ComboFix 08-05-15.3 - Michael Hilliard 2008-05-17 20:13:39.1 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1764 [GMT -5:00] Running from: C:\Documents and Settings\Michael Hilliard\Desktop\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\lmSrrtwa.ini C:\WINDOWS\system32\lmSrrtwa.ini2 C:\WINDOWS\system32\mcrh.tmp . ---- Previous Run ------- . C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\pskt.ini C:\WINDOWS\system32\bclsfidx.ini C:\WINDOWS\system32\bjkyrhvs.ini C:\WINDOWS\system32\eodtnguc.ini C:\WINDOWS\system32\lmSrrtwa.ini C:\WINDOWS\system32\lmSrrtwa.ini2 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\onUEKkkj.ini C:\WINDOWS\system32\onUEKkkj.ini2 C:\WINDOWS\system32\time.exe . ((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))) . 2008-05-17 19:48 . 2008-05-17 19:48 27 --a------ C:\WINDOWS\SmartAudio.INI 2008-05-17 17:52 . 2008-05-17 17:52 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-17 15:14 . 2008-05-17 15:14 d-------- C:\Program Files\Lavasoft 2008-05-17 15:14 . 2008-05-17 15:16 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-17 15:04 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll 2008-05-17 15:04 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll 2008-05-17 15:03 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe 2008-05-17 15:03 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe 2008-05-17 15:03 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys 2008-05-17 15:03 . 2004-08-03 23:10 19,328 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys 2008-05-17 15:03 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll 2008-05-17 15:03 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys 2008-05-17 15:03 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys 2008-05-17 15:03 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe 2008-05-17 15:01 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll 2008-05-17 14:56 . 2006-03-15 07:00 221,184 --a--c--- C:\WINDOWS\system32\dllcache\wmpns.dll 2008-05-17 14:56 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys 2008-05-17 14:56 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys 2008-05-17 14:51 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys 2008-05-17 14:48 . 2001-08-17 22:36 53,760 --a--c--- C:\WINDOWS\system32\dllcache\wiamsmud.dll 2008-05-17 14:47 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll 2008-05-17 14:46 . 2006-03-15 07:00 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys 2008-05-17 14:45 . 2001-08-17 13:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys 2008-05-17 14:45 . 2001-08-17 12:10 35,871 --a--c--- C:\WINDOWS\system32\dllcache\wbfirdma.sys 2008-05-17 14:45 . 2004-08-03 23:08 31,744 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys 2008-05-17 14:45 . 2004-08-03 22:29 23,615 --a--c--- C:\WINDOWS\system32\dllcache\wch7xxnt.sys 2008-05-17 14:42 . 2004-08-03 22:29 33,599 --a--c--- C:\WINDOWS\system32\dllcache\watv04nt.sys 2008-05-17 14:42 . 2004-08-03 22:29 29,311 --a--c--- C:\WINDOWS\system32\dllcache\watv01nt.sys 2008-05-17 14:42 . 2004-08-03 22:29 19,551 --a--c--- C:\WINDOWS\system32\dllcache\watv02nt.sys 2008-05-17 14:41 . 2004-08-03 22:29 11,775 --a--c--- C:\WINDOWS\system32\dllcache\wadv05nt.sys 2008-05-17 14:40 . 2001-08-17 12:13 19,528 --a--c--- C:\WINDOWS\system32\dllcache\w840nd.sys 2008-05-17 14:40 . 2001-08-17 12:13 19,016 --a--c--- C:\WINDOWS\system32\dllcache\w926nd.sys 2008-05-17 14:40 . 2001-08-17 12:13 16,925 --a--c--- C:\WINDOWS\system32\dllcache\w940nd.sys 2008-05-17 14:40 . 2004-08-03 22:29 12,415 --a--c--- C:\WINDOWS\system32\dllcache\wadv01nt.sys 2008-05-17 14:40 . 2004-08-03 22:29 12,127 --a--c--- C:\WINDOWS\system32\dllcache\wadv02nt.sys 2008-05-17 14:39 . 2006-03-15 07:00 363,520 --a--c--- C:\WINDOWS\system32\dllcache\w3svc.dll 2008-05-17 14:38 . 2006-03-15 07:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\w3svapi.dll 2008-05-17 14:37 . 2001-08-17 13:28 64,605 --a--c--- C:\WINDOWS\system32\dllcache\vvoice.sys 2008-05-17 14:35 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys 2008-05-17 14:34 . 2001-08-17 22:36 211,968 --a--c--- C:\WINDOWS\system32\dllcache\um54scan.dll 2008-05-17 14:33 . 2001-08-17 22:36 216,064 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll 2008-05-17 14:32 . 2001-08-17 13:52 36,736 --a--c--- C:\WINDOWS\system32\dllcache\ultra.sys 2008-05-17 14:31 . 2006-03-15 07:00 103,424 --a--c--- C:\WINDOWS\system32\dllcache\uihelper.dll 2008-05-17 14:31 . 2001-08-17 13:48 11,520 --a--c--- C:\WINDOWS\system32\dllcache\twotrack.sys 2008-05-17 14:29 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll 2008-05-17 14:29 . 2001-08-17 12:51 166,784 --a--c--- C:\WINDOWS\system32\dllcache\tridxpm.sys 2008-05-17 14:27 . 2004-08-03 23:00 149,376 --a--c--- C:\WINDOWS\system32\dllcache\tffsport.sys 2008-05-17 14:27 . 2001-08-17 12:51 138,528 --a--c--- C:\WINDOWS\system32\dllcache\tgiulnt5.sys 2008-05-17 14:27 . 2001-08-17 12:14 123,995 --a--c--- C:\WINDOWS\system32\dllcache\tjisdn.sys 2008-05-17 14:27 . 2001-08-17 14:56 81,408 --a--c--- C:\WINDOWS\system32\dllcache\tgiul50.dll 2008-05-17 14:27 . 2001-08-17 12:13 37,961 --a--c--- C:\WINDOWS\system32\dllcache\tdk100b.sys 2008-05-17 14:27 . 2001-08-17 12:13 17,129 --a--c--- C:\WINDOWS\system32\dllcache\tdkcd31.sys 2008-05-17 14:26 . 2001-08-17 14:56 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll 2008-05-17 14:26 . 2001-08-17 22:36 94,293 --a--c--- C:\WINDOWS\system32\dllcache\sxports.dll 2008-05-17 14:26 . 2001-08-17 12:50 36,640 --a--c--- C:\WINDOWS\system32\dllcache\t2r4mini.sys 2008-05-17 14:26 . 2001-08-17 14:07 32,640 --a--c--- C:\WINDOWS\system32\dllcache\symc8xx.sys 2008-05-17 14:26 . 2001-08-17 14:07 30,688 --a--c--- C:\WINDOWS\system32\dllcache\sym_u3.sys 2008-05-17 14:26 . 2001-08-17 13:49 30,464 --a--c--- C:\WINDOWS\system32\dllcache\tbatm155.sys 2008-05-17 14:26 . 2001-08-17 14:07 28,384 --a--c--- C:\WINDOWS\system32\dllcache\sym_hi.sys 2008-05-17 14:26 . 2001-08-17 14:07 16,256 --a--c--- C:\WINDOWS\system32\dllcache\symc810.sys 2008-05-17 14:26 . 2001-08-17 13:52 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys 2008-05-17 14:23 . 2006-03-15 07:00 45,056 --a--c--- C:\WINDOWS\system32\dllcache\ssinc51.dll 2008-05-17 14:22 . 2001-08-17 12:11 48,736 --a--c--- C:\WINDOWS\system32\dllcache\srwlnd5.sys 2008-05-17 14:21 . 2006-03-15 07:00 101,376 --a--c--- C:\WINDOWS\system32\dllcache\srusbusd.dll 2008-05-17 14:21 . 2001-08-17 22:36 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll 2008-05-17 14:20 . 2001-08-17 22:36 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll 2008-05-17 14:20 . 2001-08-17 22:36 106,584 --a--c--- C:\WINDOWS\system32\dllcache\spdports.dll 2008-05-17 14:20 . 2001-08-17 13:51 61,824 --a--c--- C:\WINDOWS\system32\dllcache\speed.sys 2008-05-17 14:20 . 2001-08-17 12:51 37,040 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.sys 2008-05-17 14:20 . 2001-08-17 22:36 24,660 --a--c--- C:\WINDOWS\system32\dllcache\spxupchk.dll 2008-05-17 14:20 . 2001-08-17 14:07 19,072 --a--c--- C:\WINDOWS\system32\dllcache\sparrow.sys 2008-05-17 14:20 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys 2008-05-17 14:19 . 2001-08-17 12:51 58,368 --a--c--- C:\WINDOWS\system32\dllcache\smiminib.sys 2008-05-17 14:19 . 2001-08-17 12:51 20,752 --a--c--- C:\WINDOWS\system32\dllcache\sonync.sys 2008-05-17 14:19 . 2001-08-17 13:53 9,600 --a--c--- C:\WINDOWS\system32\dllcache\sonymc.sys 2008-05-17 14:19 . 2004-08-03 23:00 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonyait.sys 2008-05-17 14:19 . 2001-08-17 13:53 7,040 --a--c--- C:\WINDOWS\system32\dllcache\snyaitmc.sys 2008-05-17 14:17 . 2001-08-17 14:56 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll 2008-05-17 14:17 . 2006-03-15 07:00 15,872 --a--c--- C:\WINDOWS\system32\dllcache\smierrsm.dll 2008-05-17 14:16 . 2001-08-17 12:10 35,913 --a--c--- C:\WINDOWS\system32\dllcache\smcirda.sys 2008-05-17 14:16 . 2001-08-17 12:12 25,034 --a--c--- C:\WINDOWS\system32\dllcache\smcpwr2n.sys 2008-05-17 14:16 . 2001-08-17 12:12 24,576 --a--c--- C:\WINDOWS\system32\dllcache\smc8000n.sys 2008-05-17 14:16 . 2004-08-03 23:07 16,128 --a--c--- C:\WINDOWS\system32\dllcache\smbbatt.sys 2008-05-17 14:16 . 2004-08-03 23:07 6,912 --a--c--- C:\WINDOWS\system32\dllcache\smbclass.sys 2008-05-17 14:16 . 2001-08-17 13:57 6,784 --a--c--- C:\WINDOWS\system32\dllcache\smbhc.sys 2008-05-17 14:15 . 2001-08-17 22:36 45,568 --a--c--- C:\WINDOWS\system32\dllcache\smb3w.dll 2008-05-17 14:15 . 2001-08-17 22:36 33,792 --a--c--- C:\WINDOWS\system32\dllcache\smb0w.dll 2008-05-17 14:15 . 2006-03-15 07:00 31,744 --a--c--- C:\WINDOWS\system32\dllcache\smb6w.dll 2008-05-17 14:15 . 2001-08-17 22:36 28,672 --a--c--- C:\WINDOWS\system32\dllcache\sma0w.dll 2008-05-17 14:15 . 2001-08-17 22:36 28,160 --a--c--- C:\WINDOWS\system32\dllcache\sm91w.dll 2008-05-17 14:13 . 2001-08-17 12:50 101,760 --a--c--- C:\WINDOWS\system32\dllcache\sis300ip.sys 2008-05-17 14:13 . 2006-03-15 07:00 18,944 --a--c--- C:\WINDOWS\system32\dllcache\simptcp.dll 2008-05-17 14:12 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll 2008-05-17 14:12 . 2001-07-21 14:29 161,568 --a--c--- C:\WINDOWS\system32\dllcache\sgsmusb.sys 2008-05-17 14:12 . 2001-08-17 12:51 98,080 --a--c--- C:\WINDOWS\system32\dllcache\sgiulnt5.sys 2008-05-17 14:12 . 2001-08-17 12:19 36,480 --a--c--- C:\WINDOWS\system32\dllcache\sfmanm.sys 2008-05-17 14:12 . 2001-07-21 14:29 18,400 --a--c--- C:\WINDOWS\system32\dllcache\sgsmld.sys 2008-05-17 14:12 . 2001-08-17 13:48 17,664 --a--c--- C:\WINDOWS\system32\dllcache\sermouse.sys 2008-05-17 14:12 . 2001-08-17 13:53 6,912 --a--c--- C:\WINDOWS\system32\dllcache\seaddsmc.sys 2008-05-17 14:12 . 2001-08-17 13:53 6,784 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys 2008-05-17 14:10 . 2001-08-17 14:56 210,496 --a--c--- C:\WINDOWS\system32\dllcache\s3mvirge.dll 2008-05-17 14:09 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys 2008-05-17 14:09 . 2001-08-17 13:28 714,762 --a--c--- C:\WINDOWS\system32\dllcache\r2mdmkxx.sys 2008-05-17 14:09 . 2001-08-17 22:36 86,097 --a--c--- C:\WINDOWS\system32\dllcache\reslog32.dll 2008-05-17 14:09 . 2004-08-03 22:59 79,104 --a--c--- C:\WINDOWS\system32\dllcache\rocket.sys 2008-05-17 14:09 . 2001-08-17 22:36 41,472 --a--c--- C:\WINDOWS\system32\dllcache\qvusd.dll 2008-05-17 14:09 . 2001-08-17 12:12 37,563 --a--c--- C:\WINDOWS\system32\dllcache\rlnet5.sys 2008-05-17 14:09 . 2001-08-17 13:51 19,584 --a--c--- C:\WINDOWS\system32\dllcache\rasirda.sys 2008-05-17 14:09 . 2001-08-17 22:36 9,216 --a--c--- C:\WINDOWS\system32\dllcache\rsmgrstr.dll 2008-05-17 14:09 . 2001-08-17 12:19 3,840 --a--c--- C:\WINDOWS\system32\dllcache\rpfun.sys 2008-05-17 14:08 . 2006-03-15 07:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\quser.exe 2008-05-17 14:08 . 2001-08-17 13:53 3,328 --a--c--- C:\WINDOWS\system32\dllcache\qv2kux.sys 2008-05-17 14:07 . 2001-08-17 13:52 49,024 --a--c--- C:\WINDOWS\system32\dllcache\ql1280.sys 2008-05-17 14:07 . 2001-08-17 13:52 40,448 --a--c--- C:\WINDOWS\system32\dllcache\ql1240.sys 2008-05-17 14:06 . 2001-08-17 13:52 45,312 --a--c--- C:\WINDOWS\system32\dllcache\ql12160.sys 2008-05-17 14:06 . 2001-08-17 13:52 40,320 --a--c--- C:\WINDOWS\system32\dllcache\ql1080.sys 2008-05-17 14:06 . 2001-08-17 13:52 33,152 --a--c--- C:\WINDOWS\system32\dllcache\ql10wnt.sys 2008-05-17 14:06 . 2004-08-03 23:00 6,016 --a--c--- C:\WINDOWS\system32\dllcache\qic157.sys 2008-05-17 14:02 . 2001-08-17 14:04 173,696 --a--c--- C:\WINDOWS\system32\dllcache\philcam2.sys 2008-05-17 14:02 . 2001-08-17 22:36 121,344 --a--c--- C:\WINDOWS\system32\dllcache\phvfwext.dll 2008-05-17 14:02 . 2001-08-17 14:04 92,416 --a--c--- C:\WINDOWS\system32\dllcache\phildec.sys 2008-05-17 14:02 . 2001-08-17 14:04 75,776 --a--c--- C:\WINDOWS\system32\dllcache\philcam1.sys 2008-05-17 14:02 . 2001-08-17 14:07 19,840 --a--c--- C:\WINDOWS\system32\dllcache\philtune.sys 2008-05-17 14:02 . 2001-08-17 22:36 16,384 --a--c--- C:\WINDOWS\system32\dllcache\philcam1.dll 2008-05-17 14:02 . 2006-03-15 07:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\pmxgl.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-30 04:26 3,545,600 ----a-w C:\WINDOWS\system32\logonuiX.exe 2008-04-22 21:07 --------- d-----w C:\Program Files\microsoft frontpage 2008-04-22 21:01 --------- d-----w C:\Program Files\Windows Plus 2008-04-14 00:11 94,208 ----a-w C:\WINDOWS\system32\eappgnui.dll 2008-04-14 00:09 6,144 ----a-w C:\WINDOWS\system32\kbdpash.dll 2008-04-14 00:09 6,144 ----a-w C:\WINDOWS\system32\kbdnepr.dll 2008-04-14 00:09 6,144 ----a-w C:\WINDOWS\system32\kbdiultn.dll 2008-04-14 00:09 6,144 ----a-w C:\WINDOWS\system32\kbdbhc.dll 2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe 2008-04-13 18:40 10,240 ----a-w C:\WINDOWS\system32\drivers\sffp_mmc.sys 2008-04-13 18:14 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll 2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll 2008-04-13 16:36 144,384 ----a-w C:\WINDOWS\system32\drivers\hdaudbus.sys 2008-03-04 01:01 142,848 ----a-w C:\WINDOWS\system32\IESetting.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\SETE7.tmp 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\SETA3.tmp 2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\SETA4.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0e0db20c-146e-41b7-8079-68882c0caeef}] 2008-05-15 23:18 133120 --a------ C:\WINDOWS\system32\wpxystlo.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22895E69-38E8-46F2-843B-2ABC24FC4555}] 2008-05-14 19:49 369664 --a------ C:\WINDOWS\system32\awtrrSml.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE7F2D6D-290E-4461-8EC7-3811C27E57B4}] C:\WINDOWS\system32\jkkKEUno.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="" [] "TopDesk"="C:\Program Files\TopDesk\topdesk.exe" [2007-11-16 01:40 1937920] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 07:00 15360] "LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 13:27 65536] "ViStart"="C:\Program Files\ViStart\ViStart" [ ] "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 10:56 409600] "NvCplDaemon"="RUNDLL32.exe" [2006-03-15 07:00 33280 C:\WINDOWS\system32\rundll32.exe] "BluetoothAuthenticationAgent"="rundll32.exe" [2006-03-15 07:00 33280 C:\WINDOWS\system32\rundll32.exe] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18 49152] "DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 07:39 49152] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-03-15 07:00 208952] "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2006-03-15 07:00 44032] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-15 07:00 59392] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 14:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe] "NvMediaCenter"="RUNDLL32.exe" [2006-03-15 07:00 33280 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2006-04-15 17:26 1519616 C:\WINDOWS\system32\nwiz.exe] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187] "BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "GlassToast"="C:\Documents and Settings\Michael Hilliard\Desktop\glasstoast\glasstoast.exe" [2007-02-01 17:26 860160] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-15 07:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-15 07:00 455168] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856] C:\Documents and Settings\Michael Hilliard\Start Menu\Programs\Startup\ Styler.lnk - C:\Documents and Settings\Michael Hilliard\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2008-04-23 23:49:24 15086] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcBusRk] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUonmLC] vtUonmLC.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-05-14 20:40 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Michael Hilliard^Start Menu^Programs^Startup^Client Default.lnk] path=C:\Documents and Settings\Michael Hilliard\Start Menu\Programs\Startup\Client Default.lnk backup=C:\WINDOWS\pss\Client Default.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Michael Hilliard^Start Menu^Programs^Startup^MagicDisc.lnk] path=C:\Documents and Settings\Michael Hilliard\Start Menu\Programs\Startup\MagicDisc.lnk backup=C:\WINDOWS\pss\MagicDisc.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Michael Hilliard^Start Menu^Programs^Startup^Registration Ghost Recon Advanced WarfighterŽ 2.LNK] path=C:\Documents and Settings\Michael Hilliard\Start Menu\Programs\Startup\Registration Ghost Recon Advanced WarfighterŽ 2.LNK backup=C:\WINDOWS\pss\Registration Ghost Recon Advanced WarfighterŽ 2.LNKStartup [HKLM\~\startupfolder\C:^Documents and Settings^Michael Hilliard^Start Menu^Programs^Startup^Yahoo! Widgets.lnk] path=C:\Documents and Settings\Michael Hilliard\Start Menu\Programs\Startup\Yahoo! Widgets.lnk backup=C:\WINDOWS\pss\Yahoo! Widgets.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2004-08-10 04:04 59392 C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] --a------ 2006-06-02 14:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-12-15 11:18 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] --a------ 2005-11-16 08:30 503808 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a------ 2006-03-15 07:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --ahs---- 2008-04-13 19:12 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New Value #1] C:\Documents and Settings\Michael Hilliard\Desktop\vistart_2661_english_skin_default OLDDD\vistart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-04-15 17:26 7561216 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2006-04-15 17:26 86016 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-04-15 17:26 1519616 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] --a------ 2006-03-15 07:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] --a------ 2006-03-15 07:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] --a------ 2005-12-12 11:39 94208 C:\Program Files\HP\QuickPlay\QPService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock] --a------ 2007-09-02 13:58 495616 C:\Program Files\RocketDock\RocketDock.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] --a------ 2008-01-04 20:56 5367664 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2007-09-15 02:27 1015808 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --a------ 2004-11-04 13:40 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart] C:\Documents and Settings\Michael Hilliard\Desktop\vistart_2661_english_skin_default OLDDD\vistart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Bonjour Service"=2 (0x2) "usnjsvc"=3 (0x3) "WLSetupSvc"=3 (0x3) "NSCService"=3 (0x3) "ccSetMgr"=2 (0x2) "CLTNetCnService"=2 (0x2) "ccEvtMgr"=2 (0x2) "Symantec Core LC"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\AIM6\\aim6.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5daf40ae-114b-11dd-9ea5-0016d434dde6}] \Shell\AutoRun\command - E:\ntde1ect.com \Shell\explore\Command - E:\ntde1ect.com \Shell\open\Command - E:\ntde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c10eae7f-1168-11dd-9ea8-0016d434dde6}] \Shell\Auto\command - Start.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-17 20:18:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehsched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\ViStart\ViStart.exe C:\Program Files\Styler\Styler.exe C:\WINDOWS\system32\dllhost.exe . ************************************************************************** . Completion time: 2008-05-17 20:25:54 - machine was rebooted [Michael Hilliard] ComboFix-quarantined-files.txt 2008-05-18 01:25:31 Pre-Run: 82,989,641,728 bytes free Post-Run: 80,884,916,224 bytes free 367 --- E O F --- 2008-05-14 22:03:40