Virtumonde [RESOLVED]

Hello Kari and welcome at Geekstogo,

A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.

• Please download LSPFix from here.
• Run the LSPFix.exe that you have just finished downloading.
• Check the I know what I'm doing box.
• In the Keep box you should see one or more instances of mmchost.dll.
• Select every instance of mmchost.dll and move each one to the Remove box by clicking the >> button.
• When you are done click Finish>>.

After that, please post a new Hijackthislog

Thunderbird1988

Here it is.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:56, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton

Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless

Assistant.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [65c4b349] rundll32.exe "C:\WINDOWS\system32\rsrrtegm.dll",b
O4 - HKLM\..\Run: [BM66f780d5] Rundll32.exe "C:\WINDOWS\system32\ebcdekyr.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search &

Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA9786] command /c del "C:\WINDOWS\system32\ebcdekyr.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7241] cmd /c del "C:\WINDOWS\system32\ebcdekyr.dll_old"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB7621] command /c del "C:\WINDOWS\system32\ebcdekyr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6670] cmd /c del "C:\WINDOWS\system32\ebcdekyr.dll_old"
O4 - HKUS\S-1-5-21-4170802005-3195011891-2577801694-1006\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-4170802005-3195011891-2577801694-1006\..\Run: [SUPERAntiSpyware] C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-21-4170802005-3195011891-2577801694-1006\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-4170802005-3195011891-2577801694-1006\..\RunOnce: [SpybotDeletingB7621]

command /c del "C:\WINDOWS\system32\ebcdekyr.dll_old" (User '?')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default

user')
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1

\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2

\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-

0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -

C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1

\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-

58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=presario&pf=laptop
O15 - Trusted Zone: http://www.geekstogo.com
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) -

http://downloadcente...trolLite_EN.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!

\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://by22fd.bay22....es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitd...can8/oscan8.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) -

http://hoylegames.si...cherControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

http://www.popcap.co...ploader_v10.cab
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) -

http://www.ksolo.com/getPlugin.do
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner -

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program

Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet

Security\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: nobicyt Service (nobicyt) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7646 bytes

Hello katydusty1,

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Thunderbird1988

Here are the logs:

ComboFix 08-08-09.06 - kaitlyn 2008-08-10 8:46:42.1 - NTFSx86

Running from: C:\Documents and Settings\kaitlyn\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\kaitlyn\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.
The following files were disabled during the run:
c:\windows\system32\dbi102.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator.YOUR-09DEDAFE33\Application Data\macromedia\Flash Player\#SharedObjects\FP5V6A8Z\interclick.com
C:\Documents and Settings\Administrator.YOUR-09DEDAFE33\Application Data\macromedia\Flash Player\#SharedObjects\FP5V6A8Z\interclick.com\ud.sol
C:\Documents and Settings\Administrator.YOUR-09DEDAFE33\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Administrator.YOUR-09DEDAFE33\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\kaitlyn\Application Data\macromedia\Flash Player\#SharedObjects\KHSEX6B7\interclick.com
C:\Documents and Settings\kaitlyn\Application Data\macromedia\Flash Player\#SharedObjects\KHSEX6B7\interclick.com\ud.sol
C:\Documents and Settings\kaitlyn\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\kaitlyn\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\kaitlyn\Application Data\PrivacyProtector Free
C:\Documents and Settings\kaitlyn\Application Data\PrivacyProtector Free\Logs\update.log
C:\Documents and Settings\kaitlyn\Application Data\rhcavqj0e9tj
C:\Documents and Settings\kaitlyn\err.log
C:\Program Files\wintouch
C:\WINDOWS\b122.exe
C:\WINDOWS\b129.exe
C:\WINDOWS\b136.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\BM66f780d5.txt
C:\WINDOWS\BM66f780d5.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\ORUN32.EXE
C:\WINDOWS\system32\__c00C6912.exe
C:\WINDOWS\system32\6to4ex.dll
C:\WINDOWS\system32\alog.txt
C:\WINDOWS\system32\app.exe
C:\WINDOWS\system32\awtqnkhe.dll
C:\WINDOWS\system32\bund1
C:\WINDOWS\system32\bund1\temp.txt
C:\WINDOWS\system32\cedjic.dll
C:\WINDOWS\system32\CMMGR32.EXE
C:\WINDOWS\system32\comsa32.sys
c:\WINDOWS\system32\dbi102.dll.vir
C:\WINDOWS\system32\DgQWvyxx.ini
C:\WINDOWS\system32\DgQWvyxx.ini2
C:\WINDOWS\system32\dkpmbuuf.dll
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache(5).dsk
C:\WINDOWS\system32\eaxwsdej.dll
C:\WINDOWS\system32\gvrnaswk.ini
C:\WINDOWS\system32\hhgsjxog.dll
C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\iqajkh.dll
C:\WINDOWS\system32\jedswxae.ini
C:\WINDOWS\system32\jxuoeghq.dll
C:\WINDOWS\system32\kvgooehf.dll
C:\WINDOWS\system32\kwsanrvg.dll
C:\WINDOWS\system32\macidwe.exe
C:\WINDOWS\system32\mgetrrsr.ini
C:\WINDOWS\system32\mmchost.dll
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\Nobicyt.exe
C:\WINDOWS\system32\opnnNDWp.dll
C:\WINDOWS\system32\qctinksa.dll
C:\WINDOWS\system32\qpiuqryy.ini
C:\WINDOWS\system32\qrdygk.dll
C:\WINDOWS\system32\rsrrtegm.dll
C:\WINDOWS\system32\syspilog.pil
C:\WINDOWS\system32\tdxdowkc.exe
C:\WINDOWS\system32\url(2).dll
C:\WINDOWS\system32\xxyvWQgD.dll
C:\WINDOWS\system32\yazjbb.dll
C:\WINDOWS\system32\yyrquipq.dll
C:\xcrashdump.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Legacy_CORE
-------\Legacy_IPRIP
-------\Legacy_MACIDWE
-------\Legacy_NNSERV
-------\Legacy_PERFS
-------\Legacy_ROUTING
-------\Legacy_SEICTRL
-------\Legacy_TDXDOWKC
-------\Legacy_WSERVING
-------\Service_macidwe
-------\Service_NNServ
-------\Service_seictrl
-------\Service_tdxdowkc
-------\Legacy_nobicyt
-------\Service_nobicyt


((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.

2008-08-10 06:47 . 2008-08-10 06:47 2,048 --a------ C:\WINDOWS\system32\lvfgpwvs.exe
2008-08-09 21:45 . 2008-08-09 21:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-09 12:34 . 2008-08-09 14:47 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-08-08 23:51 . 2008-08-08 23:51 2,855 --a------ C:\WINDOWS\system32\install.PIF
2008-08-08 23:40 . 2008-08-08 23:55 2,048 --a------ C:\WINDOWS\system32\rqglqcna.exe
2008-08-08 21:12 . 2008-08-08 21:12 1 --a------ C:\WINDOWS\system32\tb.dr
2008-08-08 21:11 . 2008-08-08 21:11 <DIR> d--hs---- C:\WINDOWS\system32\config\systemprofile\Temporary Internet Files
2008-08-08 21:11 . 2008-08-08 21:11 <DIR> d--hs---- C:\WINDOWS\system32\config\systemprofile\History
2008-08-08 21:10 . 2008-08-08 21:11 <DIR> d-------- C:\Program Files\Microsoft Common
2008-08-08 21:10 . 2008-08-08 21:10 60,416 --a------ C:\WINDOWS\inform.dat
2008-08-08 21:10 . 2008-08-08 21:10 45,568 --a------ C:\WINDOWS\system32\pns32.dll
2008-08-08 19:45 . 2008-08-08 19:45 2,048 --a------ C:\WINDOWS\system32\jaltcfeo.exe
2008-08-08 19:34 . 2008-08-10 07:15 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-08 19:34 . 2008-08-08 19:34 <DIR> d-------- C:\Documents and Settings\kaitlyn\Application Data\SUPERAntiSpyware.com
2008-08-08 19:34 . 2008-08-08 19:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-08 19:33 . 2008-08-08 19:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-08 18:41 . 2008-08-09 15:20 1,848 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-08 18:38 . 2006-05-09 08:14 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-09DEDAFE33\Application Data\Symantec
2008-08-08 18:38 . 2006-05-09 08:20 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-09DEDAFE33\Application Data\Intuit
2008-08-08 18:38 . 2008-08-08 18:38 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-09DEDAFE33
2008-08-08 18:06 . 2008-08-08 18:06 <DIR> d-------- C:\VundoFix Backups
2008-08-08 16:05 . 2008-08-08 16:05 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-07 22:29 . 2008-08-07 22:29 2,185 --a------ C:\WINDOWS\Active Setup Log.BAK
2008-08-07 18:21 . 2008-08-07 18:21 2,048 --a------ C:\WINDOWS\system32\hsmytbah.exe
2008-08-06 13:40 . 2008-08-06 13:50 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-06 13:39 . 2008-08-06 13:39 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-06 13:39 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-08-04 19:57 . 2008-08-04 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-08-04 19:21 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-04 17:10 . 2008-08-04 17:15 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-03 18:46 . 2008-08-04 16:49 <DIR> d-------- C:\Program Files\Windows Defender
2008-08-03 17:41 . 2008-08-03 17:41 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-03 17:41 . 2008-08-03 17:41 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-03 17:38 . 2008-08-03 17:41 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-03 16:44 . 2004-07-17 11:35 67,866 --a------ C:\WINDOWS\system32\drivers\netwlan5.img
2008-08-03 16:43 . 2004-07-17 11:36 64,352 --a------ C:\WINDOWS\system32\drivers\ativmc20.cod
2008-08-03 16:43 . 2006-12-28 14:01 19,569 --a------ C:\WINDOWS\002743_.tmp
2008-08-03 16:17 . 2008-08-04 18:06 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-08-02 00:02 . 2008-08-08 21:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-02 00:02 . 2008-08-02 00:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-01 19:59 . 2008-08-01 20:00 <DIR> d-------- C:\Program Files\WON
2008-08-01 19:55 . 2008-08-01 19:55 327,681 --a------ C:\wonplay.exe
2008-07-24 01:22 . 1997-12-11 05:15 161,792 --a------ C:\WINDOWS\uninst95.exe
2008-07-23 00:19 . 2008-07-23 00:19 986 --a------ C:\WINDOWS\POWER.INI
2008-07-23 00:15 . 2008-07-23 00:15 958 --a------ C:\WINDOWS\ANIMATE.INI
2008-07-22 23:57 . 2008-07-22 23:57 972 --a------ C:\WINDOWS\8BALL.INI
2008-07-22 23:55 . 2008-07-26 16:26 403 --a------ C:\WINDOWS\2XStars.ini
2008-07-22 23:55 . 2008-07-22 23:55 338 --a------ C:\WINDOWS\2XDyna.ini
2008-07-22 23:54 . 2008-07-22 23:54 1,010 --a------ C:\WINDOWS\ABSOLUTE.INI
2008-07-22 23:29 . 2008-07-24 22:50 38 --a------ C:\WINDOWS\STUDPOK.INI
2008-07-22 22:52 . 2008-07-22 22:52 <DIR> d-------- C:\BEARWARE
2008-07-22 22:50 . 1998-07-02 14:25 398,416 --a------ C:\WINDOWS\system\Vbrun300.dll
2008-07-22 22:50 . 1997-07-19 16:00 193,296 --a------ C:\WINDOWS\system\Mci32.ocx
2008-07-22 22:50 . 1998-05-11 22:51 133,088 --a------ C:\WINDOWS\system\Cncs.dll
2008-07-22 22:50 . 1998-05-12 10:44 30,544 --a------ C:\WINDOWS\system\Dib.drv
2008-07-22 22:50 . 2008-07-22 22:50 99 --a------ C:\WINDOWS\Ultisoft.ini
2008-07-22 22:50 . 1998-12-08 13:18 9 --a------ C:\WINDOWS\Collida.ini
2008-07-22 22:50 . 1998-12-08 13:15 9 --a------ C:\WINDOWS\Brick.ini
2008-07-22 22:36 . 1997-07-19 17:00 227,600 --a------ C:\WINDOWS\system32\Msflxgrd.ocx
2008-07-22 22:36 . 1996-06-06 22:06 189,952 --a------ C:\WINDOWS\QCARD32.DLL
2008-07-22 22:24 . 2008-07-22 22:34 436 --a------ C:\WINDOWS\Win95dll.ini
2008-07-22 22:12 . 2008-07-22 22:36 <DIR> d-------- C:\Program Files\Galaxy of Games
2008-07-22 22:12 . 2008-07-22 22:12 0 --a------ C:\WINDOWS\PROTOCOL.INI
2008-07-22 16:51 . 2000-04-24 11:20 544,768 --a------ C:\WINDOWS\system32\SierraNW.DLL
2008-07-22 16:51 . 2000-04-21 17:15 200,704 --a------ C:\WINDOWS\system32\SNWValid.dll
2008-07-22 16:46 . 2008-07-22 16:51 <DIR> d-------- C:\Sierra
2008-07-22 16:46 . 2008-07-22 16:51 <DIR> d-------- C:\Program Files\Sierra On-Line
2008-07-22 16:44 . 2008-07-22 16:53 584 --a------ C:\WINDOWS\SIERRA.INI
2008-07-22 16:32 . 2008-07-22 16:32 <DIR> d-------- C:\Program Files\Millennium Gamepak Gold
2008-07-22 16:32 . 2008-07-22 16:32 286,720 --a------ C:\WINDOWS\iun506.exe
2008-07-21 15:19 . 2004-08-04 08:00 33,792 --a------ C:\WINDOWS\system32\lmmib2.dll
2008-07-21 15:19 . 2004-08-04 08:00 33,792 --a------ C:\WINDOWS\system32\dllcache\lmmib2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 11:42 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-08-09 18:37 22 ----a-w C:\Program Files\c.zip
2008-08-09 18:37 22 ----a-w C:\Program Files\b.zip
2008-08-09 18:37 22 ----a-w C:\Program Files\a.zip
2008-08-09 05:35 --------- d-----w C:\Program Files\Windows Live
2008-08-09 00:51 --------- d-----w C:\Program Files\NetWaiting
2008-08-09 00:51 --------- d-----w C:\Program Files\Hp
2008-08-08 21:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-08 13:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-08 04:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-06 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-06 19:24 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-05 00:21 --------- d-----w C:\Program Files\Java
2008-08-05 00:08 --------- d-----w C:\Program Files\Google
2008-08-04 06:40 78,360 ----a-w C:\Program Files\uy.exe
2008-08-04 06:40 203,149 ----a-w C:\Documents and Settings\kaitlyn\lo.exe
2008-07-08 05:11 --------- d-----w C:\Program Files\Broadcom
2008-07-08 03:17 --------- d-----w C:\Documents and Settings\kaitlyn\Application Data\funkitron
2008-07-07 02:41 --------- d-----w C:\Program Files\LimeWire
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2007-11-19 18:41 1,100 ----a-w C:\Documents and Settings\kaitlyn\Application Data\wklnhst.dat
2007-07-01 20:26 141 ----a-w C:\Documents and Settings\kaitlyn\5039.bat
2007-07-01 20:20 66,048 ----a-w C:\Documents and Settings\kaitlyn\x.exe
2007-07-01 00:55 25,214 ----a-w C:\Program Files\B.ico
2007-07-01 00:55 25,214 ----a-w C:\Program Files\A.ico
2007-06-05 18:11 167 ----a-w C:\Documents and Settings\kaitlyn\6006.bat
2007-05-29 18:57 167 ----a-w C:\Documents and Settings\kaitlyn\1096.bat
2000-02-02 00:01 40,960 --sha-r C:\WINDOWS\system32\KarnaDrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-27 17:02:06 581693]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^kaitlyn^Start Menu^Programs^StartUp^LimeWire On Startup.lnk]
path=C:\Documents and Settings\kaitlyn\Start Menu\Programs\StartUp\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^kaitlyn^Start Menu^Programs^StartUp^Slide.exe.lnk]
path=C:\Documents and Settings\kaitlyn\Start Menu\Programs\StartUp\Slide.exe.lnk
backup=C:\WINDOWS\pss\Slide.exe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^kaitlyn^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=C:\Documents and Settings\kaitlyn\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2006-03-23 16:43 53408 c:\Program Files\Common Files\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 16:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-03-23 07:13 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2006-03-23 07:17 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2006-03-23 07:17 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 18:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 18:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 15:45 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-03-07 15:38 131072 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2006-04-11 23:54 102400 C:\Program Files\Hp\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-15 20:17 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-07-30 14:45 1829712 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-07-06 22:11 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2007-11-15 22:51 166304 c:\Program Files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-04-18 06:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"SAVScan"=3 (0x3)
"NSCService"=3 (0x3)
"NNServ"=2 (0x2)
"iPodService"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Vongo Service"=2 (0x2)
"IDriverT"=3 (0x3)
"ccISPwdSvc"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"LightScribeService"=2 (0x2)
"gusvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\WON\\wonplay.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15101:TCP"= 15101:TCP:Won
"15200:TCP"= 15200:TCP:Won
"15500:TCP"= 15500:TCP:Won
"26901:TCP"= 26901:TCP:Won
"26902:TCP"= 26902:TCP:Won
"26903:TCP"= 26903:TCP:Won
"26904:TCP"= 26904:TCP:Won
"26905:TCP"= 26905:TCP:Won
"26906:TCP"= 26906:TCP:Won
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c037ffed-20e1-11db-8bc5-806d6172696f}]
\Shell\AutoRun\command - D:\setupSNK.exe

*Newly Created Service* - 6TO4
*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9988775D-4368-4857-871A-D01D66CA3A71}]
rundll32 pns32.dll,InitO
.
Contents of the 'Scheduled Tasks' folder

2008-08-10 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - kaitlyn.job
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2006-02-05 01:03]

2008-08-09 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-30 14:45]

2008-08-10 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE []
.
- - - - ORPHANS REMOVED - - - -

BHO-{D21D9540-6415-4288-BDD0-4453088D9D38} - pns32.dll
BHO-{E6182BBF-0047-49E7-8FBF-2F2C380BA48C} - C:\WINDOWS\system32\awvtt.dll
ShellExecuteHooks-{E60A0B68-2F3C-A1D2-A901-9381E036D21A} - (no file)
Notify-__c008D764 - C:\WINDOWS\system32\__c008D764.dat
Notify-cbxvutu - cbxvutu.dll
Notify-opnOifDt - opnOifDt.dll
MSConfigStartUp-65c4b349 - C:\WINDOWS\system32\kwsanrvg.dll
MSConfigStartUp-DW4 - C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
MSConfigStartUp-IpWins - C:\Program Files\Ipwindows\ipwins.exe
MSConfigStartUp-lphcevqj0e9tj - C:\WINDOWS\system32\lphcevqj0e9tj.exe
MSConfigStartUp-runner1 - C:\WINDOWS\retadpu1000137.exe
MSConfigStartUp-SMrhcavqj0e9tj - C:\Program Files\rhcavqj0e9tj\rhcavqj0e9tj.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore

O16 -: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} - hxxp://www.ksolo.com/getPlugin.do
C:\WINDOWS\Downloaded Program Files\kSoloClientIE.inf
C:\Program Files\Pinnacle\Shared Files\Filter\lame_enc.dll
C:\WINDOWS\Downloaded Program Files\kSoloClientIE.ocx


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 08:59:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\6to4]
"ServiceDll"="C:\WINDOWS\system32\6to4ex.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]
"ImagePath"="\SystemRoot\system32\DRIVERS\ABP480N5.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]
"ImagePath"="system32\DRIVERS\ACPIEC.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpu160m.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]
"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\agp440]
"ImagePath"="\SystemRoot\system32\DRIVERS\agp440.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\agpCPQ]
"ImagePath"="\SystemRoot\system32\DRIVERS\agpCPQ.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]
"ImagePath"="\SystemRoot\system32\DRIVERS\aha154x.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]
"ImagePath"="\SystemRoot\system32\DRIVERS\aic78u2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\aic78xx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]
"ImagePath"="system32\DRIVERS\aliide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\alim1541]
"ImagePath"="\SystemRoot\system32\DRIVERS\alim1541.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amdagp]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdagp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]
"ImagePath"="\SystemRoot\system32\DRIVERS\amsint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Arp1394]
"ImagePath"="system32\DRIVERS\arp1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASAPIW2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]
"ImagePath"="\SystemRoot\system32\DRIVERS\asc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]
"ImagePath"="\SystemRoot\system32\DRIVERS\asc3350p.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]
"ImagePath"="\SystemRoot\system32\DRIVERS\asc3550.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_1.1.4322]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Automatic LiveUpdate Scheduler]
"ImagePath"="\"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BCM43XX]
"ImagePath"="system32\DRIVERS\bcmwl5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\btaudio]
"ImagePath"="system32\drivers\btaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BTDriver]
"ImagePath"="system32\DRIVERS\btport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BTKRNL]
"ImagePath"="system32\DRIVERS\btkrnl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\btwdins]
"ImagePath"="C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BTWDNDIS]
"ImagePath"="system32\DRIVERS\btwdndis.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\btwmodem]
"ImagePath"="system32\DRIVERS\btwmodem.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BTWUSB]
"ImagePath"="System32\Drivers\btwusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\C:\ComboFix\catchme.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf]
"ImagePath"="\SystemRoot\system32\DRIVERS\cbidf2k.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CCDECODE]
"ImagePath"="system32\DRIVERS\CCDECODE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ccEvtMgr]
"ImagePath"="\"c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ccISPwdSvc]
"ImagePath"="\"c:\Program Files\Norton Internet Security\ccPwdSvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ccProxy]
"ImagePath"="\"c:\Program Files\Common Files\Symantec Shared\ccProxy.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ccSetMgr]
"ImagePath"="\"c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]
"ImagePath"="\SystemRoot\system32\DRIVERS\cd20xrnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmBatt]
"ImagePath"="system32\DRIVERS\CmBatt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]
"ImagePath"="\SystemRoot\system32\DRIVERS\cmdide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\comHost]
"ImagePath"="\"c:\Program Files\Norton Internet Security\comHost.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Compbatt]
"ImagePath"="system32\DRIVERS\compbatt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
"ImagePath"="C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]
"ImagePath"="\SystemRoot\system32\DRIVERS\cpqarray.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]
"ImagePath"="\SystemRoot\system32\DRIVERS\dac2w2k.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]
"ImagePath"="\SystemRoot\system32\DRIVERS\dac960nt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]
"ImagePath"="\SystemRoot\system32\DRIVERS\dpti2o.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\E100B]
"ImagePath"="system32\DRIVERS\e100b325.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eabfiltr]
"ImagePath"="system32\DRIVERS\eabfiltr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eabusb]
"ImagePath"="system32\DRIVERS\eabusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eeCtrl]
"ImagePath"="\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EraserUtilRebootDrv]
"ImagePath"="\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="C:\WINDOWS\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\DRIVERS\fltMgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GEARAspiWDM]
"ImagePath"="System32\Drivers\GEARAspiWDM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"="\"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HBtnKey]
"ImagePath"="system32\DRIVERS\cpqbttn.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HdAudAddService]
"ImagePath"="system32\drivers\CHDAud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
"ImagePath"="\SystemRoot\system32\DRIVERS\hpn.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpqwmiex]
"ImagePath"="C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZid412]
"ImagePath"="system32\DRIVERS\HPZid412.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZipr12]
"ImagePath"="system32\DRIVERS\HPZipr12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZius12]
"ImagePath"="system32\DRIVERS\HPZius12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HSFHWAZL]
"ImagePath"="system32\DRIVERS\HSFHWAZL.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HSF_DPV]
"ImagePath"="system32\DRIVERS\HSF_DPV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
"ImagePath"="\SystemRoot\system32\DRIVERS\i2omp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ialm]
"ImagePath"="system32\DRIVERS\ialmnt5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iaStor]
"ImagePath"="system32\DRIVERS\iaStor.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
"ImagePath"="\"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
"ImagePath"="\SystemRoot\system32\DRIVERS\ini910u.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\DRIVERS\Ip6Fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iPodService]
"ImagePath"="C:\Program Files\iPod\bin\iPodService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LightScribeService]
"ImagePath"="\"C:\Program Files\Common Files\LightScribe\LSSrvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LiveUpdate]
"ImagePath"="\"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarvinBus]
"ImagePath"="system32\DRIVERS\MarvinBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mdmxsdk]
"ImagePath"="system32\DRIVERS\mdmxsdk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
"ImagePath"="\SystemRoot\system32\DRIVERS\mraid35x.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="C:\WINDOWS\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\navapsvc]
"ImagePath"="\"c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVENG]
"ImagePath"="\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061210.007\NAVENG.Sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVEX15]
"ImagePath"="\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061210.007\NavEx15.Sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIC1394]
"ImagePath"="system32\DRIVERS\nic1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NSCService]
"ImagePath"="\"c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]<

Hello katydusty1,

The Combofix log seems to be cutten off because it was too large. Could you please attach it?

Please post also a new Hijackthislog.

Thunderbird1988

Sorry about that. Here ya go.

Hello katydusty1,

I see you have Limewire installed. I strongly recommand you to remove it beacause it can cause a lot of infections. Also the use of it is illegal in many countries.

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

C:\WINDOWS\system32\lvfgpwvs.exe
C:\WINDOWS\system32\rqglqcna.exe
C:\WINDOWS\system32\pns32.dll
C:\WINDOWS\system32\jaltcfeo.exe
C:\Program Files\c.zip
C:\Program Files\b.zip
C:\Program Files\a.zip
C:\Program Files\uy.exe
C:\Documents and Settings\kaitlyn\5039.bat
C:\Documents and Settings\kaitlyn\x.exe
C:\Program Files\B.ico
C:\Program Files\A.ico
C:\Documents and Settings\kaitlyn\6006.bat
C:\Documents and Settings\kaitlyn\1096.bat

Registry::

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableRegistryTools"dword:00000000

Driver::

6to4

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

Please do also the following.

• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
  
  
  • C:\Documents and Settings\kaitlyn\lo.exe
• Click on the Upload button
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

Please follow the same steps for C:\WINDOWS\system32\KarnaDrv.dll

Thunderbird1988

ok I have attached the combofix log and the hijackthis log. Here are the results from virscan.

Thanks



C:\Documents and Settings\kaitlyn\lo.exe

VirSCAN.org Scanned Report :
Scanned time : 2008/08/10 11:24:16 (CDT)
Scanner results: All Scanners reported not find malware!
File Name : lo.exe
File Size : 203149 byte
File Type : MS-DOS executable
MD5 : 1a1d37b4c9f0306f03f8cf89c4cfbd27
SHA1 : a3874cee0ad8321c29f062545f7ff32f740c95e4
Online report : http://virscan.org/r...243f62b45b.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.22 2008.08.09 2008-08-09 3.69 -
AhnLab V3 2008.08.09.00 2008.08.09 2008-08-09 1.57 -
AntiVir 7.8.1.19 7.0.5.235 2008-08-09 2.18 -
Arcavir 1.0.5 200808101016 2008-08-10 1.18 -
AVAST! 3.0.1 080809-0 2008-08-09 0.67 -
AVG 7.5.51.442 270.6.0/1602 2008-08-09 1.49 -
BitDefender 7.60825.1436201 7.20448 2008-08-10 2.63 -
CA (VET) 9.0.0.143 31.6.6021 2008-08-09 8.13 -
ClamAV 0.93.3 7999 2008-08-10 0.09 -
Comodo 2.11 2.0.0.612 2008-08-10 0.44 -
CP Secure 1.1.0.715 2008.08.10 2008-08-10 6.07 -
Dr.Web 4.44.0.9170 2008.08.10 2008-08-10 3.03 -
ewido 4.0.0.2 2008.08.04 2008-08-04 3.06 -
F-Prot 4.4.4.56 20080809 2008-08-09 0.96 -
F-Secure 5.51.6100 2008.08.10.01 2008-08-10 0.03 -
Fortinet 2.81-3.11 9.388 2008-08-05 1.83 -
ViRobot 20080801 2008.08.01 2008-08-01 0.42 -
Ikarus T3.1.01.34 2008.08.10.71249 2008-08-10 3.16 -
JiangMin 11.0.706 2008.08.10 2008-08-10 1.40 -
Kaspersky 5.5.10 2008.08.10 2008-08-10 0.01 -
KingSoft 2008.1.14.15 2008.8.10.15 2008-08-10 0.64 -
McAfee 5.2.00 5357 2008-08-08 2.45 -
Microsoft 1.3807 2008.08.10 2008-08-10 5.07 -
mks_vir 2.01 2008.08.09 2008-08-09 2.54 -
Norman 5.93.01 5.93.00 2008-08-08 4.65 -
Panda 9.05.01 2008.08.10 2008-08-10 2.61 -
Trend Micro 8.700-1004 5.466.24 2008-08-10 0.02 -
Quick Heal 9.50 2008.08.08 2008-08-08 1.79 -
Rising 20.0 20.56.41.00 2008-08-08 1.55 -
Sophos 2.77.0 4.32 2008-08-10 1.79 -
Sunbelt 3.1.1538.1 2186 2008-08-08 0.42 -
Symantec 1.3.0.24 20080803.002 2008-08-03 0.05 -
nProtect 2008-08-08.00 1761388 2008-08-08 3.62 -
The Hacker 6.2.96 v00395 2008-08-08 0.53 -
VBA32 3.12.8.3 20080809.1019 2008-08-09 1.17 -
VirusBuster 4.5.11.10 4.5.11/ 0010-00-00 0.78 -
--------------------------------------------------------------------------------
C:\WINDOWS\system32\KarnaDrv.dll

VirSCAN.org Scanned Report :
Scanned time : 2008/08/10 11:30:50 (CDT)
Scanner results: 14% Scanner(5/36) found malware!
File Name : KarnaDrv.dll
File Size : 40960 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 711eee2cfecf7e5a5a32ab9e120dc9db
SHA1 : f3b19ddee44fc63176dafdddbe325b88a21d14d9
Online report : http://virscan.org/r...4208747831.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.22 2008.08.09 2008-08-09 2.65 -
AhnLab V3 2008.08.09.00 2008.08.09 2008-08-09 0.99 -
AntiVir 7.8.1.19 7.0.5.235 2008-08-09 2.17 TR/PSW.Wow.bpl
Arcavir 1.0.5 200808101016 2008-08-10 1.19 -
AVAST! 3.0.1 080809-0 2008-08-09 0.68 -
AVG 7.5.51.442 270.6.0/1602 2008-08-09 1.50 -
BitDefender 7.60825.1436201 7.20448 2008-08-10 2.65 -
CA (VET) 9.0.0.143 31.6.6021 2008-08-09 2.89 -
ClamAV 0.93.3 7999 2008-08-10 0.01 -
Comodo 2.11 2.0.0.612 2008-08-10 0.78 -
CP Secure 1.1.0.715 2008.08.10 2008-08-10 6.03 -
Dr.Web 4.44.0.9170 2008.08.10 2008-08-10 3.06 -
ewido 4.0.0.2 2008.08.04 2008-08-04 3.10 -
F-Prot 4.4.4.56 20080809 2008-08-09 1.00 Possible W32/Heuristic-166!Eldorado (not disinfectable)
F-Secure 5.51.6100 2008.08.10.01 2008-08-10 2.98 -
Fortinet 2.81-3.11 9.388 2008-08-05 1.87 -
ViRobot 20080801 2008.08.01 2008-08-01 0.41 -
Ikarus T3.1.01.34 2008.08.10.71249 2008-08-10 3.14 Trojan-PWS.Win32.WOW.bfq
JiangMin 11.0.706 2008.08.10 2008-08-10 1.25 -
Kaspersky 5.5.10 2008.08.10 2008-08-10 0.04 -
KingSoft 2008.1.14.15 2008.8.10.15 2008-08-10 0.73 -
McAfee 5.2.00 5357 2008-08-08 2.42 -
Microsoft 1.3807 2008.08.10 2008-08-10 5.48 PWS:Win32/OnLineGames.ZDJ.dll
mks_vir 2.01 2008.08.09 2008-08-09 2.62 -
Norman 5.93.01 5.93.00 2008-08-08 4.71 -
Panda 9.05.01 2008.08.10 2008-08-10 2.35 -
Trend Micro 8.700-1004 5.466.24 2008-08-10 0.03 -
Quick Heal 9.50 2008.08.08 2008-08-08 1.84 -
Rising 20.0 20.56.41.00 2008-08-08 0.86 -
Sophos 2.77.0 4.32 2008-08-10 1.80 -
Sunbelt 3.1.1538.1 2186 2008-08-08 0.42 -
Symantec 1.3.0.24 20080803.002 2008-08-03 0.05 -
nProtect 2008-08-08.00 1761388 2008-08-08 4.03 -
The Hacker 6.2.96 v00395 2008-08-08 0.43 -
VBA32 3.12.8.3 20080809.1019 2008-08-09 1.18 Malware.Agent.36 (paranoid heuristics) (suspicious)
VirusBuster 4.5.11.10 4.5.11/ 0010-00-00 0.80 -

Hello katydusty1,

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Please do not attach the log. Just post it as a normal reply.

Thunderbird1988

Thunderbird1988,
Here is the Kaspersky Log you needed. Sorry it took so long for me to get back to you.

Thanks again!
Kari

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, August 10, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 10, 2008 20:44:59
Records in database: 1079647
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 89895
Threat name: 16
Infected objects: 34
Suspicious objects: 0
Duration of the scan: 04:48:09


File name / Threat name / Threats count
C:\Documents and Settings\Administrator.YOUR-09DEDAFE33\Desktop\SmitfraudFix.exe Infected: Hoax.Win32.Renos.vaoz 1
C:\Documents and Settings\Administrator.YOUR-09DEDAFE33\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33F617D1.exe Infected: Trojan-Downloader.Win32.VB.bcj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33F617D1.jpg Infected: Trojan-Downloader.Win32.VB.bcj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\449862EC.wma Infected: Trojan-Downloader.WMA.Wimad.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44F0508B.wma Infected: Trojan-Downloader.WMA.Wimad.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46233B39.wma Infected: Trojan-Downloader.WMA.Wimad.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46722AE3.wma Infected: Trojan-Downloader.WMA.Wimad.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47BB3B78.wma Infected: Trojan-Downloader.WMA.Wimad.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5E915C0A.wma Infected: Trojan-Downloader.WMA.Wimad.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EF3479F.wma Infected: Trojan-Downloader.WMA.Wimad.d 1
C:\Documents and Settings\kaitlyn\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-27ee4c9a-1190e038.zip Infected: Trojan.Java.ClassLoader.as 2
C:\Documents and Settings\kaitlyn\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-1aa63a3e.zip Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\kaitlyn\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-54e206d6-279a8634.zip Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\kaitlyn\Desktop\Fixes and Logs\SmitfraudFix.exe Infected: Hoax.Win32.Renos.vaoz 1
C:\Documents and Settings\kaitlyn\Desktop\Fixes and Logs\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\kaitlyn\Incomplete\Preview-T-3545425-needle in my head system of.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\kaitlyn\My Documents\kaitlyn My Documents\SmitfraudFix\SmitfraudFix\IEDFix.exe Infected: Hoax.Win32.Renos.vaoz 1
C:\Documents and Settings\kaitlyn\My Documents\kaitlyn My Documents\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\kaitlyn\My Documents\SmitfraudFix\SmitfraudFix\IEDFix.exe Infected: Hoax.Win32.Renos.vaoz 1
C:\Documents and Settings\kaitlyn\My Documents\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\QooBox\Quarantine\C\WINDOWS\system32\6to4ex.dll.vir Infected: Trojan.Win32.Dialer.aqm 1
C:\QooBox\Quarantine\C\WINDOWS\system32\dbi102.dll.vir.vir Infected: Trojan-GameThief.Win32.OnLineGames.sovd 1
C:\QooBox\Quarantine\C\WINDOWS\system32\kwsanrvg.dll.vir Infected: Trojan.Win32.Monder.duc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\macidwe.exe.vir Infected: Trojan-Downloader.Win32.Delf.ltr 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mmchost.dll.vir Infected: Trojan.Win32.Agent.yhw 1
C:\QooBox\Quarantine\C\WINDOWS\system32\Nobicyt.exe.vir Infected: Trojan-Downloader.Win32.Delf.ltr 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tdxdowkc.exe.vir Infected: Trojan-Downloader.Win32.Delf.ltr 1
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b 1
C:\WINDOWS\system32\atsxyzd.sys Infected: Trojan.Win32.DNSChanger.hau 1
C:\WINDOWS\system32\edtxfst.sys Infected: Trojan-Clicker.Win32.VB.bob 1
C:\WINDOWS\system32\setup9x.exe Infected: Trojan-Downloader.Win32.VB.ewe 1
C:\WINDOWS\system32\sobicyt.exe Infected: Trojan-Downloader.Win32.Delf.ltr 1

The selected area was scanned.

Hello Kari,

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

http://www.geekstogo...de-t207723.html
Collect::

C:\WINDOWS\system32\KarnaDrv.dll

File::
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\WINDOWS\system32\atsxyzd.sys
C:\WINDOWS\system32\edtxfst.sys
C:\WINDOWS\system32\setup9x.exe
C:\WINDOWS\system32\sobicyt.exe
C:\Documents and Settings\kaitlyn\Incomplete\Preview-T-3545425-needle in my head system of.mp3

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c037ffed-20e1-11db-8bc5-806d6172696f}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9988775D-4368-4857-871A-D01D66CA3A71}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. Additonally, ComboFix will generate the following files on your desktop

• A zipped file on your desktop called Submit [Date Time].zip
• And another file named - CF-Submit.htm

6. ComboFix may need to reboot to finish its work. Let it.

7. When CF has finished running, it will generate the ComboFix.log which will appear on your screen.

8. If CF-Submit.htm is detected, ComboFix will generate this message box:



Clicking OK will cause the machine's browser to load CF-Submit.htm



9. Click the "Browse" button and locate the Submit [Date Time].zip file on your desktop.

• Click on the file to Select it.
• Submit the file by clicking "OK"

10. Once the file has been submitted, please DELETE both files on your desktop.

11. Post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log (run after ComboFix has finished its work.)
  Please do not attach them.

Thunderbird1988

Edited by Thunderbird1988, 11 August 2008 - 03:27 AM.

Something didn't work right, it said it was going to submit, then my browser opened and then it went to a unable to connect screen. and yes my internet was connected, always is. anyway, here is the c-fixlog and hijackthis log.
Thanks

ComboFix 08-08-09.06 - kaitlyn 2008-08-11 10:10:33.3 - NTFSx86

Running from: C:\Documents and Settings\kaitlyn\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\kaitlyn\Desktop\CFScript.txt

FILE ::
C:\Documents and Settings\kaitlyn\Incomplete\Preview-T-3545425-needle in my head system of.mp3
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\WINDOWS\system32\atsxyzd.sys
C:\WINDOWS\system32\edtxfst.sys
C:\WINDOWS\system32\setup9x.exe
C:\WINDOWS\system32\sobicyt.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\kaitlyn\Application Data\macromedia\Flash Player\#SharedObjects\KHSEX6B7\interclick.com
C:\Documents and Settings\kaitlyn\Application Data\macromedia\Flash Player\#SharedObjects\KHSEX6B7\interclick.com\ud.sol
C:\Documents and Settings\kaitlyn\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\kaitlyn\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\kaitlyn\Incomplete\Preview-T-3545425-needle in my head system of.mp3
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\WINDOWS\system32\atsxyzd.sys
C:\WINDOWS\system32\edtxfst.sys
C:\WINDOWS\system32\KarnaDrv.dll
C:\WINDOWS\system32\sobicyt.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_sobicyt
-------\Service_sobicyt


((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 )))))))))))))))))))))))))))))))
.

2008-08-10 23:06 . 2008-08-10 23:06 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-09 21:45 . 2008-08-09 21:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-09 12:34 . 2008-08-09 14:47 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-08-08 23:51 . 2008-08-08 23:51 2,855 --a------ C:\WINDOWS\system32\install.PIF
2008-08-08 21:12 . 2008-08-08 21:12 1 --a------ C:\WINDOWS\system32\tb.dr
2008-08-08 21:11 . 2008-08-08 21:11 <DIR> d--hs---- C:\WINDOWS\system32\config\systemprofile\Temporary Internet Files
2008-08-08 21:11 . 2008-08-08 21:11 <DIR> d--hs---- C:\WINDOWS\system32\config\systemprofile\History
2008-08-08 21:10 . 2008-08-08 21:11 <DIR> d-------- C:\Program Files\Microsoft Common
2008-08-08 21:10 . 2008-08-08 21:10 60,416 --a------ C:\WINDOWS\inform.dat
2008-08-08 19:34 . 2008-08-10 07:15 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-08 19:34 . 2008-08-08 19:34 <DIR> d-------- C:\Documents and Settings\kaitlyn\Application Data\SUPERAntiSpyware.com
2008-08-08 19:34 . 2008-08-08 19:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-08 19:33 . 2008-08-08 19:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-08 18:41 . 2008-08-09 15:20 1,848 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-08 18:38 . 2006-05-09 08:14 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-09DEDAFE33\Application Data\Symantec
2008-08-08 18:38 . 2006-05-09 08:20 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-09DEDAFE33\Application Data\Intuit
2008-08-08 18:38 . 2008-08-08 18:38 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-09DEDAFE33
2008-08-08 18:06 . 2008-08-08 18:06 <DIR> d-------- C:\VundoFix Backups
2008-08-08 16:05 . 2008-08-08 16:05 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-07 22:29 . 2008-08-07 22:29 2,185 --a------ C:\WINDOWS\Active Setup Log.BAK
2008-08-07 18:21 . 2008-08-07 18:21 2,048 --a------ C:\WINDOWS\system32\hsmytbah.exe
2008-08-06 13:40 . 2008-08-06 13:50 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-06 13:39 . 2008-08-06 13:39 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-06 13:39 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-08-04 19:57 . 2008-08-04 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-08-04 19:21 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-04 17:10 . 2008-08-04 17:15 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-03 18:46 . 2008-08-04 16:49 <DIR> d-------- C:\Program Files\Windows Defender
2008-08-03 17:41 . 2008-08-03 17:41 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-03 17:41 . 2008-08-03 17:41 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-03 17:38 . 2008-08-03 17:41 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-03 16:44 . 2004-07-17 11:35 67,866 --a------ C:\WINDOWS\system32\drivers\netwlan5.img
2008-08-03 16:43 . 2004-07-17 11:36 64,352 --a------ C:\WINDOWS\system32\drivers\ativmc20.cod
2008-08-03 16:43 . 2006-12-28 14:01 19,569 --a------ C:\WINDOWS\002743_.tmp
2008-08-03 16:17 . 2008-08-04 18:06 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-08-02 00:02 . 2008-08-08 21:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-02 00:02 . 2008-08-02 00:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-01 19:59 . 2008-08-01 20:00 <DIR> d-------- C:\Program Files\WON
2008-08-01 19:55 . 2008-08-01 19:55 327,681 --a------ C:\wonplay.exe
2008-07-24 01:22 . 1997-12-11 05:15 161,792 --a------ C:\WINDOWS\uninst95.exe
2008-07-23 00:19 . 2008-07-23 00:19 986 --a------ C:\WINDOWS\POWER.INI
2008-07-23 00:15 . 2008-07-23 00:15 958 --a------ C:\WINDOWS\ANIMATE.INI
2008-07-22 23:57 . 2008-07-22 23:57 972 --a------ C:\WINDOWS\8BALL.INI
2008-07-22 23:55 . 2008-07-26 16:26 403 --a------ C:\WINDOWS\2XStars.ini
2008-07-22 23:55 . 2008-07-22 23:55 338 --a------ C:\WINDOWS\2XDyna.ini
2008-07-22 23:54 . 2008-07-22 23:54 1,010 --a------ C:\WINDOWS\ABSOLUTE.INI
2008-07-22 23:29 . 2008-07-24 22:50 38 --a------ C:\WINDOWS\STUDPOK.INI
2008-07-22 22:52 . 2008-07-22 22:52 <DIR> d-------- C:\BEARWARE
2008-07-22 22:50 . 1998-07-02 14:25 398,416 --a------ C:\WINDOWS\system\Vbrun300.dll
2008-07-22 22:50 . 1997-07-19 16:00 193,296 --a------ C:\WINDOWS\system\Mci32.ocx
2008-07-22 22:50 . 1998-05-11 22:51 133,088 --a------ C:\WINDOWS\system\Cncs.dll
2008-07-22 22:50 . 1998-05-12 10:44 30,544 --a------ C:\WINDOWS\system\Dib.drv
2008-07-22 22:50 . 2008-07-22 22:50 99 --a------ C:\WINDOWS\Ultisoft.ini
2008-07-22 22:50 . 1998-12-08 13:18 9 --a------ C:\WINDOWS\Collida.ini
2008-07-22 22:50 . 1998-12-08 13:15 9 --a------ C:\WINDOWS\Brick.ini
2008-07-22 22:36 . 1997-07-19 17:00 227,600 --a------ C:\WINDOWS\system32\Msflxgrd.ocx
2008-07-22 22:36 . 1996-06-06 22:06 189,952 --a------ C:\WINDOWS\QCARD32.DLL
2008-07-22 22:24 . 2008-07-22 22:34 436 --a------ C:\WINDOWS\Win95dll.ini
2008-07-22 22:12 . 2008-07-22 22:36 <DIR> d-------- C:\Program Files\Galaxy of Games
2008-07-22 22:12 . 2008-07-22 22:12 0 --a------ C:\WINDOWS\PROTOCOL.INI
2008-07-22 16:51 . 2000-04-24 11:20 544,768 --a------ C:\WINDOWS\system32\SierraNW.DLL
2008-07-22 16:51 . 2000-04-21 17:15 200,704 --a------ C:\WINDOWS\system32\SNWValid.dll
2008-07-22 16:46 . 2008-07-22 16:51 <DIR> d-------- C:\Sierra
2008-07-22 16:46 . 2008-07-22 16:51 <DIR> d-------- C:\Program Files\Sierra On-Line
2008-07-22 16:44 . 2008-07-22 16:53 584 --a------ C:\WINDOWS\SIERRA.INI
2008-07-22 16:32 . 2008-07-22 16:32 <DIR> d-------- C:\Program Files\Millennium Gamepak Gold
2008-07-22 16:32 . 2008-07-22 16:32 286,720 --a------ C:\WINDOWS\iun506.exe
2008-07-21 15:19 . 2004-08-04 08:00 33,792 --a------ C:\WINDOWS\system32\lmmib2.dll
2008-07-21 15:19 . 2004-08-04 08:00 33,792 --a------ C:\WINDOWS\system32\dllcache\lmmib2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 04:41 --------- d-----w C:\Program Files\music_now
2008-08-11 03:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-11 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-10 11:42 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-08-09 05:35 --------- d-----w C:\Program Files\Windows Live
2008-08-09 00:51 --------- d-----w C:\Program Files\NetWaiting
2008-08-09 00:51 --------- d-----w C:\Program Files\Hp
2008-08-08 21:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-08 04:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-06 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-06 19:24 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-05 00:21 --------- d-----w C:\Program Files\Java
2008-08-05 00:08 --------- d-----w C:\Program Files\Google
2008-08-04 06:40 203,149 ----a-w C:\Documents and Settings\kaitlyn\lo.exe
2008-07-08 05:11 --------- d-----w C:\Program Files\Broadcom
2008-07-08 03:17 --------- d-----w C:\Documents and Settings\kaitlyn\Application Data\funkitron
2008-07-07 02:41 --------- d-----w C:\Program Files\LimeWire
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2007-11-19 18:41 1,100 ----a-w C:\Documents and Settings\kaitlyn\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-08-10_ 9.06.55.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2008-08-09 07:33:40 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-11 15:20:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-09 07:33:40 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-11 15:20:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-09 07:33:40 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-11 15:20:07 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
- 2008-08-09 05:46:52 61,286 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-11 03:50:06 61,286 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-09 05:46:52 398,818 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-11 03:50:06 398,818 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-06 22:11 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 21:49 454656]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 00:46 761948]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 12:23 1187840]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-27 17:02:06 581693]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^kaitlyn^Start Menu^Programs^StartUp^LimeWire On Startup.lnk]
path=C:\Documents and Settings\kaitlyn\Start Menu\Programs\StartUp\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^kaitlyn^Start Menu^Programs^StartUp^Slide.exe.lnk]
path=C:\Documents and Settings\kaitlyn\Start Menu\Programs\StartUp\Slide.exe.lnk
backup=C:\WINDOWS\pss\Slide.exe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^kaitlyn^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=C:\Documents and Settings\kaitlyn\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 16:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-03-23 07:13 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2006-03-23 07:17 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2006-03-23 07:17 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 18:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 18:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 15:45 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-03-07 15:38 131072 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2006-04-11 23:54 102400 C:\Program Files\Hp\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-15 20:17 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-07-30 14:45 1829712 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-07-06 22:11 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2007-11-15 22:51 166304 c:\Program Files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-04-18 06:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"SAVScan"=3 (0x3)
"NSCService"=3 (0x3)
"NNServ"=2 (0x2)
"iPodService"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Vongo Service"=2 (0x2)
"IDriverT"=3 (0x3)
"ccISPwdSvc"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"LightScribeService"=2 (0x2)
"gusvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\WON\\wonplay.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15101:TCP"= 15101:TCP:Won
"15200:TCP"= 15200:TCP:Won
"15500:TCP"= 15500:TCP:Won
"26901:TCP"= 26901:TCP:Won
"26902:TCP"= 26902:TCP:Won
"26903:TCP"= 26903:TCP:Won
"26904:TCP"= 26904:TCP:Won
"26905:TCP"= 26905:TCP:Won
"26906:TCP"= 26906:TCP:Won
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.
Contents of the 'Scheduled Tasks' folder

2008-08-09 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-30 14:45]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ccApp - c:\Program Files\Common Files\Symantec Shared\ccApp.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 10:17:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-08-11 10:25:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-11 15:25:00
ComboFix2.txt 2008-08-10 16:22:02
ComboFix3.txt 2008-08-10 14:09:34

Pre-Run: 31,986,577,408 bytes free
Post-Run: 32,067,796,992 bytes free

312 --- E O F --- 2008-08-04 21:56:14

OOps, forgot this one on prior post, sorry.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:02, on 8/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-4170802005-3195011891-2577801694-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-4170802005-3195011891-2577801694-1006\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-21-4170802005-3195011891-2577801694-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=presario&pf=laptop
O15 - Trusted Zone: http://www.geekstogo.com
O15 - Trusted Zone: http://*.popcap.com
O15 - Trusted Zone: http://www.shockwave.com
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcente...trolLite_EN.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22....es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.si...cherControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/getPlugin.do
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8107 bytes

Hello katydusty1,

Your logs seem to look clean, how is your computer running?

Thunderbird1988