w- c:\windows\system32\URTTemp
2009-07-24 09:48 . 2009-07-24 09:48 -------- d-----w- c:\documents and settings\John Doe\Local Settings\Application Data\Ascaron Entertainment
2009-07-24 09:32 . 2009-07-24 09:32 -------- d--h--r- c:\documents and settings\John Doe\Application Data\SecuROM
2009-07-24 09:32 . 2009-07-24 09:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-24 09:21 . 2009-07-24 09:21 -------- d-----w- c:\windows\Logs
2009-07-24 09:21 . 2009-07-24 09:21 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-24 09:21 . 2009-07-24 09:21 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\program files\Deep Silver
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\windows\system32\AGEIA
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-24 08:59 . 2009-07-24 08:59 -------- d-----w- c:\documents and settings\John Doe\Application Data\DAEMON Tools Pro
2009-07-24 08:05 . 2009-07-24 08:05 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-07-24 08:04 . 2009-07-24 08:04 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-24 08:04 . 2009-07-24 08:04 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-24 08:01 . 2009-07-24 08:01 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-24 08:01 . 2009-07-24 08:05 -------- d-----w- c:\documents and settings\John Doe\Application Data\DAEMON Tools Lite
2009-07-22 18:00 . 2009-07-22 18:00 97792 ----a-w- c:\windows\system32\drivers\ACEDRV05.sys
2009-07-22 17:47 . 2009-07-22 17:47 -------- d-----w- c:\documents and settings\Karma\Local Settings\Application Data\Mozilla
2009-07-21 16:13 . 2009-07-21 16:13 -------- d-----w- c:\program files\Ascaron Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 17:50 . 2009-08-19 17:50 562297 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-08-17 09:10 . 2009-04-18 17:35 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-08-17 09:06 . 2009-04-16 21:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-16 10:09 . 2009-06-09 10:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-13 07:52 . 2009-05-19 16:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-08 12:08 . 2009-04-16 22:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 10:55 . 2009-04-21 21:22 10808 ----a-w- c:\documents and settings\John Doe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-25 15:21 . 2009-04-17 09:15 98304 ----a-w- c:\windows\DUMP76e5.tmp
2009-07-24 09:00 . 2009-04-16 22:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 17:47 . 2009-04-17 19:36 -------- d-----w- c:\documents and settings\John Doe\Application Data\Move Networks
2009-07-12 17:47 . 2009-05-14 17:42 127872 ----a-w- c:\documents and settings\John Doe\Application Data\Move Networks\uninstall.exe
2009-07-12 17:47 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\John Doe\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-07-12 17:47 . 2009-07-12 17:47 1685856 ----a-w- c:\documents and settings\John Doe\Application Data\Move Networks\MoveMediaPlayerWinSilent_071503000010.exe
2009-07-02 00:55 . 2009-04-17 09:15 90112 -c--a-w- c:\windows\DUMP853d.tmp
2009-06-27 15:14 . 2009-06-06 16:38 2048 ----a-w- c:\windows\system32\Tr_sttool.dat
2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\documents and settings\John Doe\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-09 08:47 . 2009-06-09 08:47 40576 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
2009-06-06 16:38 . 2009-06-06 16:38 692224 -c--a-w- c:\windows\system32\bsrmgcv.dll
2009-06-06 16:38 . 2009-06-06 16:38 192512 -c--a-w- c:\windows\system32\bsrmgps.dll
2009-06-06 16:38 . 2009-06-06 16:38 585728 -c--a-w- c:\windows\system32\bsratswf.dll
2009-06-06 16:38 . 2009-06-06 16:38 147456 -c--a-w- c:\windows\system32\bsratwmv.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2007-07-24 20:09 360704 A11391BE25035570AE4B8970920F2C74 c:\windows\system32\drivers\tcpip.sys


c:\windows\system32\regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot_2009-08-17_08.45.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-19 17:50 . 2009-08-19 17:50 16384 c:\windows\Temp\Perflib_Perfdata_6f4.dat
+ 2009-08-17 09:05 . 2009-08-17 09:05 85173 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-04-17 09:19 . 2001-08-23 14:00 13600 c:\windows\system32\dllcache\wfwnet.drv
+ 2001-08-23 14:00 . 2001-08-23 14:00 18944 c:\windows\system32\dllcache\vmmreg32.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 25600 c:\windows\system32\dllcache\twunk_32.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 49680 c:\windows\system32\dllcache\twunk_16.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 50688 c:\windows\system32\dllcache\twain_32.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 94784 c:\windows\system32\dllcache\twain.dll
+ 2009-04-17 09:19 . 2001-08-23 14:00 15360 c:\windows\system32\dllcache\taskman.exe
+ 2009-04-17 09:19 . 2001-08-23 14:00 19200 c:\windows\system32\dllcache\tapi.dll
+ 2009-04-17 09:19 . 2001-08-23 14:00 24064 c:\windows\system32\dllcache\olesvr.dll
+ 2009-04-17 09:19 . 2001-08-23 14:00 82944 c:\windows\system32\dllcache\olecli.dll
+ 2009-04-17 09:19 . 2004-08-04 01:56 69120 c:\windows\system32\dllcache\notepad.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 90624 c:\windows\system32\dllcache\muisetup.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 39936 c:\windows\system32\dllcache\mslwvtts.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 10112 c:\windows\system32\dllcache\modex.dll
+ 2004-08-03 23:51 . 2004-08-03 23:51 68768 c:\windows\system32\dllcache\mmsystem.dll
+ 2009-04-16 16:26 . 2004-08-04 01:56 17408 c:\windows\system32\dllcache\mmfutil.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 12288 c:\windows\system32\dllcache\mmdrv.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 61440 c:\windows\system32\dllcache\mmcshext.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 14848 c:\windows\system32\dllcache\mgmtapi.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 40960 c:\windows\system32\dllcache\mf3216.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 39274 c:\windows\system32\dllcache\mem.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 50176 c:\windows\system32\dllcache\mdhcp.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 28160 c:\windows\system32\dllcache\mciwave.drv
+ 2004-08-04 01:56 . 2004-08-04 01:56 23552 c:\windows\system32\dllcache\mciwave.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 25264 c:\windows\system32\dllcache\mciseq.drv
+ 2004-08-04 01:56 . 2004-08-04 01:56 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 35328 c:\windows\system32\dllcache\mciqtz32.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 17408 c:\windows\system32\dllcache\mcicda.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 84480 c:\windows\system32\dllcache\mciavi32.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 73376 c:\windows\system32\dllcache\mciavi.drv
+ 2001-08-23 14:00 . 2001-08-23 14:00 10496 c:\windows\system32\dllcache\mcdsrv32.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 10240 c:\windows\system32\dllcache\mcd32.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 14848 c:\windows\system32\dllcache\mcastmib.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 85504 c:\windows\system32\dllcache\makecab.exe
+ 2007-07-22 13:14 . 2007-07-22 13:14 72704 c:\windows\system32\dllcache\magnify.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 10240 c:\windows\system32\dllcache\lprhelp.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 22016 c:\windows\system32\dllcache\lpk.dll
+ 2009-04-16 16:27 . 2001-08-23 14:00 15360 c:\windows\system32\dllcache\logoff.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 59392 c:\windows\system32\dllcache\logman.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 50176 c:\windows\system32\dllcache\loghours.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 75264 c:\windows\system32\dllcache\locator.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 11776 c:\windows\system32\dllcache\localui.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 97280 c:\windows\system32\dllcache\loadperf.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 29696 c:\windows\system32\dllcache\lights.exe
+ 2009-04-16 16:26 . 2004-08-04 01:56 58880 c:\windows\system32\dllcache\licwmi.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 40960 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 11264 c:\windows\system32\dllcache\laprxy.dll
+ 2004-08-03 23:49 . 2004-08-03 23:49 92224 c:\windows\system32\dllcache\krnl386.exe
+ 2004-08-03 23:46 . 2004-08-03 23:46 42537 c:\windows\system32\dllcache\keyboard.sys
+ 2001-08-23 14:00 . 2001-08-23 14:00 42809 c:\windows\system32\dllcache\key01.sys
+ 2007-07-22 13:14 . 2007-07-22 13:14 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 47952 c:\windows\system32\dllcache\jobexec.dll
+ 2004-08-04 00:56 . 2004-08-04 07:56 47616 c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-04-17 09:19 . 2001-08-23 14:00 13312 c:\windows\system32\dllcache\irclass.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 20992 c:\windows\system32\dllcache\ipxwan.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 39936 c:\windows\system32\dllcache\ipxrtmgr.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 23552 c:\windows\system32\dllcache\ipxroute.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 21504 c:\windows\system32\dllcache\ipxrip.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 69120 c:\windows\system32\dllcache\ipxpromn.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 83968 c:\windows\system32\dllcache\ipxmontr.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 59904 c:\windows\system32\dllcache\ipv6mon.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 53248 c:\windows\system32\dllcache\ipv6.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 44032 c:\windows\system32\dllcache\ipsec6.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 55808 c:\windows\system32\dllcache\ipconfig.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 30720 c:\windows\system32\dllcache\iologmsg.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 92672 c:\windows\system32\dllcache\inseng.dll
+ 2009-04-16 16:28 . 2004-08-04 01:56 48128 c:\windows\system32\dllcache\inetres.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 15872 c:\windows\system32\dllcache\inetppui.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 33280 c:\windows\system32\dllcache\inetmib1.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 36352 c:\windows\system32\dllcache\imgutil.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 70656 c:\windows\system32\dllcache\ifsutil.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 55296 c:\windows\system32\dllcache\iesetup.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 56832 c:\windows\system32\dllcache\ie4uinit.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 54784 c:\windows\system32\dllcache\icmui.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 59392 c:\windows\system32\dllcache\iassvcs.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 86528 c:\windows\system32\dllcache\iassam.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 17920 c:\windows\system32\dllcache\iaspolcy.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 62464 c:\windows\system32\dllcache\iasnap.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 32256 c:\windows\system32\dllcache\iashlpr.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 41472 c:\windows\system32\dllcache\iasads.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 23552 c:\windows\system32\dllcache\iasacct.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 41984 c:\windows\system32\dllcache\htui.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 14848 c:\windows\system32\dllcache\hnetmon.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 72704 c:\windows\system32\dllcache\hlink.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 41472 c:\windows\system32\dllcache\hhsetup.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 10752 c:\windows\system32\dllcache\hh.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 39424 c:\windows\system32\dllcache\grpconv.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 57344 c:\windows\system32\dllcache\gpupdate.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 55296 c:\windows\system32\dllcache\getmac.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 24576 c:\windows\system32\dllcache\gdi.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 76800 c:\windows\system32\dllcache\gcdef.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 60416 c:\windows\system32\dllcache\fwcfg.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 42496 c:\windows\system32\dllcache\ftp.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 56320 c:\windows\system32\dllcache\fsutil.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 81408 c:\windows\system32\dllcache\fsusd.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 20992 c:\windows\system32\dllcache\fontview.exe
+ 2007-07-22 13:31 . 2007-07-22 13:31 80896 c:\windows\system32\dllcache\fontsub.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 16384 c:\windows\system32\dllcache\fmifs.dll
+ 2009-04-16 16:28 . 2007-07-22 13:14 23040 c:\windows\system32\dllcache\fltmc.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 27136 c:\windows\system32\dllcache\findstr.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 21504 c:\windows\system32\dllcache\feclient.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 73728 c:\windows\system32\dllcache\fdeploy.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 14848 c:\windows\system32\dllcache\fc.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 80384 c:\windows\system32\dllcache\faultrep.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 45568 c:\windows\system32\dllcache\extrac32.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 15872 c:\windows\system32\dllcache\expand.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 77824 c:\windows\system32\dllcache\evtrig.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 97965 c:\windows\system32\dllcache\evtquery.vbs
+ 2004-08-04 01:56 . 2004-08-04 01:56 50176 c:\windows\system32\dllcache\evcreate.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 39424 c:\windows\system32\dllcache\esentutl.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 17408 c:\windows\system32\dllcache\esentprf.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 20480 c:\windows\system32\dllcache\encapi.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 26624 c:\windows\system32\dllcache\efsadu.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 12642 c:\windows\system32\dllcache\edlin.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 17920 c:\windows\system32\dllcache\dvdupgrd.exe
+ 2001-08-17 22:36 . 2007-07-24 20:11 55296 c:\windows\system32\dllcache\dvdplay.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 19456 c:\windows\system32\dllcache\dswave.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 51200 c:\windows\system32\dllcache\dssec.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 92672 c:\windows\system32\dllcache\dskquota.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 71680 c:\windows\system32\dllcache\dsdmoprp.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 62976 c:\windows\system32\dllcache\dsauth.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 16384 c:\windows\system32\dllcache\ds32gt.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 58368 c:\windows\system32\dllcache\drvqry.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 87040 c:\windows\system32\dllcache\drmstor.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 57344 c:\windows\system32\dllcache\dpwsockx.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 42768 c:\windows\system32\dllcache\dpwsock.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 83456 c:\windows\system32\dllcache\dpvsetup.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 21504 c:\windows\system32\dllcache\dpvacm.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 53520 c:\windows\system32\dllcache\dpserial.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 61952 c:\windows\system32\dllcache\dpnwsock.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 18432 c:\windows\system32\dllcache\dpnsvr.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 62464 c:\windows\system32\dllcache\dpnmodem.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 60928 c:\windows\system32\dllcache\dpnhupnp.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 35328 c:\windows\system32\dllcache\dpnhpast.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 23552 c:\windows\system32\dllcache\dpmodemx.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 30208 c:\windows\system32\dllcache\dplaysvr.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 33040 c:\windows\system32\dllcache\dplay.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 96768 c:\windows\system32\dllcache\dpcdll.dll
+ 2004-08-03 23:51 . 2004-08-03 23:51 53840 c:\windows\system32\dllcache\dosx.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 10752 c:\windows\system32\dllcache\doskey.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 48128 c:\windows\system32\dllcache\docprop2.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 46080 c:\windows\system32\dllcache\docprop.dll
+ 2004-08-04 00:56 . 2007-07-24 20:11 52224 c:\windows\system32\dllcache\dmutil.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 82432 c:\windows\system32\dllcache\dmscript.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 15872 c:\windows\system32\dllcache\dmremote.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 19456 c:\windows\system32\dllcache\dmocx.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 35840 c:\windows\system32\dllcache\dmloader.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 18432 c:\windows\system32\dllcache\dmintf.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 61440 c:\windows\system32\dllcache\dmcompos.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 28672 c:\windows\system32\dllcache\dmband.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 28672 c:\windows\system32\dllcache\dispex.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 17920 c:\windows\system32\dllcache\diskperf.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 44032 c:\windows\system32\dllcache\dimap.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 68608 c:\windows\system32\dllcache\digest.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 85504 c:\windows\system32\dllcache\diantz.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 74240 c:\windows\system32\dllcache\dhcpsapi.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 28672 c:\windows\system32\dllcache\dfsshlex.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 38912 c:\windows\system32\dllcache\dfrgsnap.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 51200 c:\windows\system32\dllcache\dfrgres.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 82432 c:\windows\system32\dllcache\dfrgfat.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 59904 c:\windows\system32\dllcache\devenum.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 18432 c:\windows\system32\dllcache\deskperf.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 16896 c:\windows\system32\dllcache\deskmon.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 16384 c:\windows\system32\dllcache\deskadp.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 25088 c:\windows\system32\dllcache\defrag.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 20634 c:\windows\system32\dllcache\debug.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 27136 c:\windows\system32\dllcache\ddrawex.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 39424 c:\windows\system32\dllcache\ddeml.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 47616 c:\windows\system32\dllcache\d3dxof.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 34816 c:\windows\system32\dllcache\d3dpmesh.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 27200 c:\windows\system32\dllcache\ctl3dv2.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 27136 c:\windows\system32\dllcache\ctl3d32.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 15360 c:\windows\system32\dllcache\ctfmon.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 73728 c:\windows\system32\dllcache\csseqchk.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 98304 c:\windows\system32\dllcache\cscript.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 53760 c:\windows\system32\dllcache\cryptext.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 74752 c:\windows\system32\dllcache\cryptdlg.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 27097 c:\windows\system32\dllcache\country.sys
+ 2007-07-22 13:18 . 2007-07-22 13:18 17408 c:\windows\system32\dllcache\corpol.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 66560 c:\windows\system32\dllcache\console.dll
+ 2009-04-16 16:27 . 2007-07-22 13:13 97792 c:\windows\system32\dllcache\comrepl.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 30160 c:\windows\system32\dllcache\compobj.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 17408 c:\windows\system32\dllcache\compact.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 15872 c:\windows\system32\dllcache\comp.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 32816 c:\windows\system32\dllcache\commdlg.dll
+ 2009-04-16 16:27 . 2001-08-23 14:00 25600 c:\windows\system32\dllcache\comaddin.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 10752 c:\windows\system32\dllcache\clb.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 56320 c:\windows\system32\dllcache\cipher.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 11264 c:\windows\system32\dllcache\chkntfs.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 11776 c:\windows\system32\dllcache\chkdsk.exe
+ 2009-04-16 16:27 . 2001-08-23 14:00 80384 c:\windows\system32\dllcache\charmap.exe
+ 2009-04-16 16:27 . 2004-08-04 01:56 38912 c:\windows\system32\dllcache\cfgbkend.dll
+ 2009-04-16 16:27 . 2001-08-23 14:00 15872 c:\windows\system32\dllcache\cdmodem.dll
+ 2007-07-22 13:13 . 2008-10-16 21:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 2009-04-16 16:27 . 2004-08-04 01:56 85504 c:\windows\system32\dllcache\catsrvps.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 50688 c:\windows\system32\dllcache\camocx.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 18432 c:\windows\system32\dllcache\cacls.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 50688 c:\windows\system32\dllcache\btpanui.dll
+ 2004-08-04 01:56 . 2004-08-04 00:56 30208 c:\windows\system32\dllcache\bthserv.dll
+ 2004-08-04 01:56 . 2004-08-04 00:56 20992 c:\windows\system32\dllcache\bthci.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 78336 c:\windows\system32\dllcache\browsewm.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 12288 c:\windows\system32\dllcache\bootvid.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 17408 c:\windows\system32\dllcache\bidispl.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 64000 c:\windows\system32\dllcache\avicap32.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 69584 c:\windows\system32\dllcache\avicap.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 11264 c:\windows\system32\dllcache\autolfn.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 80384 c:\windows\system32\dllcache\autodisc.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 14336 c:\windows\system32\dllcache\auditusr.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 11264 c:\windows\system32\dllcache\attrib.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 34816 c:\windows\system32\dllcache\atmpvcno.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 30208 c:\windows\system32\dllcache\atmlib.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 11264 c:\windows\system32\dllcache\atmadm.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 13312 c:\windows\system32\dllcache\atkctrs.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 25088 c:\windows\system32\dllcache\at.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 65024 c:\windows\system32\dllcache\asycfilt.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 32768 c:\windows\system32\dllcache\asr_pfu.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 32256 c:\windows\system32\dllcache\asr_ldm.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 30208 c:\windows\system32\dllcache\asr_fmt.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 19456 c:\windows\system32\dllcache\arp.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 12498 c:\windows\system32\dllcache\append.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 70656 c:\windows\system32\dllcache\amstream.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 98304 c:\windows\system32\dllcache\ahui.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 24064 c:\windows\system32\dllcache\agtintl.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 20480 c:\windows\system32\dllcache\agt0c0a.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 20992 c:\windows\system32\dllcache\agt0816.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 19456 c:\windows\system32\dllcache\agt041d.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 20480 c:\windows\system32\dllcache\agt0416.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 19456 c:\windows\system32\dllcache\agt0414.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 20992 c:\windows\system32\dllcache\agt0413.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 20992 c:\windows\system32\dllcache\agt0410.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 21504 c:\windows\system32\dllcache\agt040c.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 19456 c:\windows\system32\dllcache\agt040b.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 19456 c:\windows\system32\dllcache\agt0409.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 21504 c:\windows\system32\dllcache\agt0407.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 19456 c:\windows\system32\dllcache\agt0406.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 44032 c:\windows\system32\dllcache\agentsr.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 24064 c:\windows\system32\dllcache\agentpsh.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 49152 c:\windows\system32\dllcache\agentmpx.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 57344 c:\windows\system32\dllcache\agentdpv.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 42496 c:\windows\system32\dllcache\agentdp2.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 24064 c:\windows\system32\dllcache\agentanm.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 68096 c:\windows\system32\dllcache\adsmsext.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 26112 c:\windows\system32\dllcache\adptif.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 71680 c:\windows\system32\dllcache\admparse.dll
+ 2009-04-16 16:28 . 2001-08-23 14:00 64512 c:\windows\system32\dllcache\acctres.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 25600 c:\windows\system32\dllcache\aaaamon.dll
+ 2009-04-17 09:19 . 2001-08-23 14:00 2176 c:\windows\system32\dllcache\vga.drv
+ 2009-04-17 09:19 . 2001-08-23 14:00 9008 c:\windows\system32\dllcache\ver.dll
+ 2009-04-17 09:19 . 2001-08-23 14:00 4048 c:\windows\system32\dllcache\timer.drv
+ 2009-04-17 09:19 . 2001-08-23 14:00 3360 c:\windows\system32\dllcache\system.drv
+ 2009-04-17 09:19 . 2001-08-23 14:00 1744 c:\windows\system32\dllcache\sound.drv
+ 2009-04-17 09:19 . 2001-08-23 14:00 5120 c:\windows\system32\dllcache\shell.dll
+ 2009-04-17 09:19 . 2001-08-23 14:00 2032 c:\windows\system32\dllcache\mouse.drv
+ 2001-08-23 14:00 . 2001-08-23 14:00 7680 c:\windows\system32\dllcache\mciole32.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 8192 c:\windows\system32\dllcache\mciole16.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 4608 c:\windows\system32\dllcache\mchgrcoi.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 8192 c:\windows\system32\dllcache\mag_hook.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 9936 c:\windows\system32\dllcache\lzexpand.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 9216 c:\windows\system32\dllcache\lprmonui.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 8192 c:\windows\system32\dllcache\lpr.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 6144 c:\windows\system32\dllcache\lpq.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 5120 c:\windows\system32\dllcache\lodctr.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 9728 c:\windows\system32\dllcache\label.exe
+ 2009-04-16 22:06 . 2004-08-04 07:56 4096 c:\windows\system32\dllcache\ksuser.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 2000 c:\windows\system32\dllcache\keyboard.drv
+ 2001-08-23 14:00 . 2001-08-23 14:00 7040 c:\windows\system32\dllcache\kdcom.dll
+ 2004-08-03 23:59 . 2004-08-03 23:59 7424 c:\windows\system32\dllcache\kd1394.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 6144 c:\windows\system32\dllcache\kbdusx.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 6144 c:\windows\system32\dllcache\kbdusr.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 6144 c:\windows\system32\dllcache\kbdusl.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 5632 c:\windows\system32\dllcache\kbdus.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 7168 c:\windows\system32\dllcache\kbdukx.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 5632 c:\windows\system32\dllcache\kbduk.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 5120 c:\windows\system32\dllcache\kbddv.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 7680 c:\windows\system32\dllcache\kbdcan.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 4096 c:\windows\system32\dllcache\iprtprio.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 3584 c:\windows\system32\dllcache\iprop.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 9216 c:\windows\system32\dllcache\iissuba.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 8192 c:\windows\system32\dllcache\igmpagnt.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 3584 c:\windows\system32\dllcache\icmp.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 7680 c:\windows\system32\dllcache\hostname.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 4768 c:\windows\system32\dllcache\himem.sys
+ 2004-08-04 01:56 . 2004-08-04 01:56 7168 c:\windows\system32\dllcache\hccoin.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 9728 c:\windows\system32\dllcache\gpkrsrc.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 9344 c:\windows\system32\dllcache\framebuf.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 7168 c:\windows\system32\dllcache\forcedos.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 3072 c:\windows\system32\dllcache\fixmapi.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 9216 c:\windows\system32\dllcache\finger.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 9216 c:\windows\system32\dllcache\find.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 8424 c:\windows\system32\dllcache\exe2bin.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 8704 c:\windows\system32\dllcache\eventvwr.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 4096 c:\windows\system32\dllcache\dsprpres.dll
+ 2004-07-17 12:36 . 2004-07-17 12:36 4656 c:\windows\system32\dllcache\ds16gt.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 3584 c:\windows\system32\dllcache\dpnlobby.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 3584 c:\windows\system32\dllcache\dpnaddr.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 4608 c:\windows\system32\dllcache\dllhst3g.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 5120 c:\windows\system32\dllcache\dllhost.exe
+ 2009-04-16 16:27 . 2001-08-23 14:00 5120 c:\windows\system32\dllcache\dcomcnfg.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 8704 c:\windows\system32\dllcache\dciman32.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 8192 c:\windows\system32\dllcache\d3d8thk.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 8192 c:\windows\system32\dllcache\control.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 3584 c:\windows\system32\dllcache\comcat.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 7680 c:\windows\system32\dllcache\ckcnv.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 5120 c:\windows\system32\dllcache\bootvrfy.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 4608 c:\windows\system32\dllcache\bootok.exe
+ 2009-04-16 16:28 . 2007-07-22 13:31 7168 c:\windows\system32\dllcache\bitsprx3.dll
+ 2009-04-16 16:28 . 2007-07-22 13:31 8192 c:\windows\system32\dllcache\bitsprx2.dll
+ 2009-04-17 09:19 . 2004-08-04 01:56 8704 c:\windows\system32\dllcache\batt.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 7168 c:\windows\system32\dllcache\asferror.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 9029 c:\windows\system32\dllcache\ansi.sys
+ 2004-08-04 01:56 . 2004-08-04 01:56 4096 c:\windows\system32\dllcache\actmovie.exe
+ 2009-08-17 09:11 . 2009-08-17 09:10 149280 c:\windows\system32\javaws.exe
+ 2009-08-17 09:11 . 2009-08-17 09:10 145184 c:\windows\system32\javaw.exe
+ 2009-08-17 09:11 . 2009-08-17 09:10 145184 c:\windows\system32\java.exe
+ 2009-04-17 09:19 . 2004-08-04 01:56 146432 c:\windows\system32\dllcache\winspool.drv
+ 2004-08-04 01:56 . 2004-08-04 01:56 283648 c:\windows\system32\dllcache\winhlp32.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 256192 c:\windows\system32\dllcache\winhelp.exe
+ 2007-07-22 13:18 . 2007-07-22 13:18 315904 c:\windows\system32\dllcache\unregmp2.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 146432 c:\windows\system32\dllcache\regedit.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 102400 c:\windows\system32\dllcache\pchshell.dll
+ 2009-04-17 09:19 . 2001-08-23 14:00 126912 c:\windows\system32\dllcache\msvideo.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 153600 c:\windows\system32\dllcache\modemui.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 119808 c:\windows\system32\dllcache\mmutilse.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 163328 c:\windows\system32\dllcache\mmcbase.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 673088 c:\windows\system32\dllcache\mlang.dat
+ 2007-07-22 13:14 . 2007-07-22 13:14 981760 c:\windows\system32\dllcache\mfc42u.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 927504 c:\windows\system32\dllcache\mfc40u.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 924432 c:\windows\system32\dllcache\mfc40.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 362496 c:\windows\system32\dllcache\metal_ss.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 118272 c:\windows\system32\dllcache\mdminst.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 514560 c:\windows\system32\dllcache\logonui.exe
+ 2007-07-22 13:18 . 2007-07-22 13:18 100864 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 221696 c:\windows\system32\dllcache\localsec.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 399872 c:\windows\system32\dllcache\lmrt.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 423936 c:\windows\system32\dllcache\licdll.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 150528 c:\windows\system32\dllcache\keymgr.dll
+ 2007-07-22 13:31 . 2007-07-22 13:31 450560 c:\windows\system32\dllcache\jscript.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 362496 c:\windows\system32\dllcache\jet500.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 198616 c:\windows\system32\dllcache\iuengine.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 137216 c:\windows\system32\dllcache\itss.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 155136 c:\windows\system32\dllcache\itircl.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 384000 c:\windows\system32\dllcache\ipsmsnap.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 349696 c:\windows\system32\dllcache\ipsecsnp.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 169984 c:\windows\system32\dllcache\iprtrmgr.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 330752 c:\windows\system32\dllcache\ippromon.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 154112 c:\windows\system32\dllcache\ipmontr.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 123392 c:\windows\system32\dllcache\input.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 147456 c:\windows\system32\dllcache\initpki.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 110592 c:\windows\system32\dllcache\inetcplc.dll
+ 2009-04-16 16:28 . 2007-07-22 13:14 683520 c:\windows\system32\dllcache\inetcomm.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 135680 c:\windows\system32\dllcache\ifmon.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 114688 c:\windows\system32\dllcache\iexpress.exe
+ 2007-07-22 13:14 . 2007-07-22 13:14 191488 c:\windows\system32\dllcache\iepeers.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 384512 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 254976 c:\windows\system32\dllcache\icm32.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 247808 c:\windows\system32\dllcache\iassdo.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 141312 c:\windows\system32\dllcache\iasrecst.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 119808 c:\windows\system32\dllcache\iasrad.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 144896 c:\windows\system32\dllcache\hotplug.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 362496 c:\windows\system32\dllcache\home_ss.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 330752 c:\windows\system32\dllcache\hnetwiz.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 198656 c:\windows\system32\dllcache\gptext.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 119808 c:\windows\system32\dllcache\gprslt.exe
+ 2004-08-03 23:31 . 2004-08-03 23:31 101888 c:\windows\system32\dllcache\gpkcsp.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 566784 c:\windows\system32\dllcache\gpedit.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 122880 c:\windows\system32\dllcache\glu32.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 285184 c:\windows\system32\dllcache\glmf32.dll
+ 2009-04-16 16:27 . 2001-08-23 14:00 605696 c:\windows\system32\dllcache\getuname.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 176128 c:\windows\system32\dllcache\ftsrch.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 193024 c:\windows\system32\dllcache\fsquirt.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 382976 c:\windows\system32\dllcache\fontext.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 337920 c:\windows\system32\dllcache\filemgmt.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 117760 c:\windows\system32\dllcache\fde.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 121856 c:\windows\system32\dllcache\exts.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 132608 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 380957 c:\windows\system32\dllcache\expsrv.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 186368 c:\windows\system32\dllcache\encdec.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 183296 c:\windows\system32\dllcache\els.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 346624 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 498742 c:\windows\system32\dllcache\dxmasf.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 619008 c:\windows\system32\dllcache\dx7vb.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 113152 c:\windows\system32\dllcache\dsuiext.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 239104 c:\windows\system32\dllcache\dsquery.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 142336 c:\windows\system32\dllcache\dsprop.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 144384 c:\windows\system32\dllcache\dskquoui.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 181760 c:\windows\system32\dllcache\dsdmo.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 991744 c:\windows\system32\dllcache\drmv2clt.dll
+ 2004-08-04 01:57 . 2004-08-04 01:57 299520 c:\windows\system32\dllcache\drmclien.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 116736 c:\windows\system32\dllcache\dpvvox.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 212480 c:\windows\system32\dllcache\dpvoice.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 375296 c:\windows\system32\dllcache\dpnet.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 229888 c:\windows\system32\dllcache\dplayx.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 104448 c:\windows\system32\dllcache\dmusic.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 103424 c:\windows\system32\dllcache\dmsynth.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 105984 c:\windows\system32\dllcache\dmstyle.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 181248 c:\windows\system32\dllcache\dmime.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 118784 c:\windows\system32\dllcache\dmdskres.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 200704 c:\windows\system32\dllcache\dmdskmgr.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 273920 c:\windows\system32\dllcache\dmdlgs.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 330752 c:\windows\system32\dllcache\dmconfig.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 224768 c:\windows\system32\dllcache\dmadmin.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 163840 c:\windows\system32\dllcache\diskpart.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 181760 c:\windows\system32\dllcache\dinput8.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 159232 c:\windows\system32\dllcache\dinput.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 394240 c:\windows\system32\dllcache\diactfrm.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 370176 c:\windows\system32\dllcache\dhcpmon.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 111104 c:\windows\system32\dllcache\dgnet.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 123904 c:\windows\system32\dllcache\dfrgui.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 104960 c:\windows\system32\dllcache\dfrgntfs.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 282624 c:\windows\system32\dllcache\devmgr.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 266240 c:\windows\system32\dllcache\ddraw.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 110592 c:\windows\system32\dllcache\dbnetlib.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 152064 c:\windows\system32\dllcache\datime.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 350208 c:\windows\system32\dllcache\d3drm.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 590336 c:\windows\system32\dllcache\d3dramp.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 825344 c:\windows\system32\dllcache\d3dim700.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 436224 c:\windows\system32\dllcache\d3dim.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 149019 c:\windows\system32\dllcache\crtdll.dll
+ 2009-04-16 16:27 . 2007-07-22 13:13 539648 c:\windows\system32\dllcache\comuid.dll
+ 2009-04-16 16:27 . 2001-08-23 14:00 147456 c:\windows\system32\dllcache\comsnap.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 229376 c:\windows\system32\dllcache\compstui.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 252928 c:\windows\system32\dllcache\compatui.dll
+ 2009-04-16 16:26 . 2004-08-04 01:56 185344 c:\windows\system32\dllcache\cmprops.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 388608 c:\windows\system32\dllcache\cmd.exe
+ 2009-04-16 16:27 . 2007-07-22 13:13 110080 c:\windows\system32\dllcache\clbcatex.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 148480 c:\windows\system32\dllcache\cic.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 229376 c:\windows\system32\dllcache\cewmdm.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 457728 c:\windows\system32\dllcache\certmgr.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 142848 c:\windows\system32\dllcache\capesnpn.dll
+ 2009-04-16 16:27 . 2001-08-23 14:00 114688 c:\windows\system32\dllcache\calc.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 136704 c:\windows\system32\dllcache\bootcfg.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 361472 c:\windows\system32\dllcache\blue_ss.dll
+ 2007-07-22 13:18 . 2007-07-22 13:18 542720 c:\windows\system32\dllcache\blackbox.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 109456 c:\windows\system32\dllcache\avifile.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 580608 c:\windows\system32\dllcache\autofmt.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 588800 c:\windows\system32\dllcache\autochk.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 295936 c:\windows\system32\dllcache\appmgr.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 256512 c:\windows\system32\dllcache\agentsvr.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 214016 c:\windows\system32\dllcache\agentctl.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 109568 c:\windows\system32\dllcache\adsnw.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 263680 c:\windows\system32\dllcache\adsnt.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 161792 c:\windows\system32\dllcache\adsnds.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 175616 c:\windows\system32\dllcache\adsldp.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 116224 c:\windows\system32\dllcache\acxtrnal.dll
+ 2007-07-22 13:31 . 2007-07-22 13:31 245248 c:\windows\system32\dllcache\acspecfc.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 114688 c:\windows\system32\dllcache\aclui.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 141312 c:\windows\system32\dllcache\aclua.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 129536 c:\windows\system32\dllcache\acledit.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 450048 c:\windows\system32\dllcache\aclayers.dll
+ 2009-04-16 16:27 . 2004-08-04 01:56 183808 c:\windows\system32\dllcache\accwiz.exe
+ 2007-07-22 13:13 . 2007-07-22 13:13 100352 c:\windows\system32\dllcache\6to4svc.dll
+ 2009-01-18 23:05 . 2009-01-18 23:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 1913344 c:\windows\system32\dllcache\mmcndmgr.dll
+ 2007-07-22 13:14 . 2007-07-22 13:14 1354752 c:\windows\system32\dllcache\mmc.exe
+ 2001-08-23 14:00 . 2001-08-23 14:00 1114896 c:\windows\system32\dllcache\esent97.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 2113536 c:\windows\system32\dllcache\dxdiagn.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 1298432 c:\windows\system32\dllcache\dxdiag.exe
+ 2004-08-04 01:56 . 2004-08-04 01:56 1227264 c:\windows\system32\dllcache\dx8vb.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 1294336 c:\windows\system32\dllcache\dsound3d.dll
+ 2001-08-23 14:00 . 2001-08-23 14:00 1501696 c:\windows\system32\dllcache\diskcopy.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 1054208 c:\windows\system32\dllcache\danim.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 1689088 c:\windows\system32\dllcache\d3d9.dll
+ 2004-08-04 01:56 . 2004-08-04 01:56 1179648 c:\windows\system32\dllcache\d3d8.dll
+ 2007-07-22 13:13 . 2007-07-22 13:13 2068480 c:\windows\system32\dllcache\cdosys.dll
+ 2009-08-17 09:10 . 2009-08-17 09:10 1757696 c:\windows\Installer\3d570.msi
+ 2009-08-17 09:03 . 2009-08-17 09:03 1697792 c:\windows\Installer\3d56c.msp
+ 2009-08-17 09:04 . 2009-08-17 09:04 6653952 c:\windows\Installer\3d55e.msp
+ 2009-08-17 09:03 . 2009-08-17 09:03 2150400 c:\windows\Installer\3d53a.msp
+ 2009-08-17 09:06 . 2009-08-17 09:06 3938816 c:\windows\Installer\3d52c.msi
+ 2008-12-18 23:48 . 2008-12-18 23:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll
+ 2009-02-27 23:37 . 2009-02-27 23:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-27 17567744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-07-22 124928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Linksys Wireless Network Monitor.lnk - c:\program files\Linksys\WUSBF54G\wlMonitor.exe [2009-6-14 3205632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/16/2009 3:36 AM 108289]
R2 NICSer_WUSBF54G;NICSer_WUSBF54G;c:\program files\Linksys\WUSBF54G\NICServ.exe [6/14/2009 1:06 PM 529920]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [6/9/2009 1:47 AM 40576]
R3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [5/5/2009 9:18 AM 219648]
R3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [5/5/2009 9:19 AM 475264]
R3 ZD1211U(Linksys);Linksys Wireless-G USB Network Adapter Driver(Linksys);c:\windows\system32\drivers\ZD1211U.sys [6/14/2009 1:06 PM 278528]
S2 FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;c:\docume~1\JOHNDO~1\LOCALS~1\Temp\IXP001.TMP\FAH.exe -svcstart --> c:\docume~1\JOHNDO~1\LOCALS~1\Temp\IXP001.TMP\FAH.exe -svcstart [?]
S2 gupdate1c9bf8863d9adfc;Google Update Service (gupdate1c9bf8863d9adfc);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 11:14 AM 133104]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/3/2004 6:56 PM 14336]
 
--- Other Services/Drivers In Memory ---

*NewlyCreated* - BEEP

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 18:14]

2009-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 18:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\g8ttv7fh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - plugin: c:\documents and settings\John Doe\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\John Doe\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 23:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-725345543-73586283-2147019285-1001\Software\SecuROM\License information*]
"datasecu"=hex:d6,69,a9,ab,f9,d8,98,45,66,82,74,9d,ad,9f,a8,42,86,c8,5b,16,9d,
dc,32,d7,a3,87,86,f8,ef,84,28,4c,1b,c0,de,e2,89,80,2b,f8,8a,ec,a7,a0,1c,d8,\
"rkeysecu"=hex:69,47,ec,71,f6,de,af,cf,2b,90,e4,90,fe,0e,c4,20
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3164)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2009-08-20 23:13
ComboFix-quarantined-files.txt 2009-08-20 06:13
ComboFix2.txt 2009-08-16 08:16

Pre-Run: 99,018,489,856 bytes free
Post-Run: 98,982,486,016 bytes free

724
 
DDS (Ver_09-07-30.01) - NTFSx86
Run by John Doe at 23:21:11.14 on Wed 08/19/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.564 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\WUSBF54G\NICServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
K:\Security\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\linksy~1.lnk - c:\program files\linksys\wusbf54g\wlMonitor.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\johndo~1\applic~1\mozilla\firefox\profiles\g8ttv7fh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - plugin: c:\documents and settings\john doe\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\john doe\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-16 11608]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-8-16 353672]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-16 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-16 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-16 55656]
R2 NICSer_WUSBF54G;NICSer_WUSBF54G;c:\program files\linksys\wusbf54g\NICServ.exe [2009-6-14 529920]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2009-6-9 40576]
R3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [2009-5-5 219648]
R3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [2009-5-5 475264]
R3 ZD1211U(Linksys);Linksys Wireless-G USB Network Adapter Driver(Linksys);c:\windows\system32\drivers\ZD1211U.sys [2009-6-14 278528]
S2 FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;c:\docume~1\johndo~1\locals~1\temp\ixp001.tmp\fah.exe -svcstart --> c:\docume~1\johndo~1\locals~1\temp\ixp001.tmp\FAH.exe -svcstart [?]
S2 gupdate1c9bf8863d9adfc;Google Update Service (gupdate1c9bf8863d9adfc);c:\program files\google\update\GoogleUpdate.exe [2009-4-17 133104]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-3 14336]

=============== Created Last 30 ================

2009-08-19 23:06 <DIR> --ds---- C:\ComboFix
2009-08-19 22:42 4,224 a------- c:\windows\system32\drivers\beep.sys
2009-08-19 22:42 4,224 a------- c:\windows\system32\dllcache\beep.sys
2009-08-19 10:42 435,200 a------- c:\windows\system32\ntmssvc.dll
2009-08-19 10:42 435,200 a------- c:\windows\system32\dllcache\ntmssvc.dll
2009-08-19 10:42 33,792 a------- c:\windows\system32\msgsvc.dll
2009-08-19 10:42 33,792 a------- c:\windows\system32\dllcache\msgsvc.dll
2009-08-19 10:42 13,824 a------- c:\windows\system32\wscntfy.exe
2009-08-19 10:42 13,824 a------- c:\windows\system32\dllcache\wscntfy.exe
2009-08-18 11:59 <DIR> a-dshr-- C:\autorun.inf
2009-08-17 02:11 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-17 01:53 <DIR> --d----- c:\windows\system32\appmgmt
2009-08-17 01:42 <DIR> a-dshr-- C:\cmdcons
2009-08-16 03:46 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-08-16 03:46 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-08-16 03:46 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-08-16 03:46 <DIR> --d----- c:\program files\Zone Labs
2009-08-16 03:46 350,192 a------- c:\windows\system32\vsconfig.xml
2009-08-16 03:45 <DIR> --d----- c:\windows\Internet Logs
2009-08-16 03:36 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-16 03:36 <DIR> --d----- c:\program files\Avira
2009-08-16 03:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-08-16 01:15 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-08-16 01:13 <DIR> --d----- c:\windows\system32\wbem\snmp
2009-08-16 01:13 <DIR> --d----- c:\windows\system32\xircom
2009-08-16 01:13 <DIR> --d----- c:\windows\system32\ime
2009-08-16 01:13 <DIR> --d----- c:\windows\srchasst
2009-08-16 01:13 <DIR> --d----- c:\program files\msn gaming zone
2009-08-16 01:13 <DIR> --d----- c:\program files\common files\speechengines
2009-08-16 01:04 228,864 a------- c:\windows\PEV.exe
2009-08-16 01:04 161,792 a------- c:\windows\SWREG.exe
2009-08-16 01:04 98,816 a------- c:\windows\sed.exe
2009-08-11 12:12 1,334 a------- c:\windows\wininit.ini
2009-08-09 00:28 <DIR> --d----- c:\program files\IZArc
2009-08-07 23:11 <DIR> --d----- C:\ILLUSION
2009-08-07 23:02 <DIR> --d----- c:\windows\system32\URTTemp
2009-07-24 02:32 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-07-24 02:21 <DIR> --d----- c:\windows\system32\DirectX
2009-07-24 02:21 <DIR> --d----- c:\windows\Logs
2009-07-24 02:21 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-07-24 02:21 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-07-24 02:00 <DIR> --d----- c:\program files\Deep Silver
2009-07-24 02:00 <DIR> --d----- c:\windows\system32\AGEIA
2009-07-24 01:59 <DIR> --d----- c:\docume~1\johndo~1\applic~1\DAEMON Tools Pro
2009-07-24 01:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-07-24 01:04 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-07-24 01:04 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-07-24 01:01 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-07-24 01:01 <DIR> --d----- c:\docume~1\johndo~1\applic~1\DAEMON Tools Lite
2009-07-23 03:46 67 a------- c:\windows\lz_scm.ini
2009-07-22 11:00 97,792 a------- c:\windows\system32\drivers\ACEDRV05.sys
2009-07-22 10:44 221,184 a------- c:\windows\system32\wmpns.dll
2009-07-21 09:13 <DIR> --d----- c:\program files\Ascaron Entertainment

==================== Find3M ====================

2009-08-17 02:10 411,368 ac------ c:\windows\system32\deploytk.dll
2009-07-25 08:21 98,304 a------- c:\windows\DUMP76e5.tmp
2009-07-01 17:55 90,112 ac------ c:\windows\DUMP853d.tmp
2009-06-27 08:14 2,048 a------- c:\windows\system32\Tr_sttool.dat
2009-06-06 09:38 692,224 ac------ c:\windows\system32\bsrmgcv.dll
2009-06-06 09:38 192,512 ac------ c:\windows\system32\bsrmgps.dll
2009-06-06 09:38 585,728 ac------ c:\windows\system32\bsratswf.dll
2009-06-06 09:38 147,456 ac------ c:\windows\system32\bsratwmv.dll

============= FINISH: 23:21:34.04 ===============
 
Hi,

Yes, looks like there's probably one more file missing.

Please run SystemLook like you did earlier by having following instructions set in:
Code: 
:filefind
regsvc.dll

Post back the results.
 
okay, ran systemlook, no files found, replaced from a different p/c again...

SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 03:36 on 20/08/2009 by John Doe (Administrator - Elevation successful)

========== filefind ==========

Searching for "regsvc.dll"
C:\WINDOWS\system32\dllcache\regsvc.dll --a--- 59904 bytes [10:36 20/08/2009] [07:56 04/08/2004] 3151427DB7D87107D1C5BE58FAC53960
C:\WINDOWS\system32\regsvc.dll --a--- 59904 bytes [10:36 20/08/2009] [07:56 04/08/2004] 3151427DB7D87107D1C5BE58FAC53960

-=End Of File=-


and here is a new combofix report:

ComboFix 09-08-19.0C - John Doe 08/20/2009 3:38.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.556 [GMT -7:00]
Running from: k:\security\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.

2009-08-20 10:36 . 2004-08-04 07:56 59904 ----a-w- c:\windows\system32\regsvc.dll
2009-08-20 10:36 . 2004-08-04 07:56 59904 ----a-w- c:\windows\system32\dllcache\regsvc.dll
2009-08-20 05:42 . 2002-08-29 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-20 05:42 . 2002-08-29 12:00 4224 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-08-19 17:42 . 2004-08-04 07:56 13824 ----a-w- c:\windows\system32\wscntfy.exe
2009-08-19 17:42 . 2004-08-04 07:56 13824 ----a-w- c:\windows\system32\dllcache\wscntfy.exe
2009-08-19 17:42 . 2004-08-04 07:56 435200 ----a-w- c:\windows\system32\ntmssvc.dll
2009-08-19 17:42 . 2004-08-04 07:56 435200 ----a-w- c:\windows\system32\dllcache\ntmssvc.dll
2009-08-19 17:42 . 2004-08-04 07:56 33792 ----a-w- c:\windows\system32\msgsvc.dll
2009-08-19 17:42 . 2004-08-04 07:56 33792 ----a-w- c:\windows\system32\dllcache\msgsvc.dll
2009-08-17 09:14 . 2009-08-17 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-17 09:14 . 2009-08-17 09:14 -------- d-----w- c:\program files\NOS
2009-08-17 09:14 . 2009-08-07 19:44 30400 ----a-w- c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\g8ttv7fh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-08-17 09:14 . 2009-08-07 19:44 22848 ----a-w- c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\g8ttv7fh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-08-17 09:14 . 2009-08-07 19:44 19792 ----a-w- c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\g8ttv7fh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-08-17 09:10 . 2009-08-17 09:10 -------- d-----w- c:\program files\Java
2009-08-16 10:46 . 2009-08-16 10:46 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-16 10:46 . 2009-02-16 07:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-08-16 10:46 . 2009-02-16 07:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-08-16 10:46 . 2009-08-16 10:46 -------- d-----w- c:\windows\system32\ZoneLabs
2009-08-16 10:46 . 2009-08-16 10:46 -------- d-----w- c:\program files\Zone Labs
2009-08-16 10:46 . 2009-02-16 07:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-08-16 10:45 . 2009-08-20 10:34 -------- d-----w- c:\windows\Internet Logs
2009-08-16 10:36 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-16 10:36 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-16 10:36 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-16 10:36 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-16 10:36 . 2009-08-16 10:36 -------- d-----w- c:\program files\Avira
2009-08-16 10:36 . 2009-08-16 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\system32\wbem\snmp
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\system32\xircom
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\srchasst
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\program files\microsoft frontpage
2009-08-09 07:28 . 2009-08-09 07:29 -------- d-----w- c:\program files\IZArc
2009-08-08 06:11 . 2009-08-08 12:08 -------- d-----w- C:\ILLUSION
2009-08-08 06:02 . 2009-08-08 06:04 -------- d-----w- c:\windows\system32\URTTemp
2009-07-24 09:48 . 2009-07-24 09:48 -------- d-----w- c:\documents and settings\John Doe\Local Settings\Application Data\Ascaron Entertainment
2009-07-24 09:32 . 2009-07-24 09:32 -------- d--h--r- c:\documents and settings\John Doe\Application Data\SecuROM
2009-07-24 09:32 . 2009-07-24 09:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-24 09:21 . 2009-07-24 09:21 -------- d-----w- c:\windows\Logs
2009-07-24 09:21 . 2009-07-24 09:21 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-24 09:21 . 2009-07-24 09:21 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\program files\Deep Silver
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\windows\system32\AGEIA
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-24 08:59 . 2009-07-24 08:59 -------- d-----w- c:\documents and settings\John Doe\Application Data\DAEMON Tools Pro
2009-07-24 08:05 . 2009-07-24 08:05 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-07-24 08:04 . 2009-07-24 08:04 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-24 08:04 . 2009-07-24 08:04 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-24 08:01 . 2009-07-24 08:01 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-24 08:01 . 2009-07-24 08:05 -------- d-----w- c:\documents and settings\John Doe\Application Data\DAEMON Tools Lite
2009-07-22 18:00 . 2009-07-22 18:00 97792 ----a-w- c:\windows\system32\drivers\ACEDRV05.sys
2009-07-22 17:47 . 2009-07-22 17:47 -------- d-----w- c:\documents and settings\Karma\Local Settings\Application Data\Mozilla
2009-07-21 16:13 . 2009-07-21 16:13 -------- d-----w- c:\program files\Ascaron Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 17:50 . 2009-08-19 17:50 562297 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-08-17 09:10 . 2009-04-18 17:35 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-08-17 09:06 . 2009-04-16 21:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-16 10:09 . 2009-06-09 10:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-13 07:52 . 2009-05-19 16:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-08 12:08 . 2009-04-16 22:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 10:55 . 2009-04-21 21:22 10808 ----a-w- c:\documents and settings\John Doe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-25 15:21 . 2009-04-17 09:15 98304 ----a-w- c:\windows\DUMP76e5.tmp
2009-07-24 09:00 . 2009-04-16 22:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 17:47 . 2009-04-17 19:36 -------- d-----w- c:\documents and settings\John Doe\Application Data\Move Networks
2009-07-12 17:47 . 2009-05-14 17:42 127872 ----a-w- c:\documents and settings\John Doe\Application Data\Move Networks\uninstall.exe
2009-07-12 17:47 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\John Doe\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-07-12 17:47 . 2009-07-12 17:47 1685856 ----a-w- c:\documents and settings\John Doe\Application Data\Move Networks\MoveMediaPlayerWinSilent_071503000010.exe
2009-07-02 00:55 . 2009-04-17 09:15 90112 -c--a-w- c:\windows\DUMP853d.tmp
2009-06-27 15:14 . 2009-06-06 16:38 2048 ----a-w- c:\windows\system32\Tr_sttool.dat
2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\documents and settings\John Doe\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-09 08:47 . 2009-06-09 08:47 40576 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
2009-06-06 16:38 . 2009-06-06 16:38 692224 -c--a-w- c:\windows\system32\bsrmgcv.dll
2009-06-06 16:38 . 2009-06-06 16:38 192512 -c--a-w- c:\windows\system32\bsrmgps.dll
2009-06-06 16:38 . 2009-06-06 16:38 585728 -c--a-w- c:\windows\system32\bsratswf.dll
2009-06-06 16:38 . 2009-06-06 16:38 147456 -c--a-w- c:\windows\system32\bsratwmv.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2007-07-24 20:09 360704 A11391BE25035570AE4B8970920F2C74 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot_2009-08-20_06.12.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-20 07:08 . 2009-08-20 07:08 16384 c:\windows\Temp\Perflib_Perfdata_4ec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-27 17567744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-07-22 124928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Linksys Wireless Network Monitor.lnk - c:\program files\Linksys\WUSBF54G\wlMonitor.exe [2009-6-14 3205632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/16/2009 3:36 AM 108289]
R2 NICSer_WUSBF54G;NICSer_WUSBF54G;c:\program files\Linksys\WUSBF54G\NICServ.exe [6/14/2009 1:06 PM 529920]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [6/9/2009 1:47 AM 40576]
R3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [5/5/2009 9:18 AM 219648]
R3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [5/5/2009 9:19 AM 475264]
R3 ZD1211U(Linksys);Linksys Wireless-G USB Network Adapter Driver(Linksys);c:\windows\system32\drivers\ZD1211U.sys [6/14/2009 1:06 PM 278528]
S2 FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;c:\docume~1\JOHNDO~1\LOCALS~1\Temp\IXP001.TMP\FAH.exe -svcstart --> c:\docume~1\JOHNDO~1\LOCALS~1\Temp\IXP001.TMP\FAH.exe -svcstart [?]
S2 gupdate1c9bf8863d9adfc;Google Update Service (gupdate1c9bf8863d9adfc);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 11:14 AM 133104]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/3/2004 6:56 PM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 18:14]

2009-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 18:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\g8ttv7fh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - plugin: c:\documents and settings\John Doe\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\John Doe\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-20 03:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-725345543-73586283-2147019285-1001\Software\SecuROM\License information*]
"datasecu"=hex:d6,69,a9,ab,f9,d8,98,45,66,82,74,9d,ad,9f,a8,42,86,c8,5b,16,9d,
dc,32,d7,a3,87,86,f8,ef,84,28,4c,1b,c0,de,e2,89,80,2b,f8,8a,ec,a7,a0,1c,d8,\
"rkeysecu"=hex:69,47,ec,71,f6,de,af,cf,2b,90,e4,90,fe,0e,c4,20
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1012)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2009-08-20 3:44
ComboFix-quarantined-files.txt 2009-08-20 10:44
ComboFix2.txt 2009-08-16 08:16

Pre-Run: 99,003,863,040 bytes free
Post-Run: 98,967,572,480 bytes free

240
 
when running spybot, win32.tdss.rtk no longer shows up :bigthumb:

but--- found this... says spybot needs to restart in order to fix, since it's stored in memory... says that after every restart. lol

--- Report generated: 2009-08-20 03:18 ---

Win32.FraudLoad.edt: [SBI $7312D32F] Type library (Registry key, fixing failed)
HKEY_CLASSES_ROOT\TypeLib\{E24211B3-A78A-C6A9-D317-70979ACE5058}


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-06-09 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-08-18 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-08-19 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-08-04 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-08-19 Includes\Malware.sbi (*)
2009-08-19 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-08-18 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-07-30 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-08-11 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-08-19 Includes\Trojans.sbi (*)
2009-08-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
 
You must log in or register to reply here.
Back
Top