ComboFix 08-04-26.3 - steve 2008-04-27 16:09:14.3 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1047 [GMT 1:00] Running from: C:\Users\steve\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 ))))))))))))))))))))))))))))))) . 2008-04-27 13:29 . 2008-04-27 13:29 1,776,621 --a------ C:\Users\steve\ComboFix.exe 2008-04-27 12:39 . 2008-04-27 12:39 53,312 --a------ C:\Windows\System32\rvmsiimg.dll 2008-04-27 12:20 . 2008-04-27 12:20 d-------- C:\Windows\System32\Kaspersky Lab 2008-04-27 12:20 . 2008-04-27 12:20 d-------- C:\Users\All Users\Kaspersky Lab 2008-04-27 12:20 . 2008-04-27 12:20 d-------- C:\ProgramData\Kaspersky Lab 2008-04-27 04:09 . 2008-04-27 04:14 205,609,518 --a------ C:\Windows\MEMORY.DMP 2008-04-27 01:48 . 2008-04-27 01:48 74,240 --a------ C:\mxuxc.exe 2008-04-27 01:48 . 2008-04-27 01:48 70,578 --a------ C:\Windows\System32\hqiopa.sys 2008-04-27 01:48 . 2008-04-27 01:48 4,096 --a------ C:\jgkpt.exe 2008-04-27 01:48 . 2008-04-27 01:48 0 --a------ C:\1223042813 2008-04-27 00:34 . 2008-04-27 00:34 d-------- C:\Users\steve\AppData\Roaming\KompoZer 2008-04-27 00:29 . 2008-04-27 00:29 d-------- C:\Program Files\MagicISO 2008-04-27 00:16 . 2008-04-27 00:16 118,784 --a------ C:\Windows\GREUninstall.exe 2008-04-27 00:16 . 2008-04-27 00:16 8,618 --a------ C:\Windows\mozver.dat 2008-04-27 00:16 . 2008-04-27 00:16 335 --a------ C:\Windows\nsreg.dat 2008-04-26 23:27 . 2008-04-27 00:19 d-------- C:\Program Files\EwisoftWeb 2008-04-26 20:30 . 2008-04-27 01:49 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{7ed8d1c0-13bd-11dd-aa06-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms 2008-04-26 20:30 . 2008-04-27 13:34 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{7ed8d1c0-13bd-11dd-aa06-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms 2008-04-26 20:30 . 2008-04-27 01:49 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{7ed8d1c2-13bd-11dd-aa06-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms 2008-04-26 20:30 . 2008-04-27 13:34 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{7ed8d1c2-13bd-11dd-aa06-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms 2008-04-26 20:30 . 2008-04-27 13:34 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{7ed8d1c0-13bd-11dd-aa06-001e37679f0d}.TM.blf 2008-04-26 20:30 . 2008-04-27 13:34 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{7ed8d1c2-13bd-11dd-aa06-001e37679f0d}.TM.blf 2008-04-26 20:29 . 2008-04-26 20:29 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.rctemp.LOG2 2008-04-26 20:29 . 2008-04-26 20:29 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.rctemp.LOG1 2008-04-26 20:29 . 2008-04-26 20:29 0 --ah----- C:\Windows\ServiceProfiles\LocalService\ntuser.dat.rctemp.LOG2 2008-04-26 20:29 . 2008-04-26 20:29 0 --ah----- C:\Windows\ServiceProfiles\LocalService\ntuser.dat.rctemp.LOG1 2008-04-26 20:25 . 2008-04-26 20:25 216,127,484 --a------ C:\BackupRegistry(20080426)cleaner.reg 2008-04-26 19:55 . 2008-04-26 19:55 216,278,948 --a------ C:\BackupRegistry(20080426).reg 2008-04-26 19:45 . 2008-04-26 19:45 d-------- C:\Program Files\Yamicsoft 2008-04-26 19:42 . 2008-04-26 19:42 d-------- C:\Windows\TweakVI 2008-04-26 19:42 . 2008-04-26 19:42 0 --a------ C:\Windows\System32\tviresource.val 2008-04-26 19:08 . 2008-04-26 19:08 410,976 --a------ C:\Windows\System32\deploytk.dll 2008-04-26 17:21 . 2008-04-26 17:36 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{b63d8326-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms 2008-04-26 17:21 . 2008-04-26 18:12 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{b63d8326-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms 2008-04-26 17:21 . 2008-04-26 17:36 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{b63d8328-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms 2008-04-26 17:21 . 2008-04-26 18:12 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{b63d8328-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms 2008-04-26 17:21 . 2008-04-26 17:36 524,288 --ahs---- C:\Users\steve\ntuser.dat{b63d832a-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms 2008-04-26 17:21 . 2008-04-26 18:12 524,288 --ahs---- C:\Users\steve\ntuser.dat{b63d832a-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms 2008-04-26 17:21 . 2008-04-26 18:12 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{b63d8326-13a9-11dd-b243-001e37679f0d}.TM.blf 2008-04-26 17:21 . 2008-04-26 18:12 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{b63d8328-13a9-11dd-b243-001e37679f0d}.TM.blf 2008-04-26 17:21 . 2008-04-26 18:12 65,536 --ahs---- C:\Users\steve\ntuser.dat{b63d832a-13a9-11dd-b243-001e37679f0d}.TM.blf 2008-04-26 17:20 . 2008-04-26 17:20 262,144 --ah----- C:\Users\steve\ntuser.dat_TU_58328.LOG1 2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat_TU_87191.LOG2 2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat_TU_87191.LOG1 2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Windows\ServiceProfiles\LocalService\ntuser.dat_TU_23579.LOG2 2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Windows\ServiceProfiles\LocalService\ntuser.dat_TU_23579.LOG1 2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Users\steve\ntuser.dat_TU_58328.LOG2 2008-04-26 16:10 . 2008-04-26 16:10 d-------- C:\Users\steve\New Folder(547) 2008-04-26 16:10 . 2008-04-26 16:10 d-------- C:\Users\steve\my letters 2008-04-26 14:48 . 2008-04-26 14:48 d-------- C:\Users\steve\AppData\Roaming\TuneUp Software 2008-04-26 14:48 . 2008-04-26 14:48 d-------- C:\Users\All Users\TuneUp Software 2008-04-26 14:48 . 2008-04-26 14:48 d-------- C:\ProgramData\TuneUp Software 2008-04-26 14:47 . 2008-04-26 14:48 d-------- C:\Program Files\TuneUp Utilities 2007 2008-04-26 13:51 . 2008-04-26 15:42 d-------- C:\Users\maximum bob 2008-04-26 13:06 . 2008-04-26 13:06 d-------- C:\Program Files\NeoSmart Technologies 2008-04-26 03:46 . 2008-04-26 15:07 d-------- C:\Program Files\Wise Registry Cleaner 3 2008-04-26 02:09 . 2008-03-01 14:51 524,288 --ahs---- C:\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms 2008-04-26 02:09 . 2008-04-26 00:39 524,288 --ahs---- C:\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms 2008-04-26 02:09 . 2008-04-26 00:39 65,536 --ahs---- C:\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf 2008-04-25 22:41 . 2008-04-25 22:41 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe 2008-04-25 21:32 . 1999-12-21 07:58 21,312 --a------ C:\Windows\choice.exe 2008-04-25 21:17 . 2007-09-12 18:58 58,792 --a------ C:\Windows\System32\wbload.dll 2008-04-25 21:16 . 2008-04-25 21:16 3,932,214 --a------ C:\Windows\InvaderDark1280.bmp 2008-04-25 20:55 . 2008-04-25 20:55 3,932,214 --a------ C:\Windows\AW_XenoMorph1280.bmp 2008-04-25 20:54 . 2005-02-01 15:20 5,760,056 --a------ C:\Windows\Darkstar.bmp 2008-04-25 20:30 . 2008-04-27 03:59 d-------- C:\Program Files\Common Files\Stardock 2008-04-25 20:30 . 2008-04-26 19:57 d-------- C:\Program Files\AlienGUIse 2008-04-25 20:30 . 2007-07-11 15:06 42,672 --a------ C:\Windows\System32\wbsys.dll 2008-04-25 20:30 . 2008-04-25 20:30 56 --a------ C:\Windows\wb.ini 2008-04-25 16:35 . 2008-04-27 03:59 d-------- C:\Users\steve\.SunDownloadManager 2008-04-25 00:30 . 2008-04-25 00:30 d-------- C:\Program Files\Effective Studios 2008-04-24 18:42 . 2008-04-24 18:42 d-------- C:\PerfLogs 2008-04-24 16:58 . 2008-01-19 08:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe 2008-04-24 16:58 . 2008-01-19 08:36 1,541,120 --a------ C:\Windows\System32\onex.dll 2008-04-24 16:55 . 2008-01-19 08:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll 2008-04-24 16:54 . 2008-01-19 08:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll 2008-04-24 16:53 . 2008-01-19 08:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll 2008-04-24 16:52 . 2008-01-19 08:32 5,714,432 --a------ C:\Windows\System32\logon.scr 2008-04-24 16:51 . 2008-01-19 07:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL 2008-04-24 16:50 . 2008-01-19 08:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe 2008-04-24 16:50 . 2008-01-05 12:31 145,455 --a------ C:\Windows\System32\perfmon.msc 2008-04-24 16:50 . 2008-01-05 12:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc 2008-04-24 16:50 . 2008-01-05 12:34 15,181 --a------ C:\Windows\System32\gatherWirelessInfo.vbs 2008-04-24 16:50 . 2008-01-05 12:21 12,198 --a------ C:\Windows\System32\gatherWiredInfo.vbs 2008-04-24 16:50 . 2008-01-19 08:31 7,680 --a------ C:\Windows\System32\spwizres.dll 2008-04-24 16:50 . 2008-01-19 08:28 7,168 --a------ C:\Windows\System32\f3ahvoas.dll 2008-04-24 16:50 . 2008-01-19 06:37 2,048 --a------ C:\Windows\System32\wertargets.wtl 2008-04-24 16:50 . 2008-01-05 12:39 150 --a------ C:\Windows\System32\RacUREx.xml 2008-04-24 16:50 . 2008-01-05 12:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf 2008-04-24 16:49 . 2008-01-19 08:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll 2008-04-24 16:49 . 2008-01-19 08:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll 2008-04-24 16:49 . 2008-01-19 08:36 218,624 --a------ C:\Windows\System32\wdscore.dll 2008-04-24 16:49 . 2008-01-19 08:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll 2008-04-24 16:49 . 2008-01-19 08:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe 2008-04-24 16:48 . 2008-01-19 08:34 305,152 --a------ C:\Windows\System32\msdelta.dll 2008-04-24 16:48 . 2008-01-19 08:34 258,560 --a------ C:\Windows\System32\dpx.dll 2008-04-24 16:48 . 2008-01-19 08:34 246,784 --a------ C:\Windows\System32\drvstore.dll 2008-04-24 16:48 . 2006-11-02 10:45 181,760 --a------ C:\Windows\System32\fsquirt.exe 2008-04-24 16:48 . 2008-01-19 08:35 35,328 --a------ C:\Windows\System32\mspatcha.dll 2008-04-24 16:48 . 2006-11-02 10:39 6,656 --a------ C:\Windows\System32\kbd106.dll 2008-04-23 19:07 . 2008-04-23 19:07 d--h----- C:\Windows\Content.IE5 2008-04-23 18:54 . 2008-04-23 18:54 691 --a------ C:\Users\steve\AppData\Roaming\GetValue.vbs 2008-04-23 18:54 . 2008-04-23 18:54 35 --a------ C:\Users\steve\AppData\Roaming\SetValue.bat 2008-04-23 18:26 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe 2008-04-23 18:26 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe 2008-04-23 03:18 . 2008-04-27 03:59 d-------- C:\Users\steve\AppData\Roaming\WinPatrol 2008-04-23 03:18 . 2008-04-23 03:18 d-------- C:\Program Files\BillP Studios 2008-04-23 02:03 . 2008-03-29 18:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys 2008-04-23 02:00 . 2008-04-23 02:00 130 --a------ C:\Windows\ODBC.INI 2008-04-23 01:50 . 2008-04-23 01:50 d-------- C:\Program Files\Alwil Software 2008-04-23 01:00 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys 2008-04-23 01:00 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys 2008-04-23 01:00 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys 2008-04-23 01:00 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys 2008-04-23 00:59 . 2008-04-23 00:59 d-------- C:\Users\steve\AppData\Roaming\PC Tools 2008-04-23 00:59 . 2008-04-27 12:41 d-------- C:\Program Files\Spyware Doctor 2008-04-23 00:31 . 2008-04-23 00:31 d-------- C:\Program Files\Common Files\Adobe 2008-04-23 00:24 . 2008-04-23 00:24 dr------- C:\Windows\System32\config\systemprofile\Documents 2008-04-22 23:35 . 2008-04-22 23:35 d--h----- C:\Windows\PIF 2008-04-22 23:24 . 2008-04-23 02:58 d-------- C:\Users\All Users\Avira 2008-04-22 23:24 . 2008-04-23 02:58 d-------- C:\ProgramData\Avira 2008-04-22 23:00 . 2008-04-23 02:18 d-------- C:\Users\steve\AppData\Roaming\SUPERAntiSpyware.com 2008-04-22 23:00 . 2008-04-22 23:00 d-------- C:\Users\All Users\SUPERAntiSpyware.com 2008-04-22 23:00 . 2008-04-22 23:00 d-------- C:\ProgramData\SUPERAntiSpyware.com 2008-04-22 21:52 . 2008-04-22 21:52 d-------- C:\Users\steve\AppData\Roaming\WildPackets . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-27 15:04 77,371 ----a-w C:\Users\steve\AppData\Roaming\nvModes.dat 2008-04-27 12:30 --------- d---a-w C:\ProgramData\TEMP 2008-04-27 02:59 --------- d-----w C:\Users\steve\AppData\Roaming\dvdcss 2008-04-26 23:09 --------- d-----w C:\ProgramData\Microsoft Help 2008-04-26 19:18 --------- d-----w C:\Users\steve\AppData\Roaming\uTorrent 2008-04-26 02:05 --------- d-----w C:\Program Files\Java 2008-04-24 23:49 88 --sh--r C:\Users\All Users\D172C11D73.sys 2008-04-24 23:49 88 --sh--r C:\ProgramData\D172C11D73.sys 2008-04-24 23:49 2,828 --sha-w C:\Users\All Users\KGyGaAvL.sys 2008-04-24 23:49 2,828 --sha-w C:\ProgramData\KGyGaAvL.sys 2008-04-24 17:54 174 --sha-w C:\Program Files\desktop.ini 2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Sidebar 2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Mail 2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Journal 2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Defender 2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Collaboration 2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Calendar 2008-04-24 16:13 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-04-24 16:13 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-04-23 20:36 --------- d-----w C:\Program Files\ImTOO 2008-04-23 02:51 --------- d-----w C:\Program Files\CONEXANT 2008-04-22 20:51 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-20 16:29 --------- d-----w C:\ProgramData\Roxio 2008-03-24 19:01 --------- d-----w C:\ProgramData\DVD Shrink 2008-03-23 01:48 --------- d-----w C:\Program Files\Common Files\snpstd3 2008-03-23 01:45 --------- d-----w C:\Program Files\Mingjong 2008-03-23 01:44 --------- d-----w C:\Program Files\camtool 2008-03-22 04:08 --------- d-----w C:\Users\steve\AppData\Roaming\muvee Technologies 2008-03-22 04:08 --------- d-----w C:\ProgramData\muvee Technologies 2008-03-22 03:57 --------- d-----w C:\Users\steve\AppData\Roaming\ESTsoft 2008-03-22 03:57 --------- d-----w C:\Program Files\ESTsoft 2008-03-22 03:55 --------- d-----w C:\Users\steve\AppData\Roaming\PeerNetworking 2008-03-22 03:38 --------- d-----w C:\Users\steve\AppData\Roaming\gtk-2.0 2008-03-22 03:31 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-03-22 01:59 --------- d-----w C:\Program Files\WinAVIVideoConverter 2008-03-21 23:19 --------- d-----w C:\Program Files\SlySoft 2008-03-21 23:16 --------- d-----w C:\Users\steve\AppData\Roaming\SlySoft 2008-03-21 23:15 --------- d-----w C:\ProgramData\SlySoft 2008-03-21 22:54 --------- d-----w C:\ProgramData\Sonic 2008-03-21 22:23 --------- d-----w C:\Program Files\DVD Decrypter 2008-03-21 22:22 --------- d-----w C:\Program Files\DVD Shrink 2008-03-21 22:14 --------- d-----w C:\Program Files\uTorrent 2008-03-20 23:59 --------- d-----w C:\Users\steve\AppData\Roaming\Roxio 2008-03-14 23:06 --------- d-----w C:\ProgramData\Symantec 2008-03-14 20:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-03-14 20:22 --------- d-----w C:\ProgramData\Napster 2008-03-09 20:29 --------- d-----w C:\Program Files\Lionhead Studios 2008-03-09 16:56 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll 2008-03-09 16:56 --------- d-----w C:\Users\steve\AppData\Roaming\Atari 2008-03-09 16:55 --------- d-----w C:\Users\steve\AppData\Roaming\Leadertech 2008-03-09 16:48 --------- d-----w C:\Program Files\Atari 2008-03-09 01:48 --------- d-----w C:\Program Files\AviSynth 2.5 2008-03-09 01:47 --------- d-----w C:\Program Files\eRightSoft 2008-03-08 17:09 0 ----a-w C:\Users\steve\AppData\Roaming\wklnhst.dat 2008-03-08 10:22 --------- d-----w C:\Users\steve\AppData\Roaming\vlc 2008-03-08 10:21 --------- d-----w C:\Program Files\VideoLAN 2008-03-05 23:07 --------- d-----w C:\Program Files\Infogrames 2008-03-05 14:56 --------- d-----w C:\ProgramData\InstallShield 2008-03-05 14:47 --------- d-----w C:\Program Files\The Creative Assembly 2008-03-05 14:47 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-04 01:34 2,125,312 ----a-w C:\Windows\System32\CnxtAp32.dll 2008-03-04 01:32 188,416 ----a-w C:\Windows\system32\drivers\CHDRT32.sys 2008-03-03 01:49 --------- d-----w C:\Users\steve\AppData\Roaming\Corel 2008-03-03 01:35 --------- d-----w C:\ProgramData\Corel 2008-03-03 01:35 --------- d-----w C:\Program Files\Common Files\Protexis 2008-03-03 01:33 --------- d-----w C:\Program Files\Common Files\Corel 2008-03-03 01:32 --------- d-----w C:\Program Files\Corel 2008-03-01 08:03 --------- d-----w C:\ProgramData\CyberLink 2008-03-01 07:47 --------- d-----w C:\Users\steve\AppData\Roaming\HP 2008-03-01 07:47 --------- d-----w C:\Users\steve\AppData\Roaming\CyberLink 2008-03-01 07:47 --------- d-----w C:\ProgramData\HP 2008-03-01 07:16 --------- d-----w C:\Program Files\WIDCOMM 2008-03-01 07:14 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Pavilion dv2500 Notebook PC_Y5335KV_0U_Q2CE7473H0K_E454482-031_4A_I30CE_SWistron_V80.39_F.13_T070810_WV3-0_L409_M2046_J160_7Intel_86FD_91.50_#080301_N11AB4353;80864222_(GT887EA#ABU)_XMOBILE_CN10_Z.MRK 2008-03-01 07:10 --------- d-----w C:\Users\steve\AppData\Roaming\Hewlett-Packard 2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Templates 2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Start Menu 2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Favorites 2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Documents 2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Desktop 2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Application Data 2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe 2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe 2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll 2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll 2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe 2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe 2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll 2005-05-13 17:12 217,073 --sha-r C:\Windows\meta4.exe 2005-10-24 11:13 66,560 --sha-r C:\Windows\MOTA113.exe 2005-10-13 21:27 422,400 --sha-r C:\Windows\x2.64.exe 2005-10-07 19:14 308,224 --sha-r C:\Windows\System32\avisynth.dll 2005-07-14 12:31 27,648 --sha-r C:\Windows\System32\AVSredirect.dll 2005-06-26 15:32 616,448 --sha-r C:\Windows\System32\cygwin1.dll 2005-06-21 22:37 45,568 --sha-r C:\Windows\System32\cygz.dll 2004-01-25 00:00 70,656 --sha-r C:\Windows\System32\i420vfw.dll 2006-04-27 10:24 2,945,024 --sha-r C:\Windows\System32\Smab.dll 2005-02-28 13:16 240,128 --sha-r C:\Windows\System32\x.264.exe 2004-01-25 00:00 70,656 --sha-r C:\Windows\System32\yv12vfw.dll . ((((((((((((((((((((((((((((( snapshot@2008-04-27_13.39.31.94 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-27 12:35:03 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-04-27 12:35:03 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-04-27 11:30:01 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat + 2008-04-27 14:50:15 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat - 2008-04-27 12:35:16 212,992 ----a-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-04-27 12:36:12 212,992 ----a-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat - 2008-04-27 11:34:24 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat + 2008-04-27 15:08:16 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat - 2008-04-27 12:35:16 241,664 ----a-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-04-27 12:36:07 241,664 ----a-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat - 2008-04-27 12:26:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-04-27 12:44:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-04-27 12:26:55 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-04-27 12:44:07 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-04-27 12:26:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-04-27 12:44:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-04-27 12:33:36 112,240 ----a-w C:\Windows\System32\perfc009.dat + 2008-04-27 15:07:27 113,434 ----a-w C:\Windows\System32\perfc009.dat - 2008-04-27 12:33:36 611,194 ----a-w C:\Windows\System32\perfh009.dat + 2008-04-27 15:07:27 612,790 ----a-w C:\Windows\System32\perfh009.dat - 2008-04-27 03:16:28 9,288 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2004156354-2581284973-3441749290-1000_UserData.bin + 2008-04-27 12:37:06 9,344 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2004156354-2581284973-3441749290-1000_UserData.bin - 2008-04-27 03:16:28 76,580 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-04-27 12:37:05 76,612 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] 2008-04-26 19:08 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 08:33 1233920] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 08:33 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-03-11 12:21 159744] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 15:37 174872] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-24 02:11 176128] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 19:54 50696] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 07:11 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-04-26 19:10 148888] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 18:37 79224] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 06:38 316728] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-29 11:05 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-29 11:05 8429568] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-29 11:05 81920] C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/27/2006 4:24:54 AM 98632] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\Program Files\AlienGUIse\wbsrv.dll 2007-09-24 15:57 197912 C:\Program Files\AlienGUIse\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= i420vfw.dll "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s "MSServer"=rundll32.exe C:\Windows\system32\nnnoPJAS.dll,#1 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2004156354-2581284973-3441749290-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{EC1B7C31-3CE6-47F7-A9B5-C0D88EB6F23B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{EAEFFE36-501B-4052-A1CE-96AC429CC8F9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0BBF0860-3612-4832-A4D2-37805D440466}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play "{B1DB76DF-1C2A-47BF-85F4-1062F23B5B8E}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{8E864A6C-D82B-498D-87B5-E0388E36825B}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{BE2C8919-321F-4BCA-91C5-66E4F13DE616}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{81043D8E-BF59-40E5-95AA-7D4C19CEFB95}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "{F666193A-7CA1-4BB4-A720-081732B56D39}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{4291D339-3FD8-441A-84B6-D43DCB82466C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "TCP Query User{5960AC78-1ED4-4428-9063-0BFEDB8FBBE7}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup "UDP Query User{659007F2-F48D-427C-B269-C0765EEBF251}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup "TCP Query User{A0AAE278-ECEA-445F-B0F6-7C1BA58B082E}C:\\program files\\cain\\cain.exe"= UDP:C:\program files\cain\cain.exe:Cain - Password Recovery Utility "UDP Query User{74F09369-3D4D-4EBF-9991-01E96993FCE3}C:\\program files\\cain\\cain.exe"= TCP:C:\program files\cain\cain.exe:Cain - Password Recovery Utility "TCP Query User{1DE7BEDD-9E12-49BF-8951-EF6B54168ADB}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{357A7919-64AF-48B3-A806-CC9CC574F1DF}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 18:31] R1 hqiopa;hqiopa;C:\Windows\system32\hqiopa.sys [2008-04-27 01:48] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 18:35] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 18:32] R2 JavaQuickStarterService;Java Quick Starter;"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [] R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 12:15] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 06:27] R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 11:45] R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 11:45] R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 11:45] R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30] S3 mod7700;DiBcom DIB7700 based TV tuner device;C:\Windows\system32\Drivers\dvb7700all.sys [2007-04-17 11:09] S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-06-21 21:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-27 16:10:35 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-27 16:11:39 ComboFix-quarantined-files.txt 2008-04-27 15:11:34 ComboFix2.txt 2008-04-27 12:41:06 ComboFix3.txt 2008-04-25 23:46:04 Pre-Run: 86,442,565,632 bytes free Post-Run: 86,405,709,824 bytes free 366 --- E O F --- 2008-04-24 16:16:14