1st Log[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AlcxMonitor not found.
[File String Scan - Non-Microsoft Only]
ADS C:\MIC Price File.exe:Zone.Identifier deleted successfully.
[Empty Temp Folders]
C:\DOCUME~1\BENNYO~1\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Benny Oficina\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
< End of log >
Created on 10/22/2007 16:33:17
2nd LogWinPFind3 logfile created on: 10/22/2007 4:38:50 PM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Benny Oficina\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)
503.52 Mb Total Physical Memory | 291.47 Mb Available Physical Memory | 57.89% Memory free
1.20 Gb Paging File | 1.05 Gb Available in Paging File | 87.32% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.83 Gb Total Space | 93.82 Gb Free Space | 87.82% Space Free
Drive D: | 4.96 Gb Total Space | 0.91 Gb Free Space | 18.39% Space Free
Drive E: | 668.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
Drive F: | 743.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
Computer Name: BENNY
Current User Name: Benny Oficina
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
aniserv.exe -> %System32%\aniServ.exe -> Airgo Networks, Inc. [Ver = 1, 0, 0, 1 | Size = 143360 bytes | Modified Date = 8/11/2004 12:00:38 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3889 | Size = 118784 bytes | Modified Date = 8/20/2004 3:51:14 PM | Attr = ]
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 6:04:38 PM | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3889 | Size = 155648 bytes | Modified Date = 8/20/2004 3:55:14 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:36 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3292 | Size = 180269 bytes | Modified Date = 10/11/2005 12:13:54 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1080 | Size = 1174152 bytes | Modified Date = 7/18/2007 12:28:52 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]
[Win32 Services - Non-Microsoft Only]
(ANISERVICE) Airgo Networks NIC Service [Win32_Own | Auto | Running] -> %System32%\aniServ.exe -> Airgo Networks, Inc. [Ver = 1, 0, 0, 1 | Size = 143360 bytes | Modified Date = 8/11/2004 12:00:38 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 11/14/2005 1:06:04 AM | Attr = ]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 69632 bytes | Modified Date = 5/3/2003 1:19:00 AM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1080 | Size = 1174152 bytes | Modified Date = 7/18/2007 12:28:52 PM | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3889 | Size = 118784 bytes | Modified Date = 8/20/2004 3:51:14 PM | Attr = ]
hpsysdrv -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 6:04:38 PM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3889 | Size = 155648 bytes | Modified Date = 8/20/2004 3:55:14 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 6:24:52 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:36 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3292 | Size = 180269 bytes | Modified Date = 10/11/2005 12:13:54 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> File not found
BitTorrent -> %ProgramFiles%\BitTorrent\bittorrent.exe -> File not found
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
zwebauth.dll -> %System32%\ZWebAuth.dll -> [Ver = | Size = 16973 bytes | Modified Date = 9/18/2001 6:37:34 PM | Attr = ]
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3889 | Size = 344064 bytes | Modified Date = 8/20/2004 3:50:54 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL ->
http://www.yahoo.com ->
HKLM: Main\\Default_Search_URL ->
http://go.microsoft....k/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar ->
http://srch-qus9.hpwis.com/ ->
HKLM: Search Page ->
http://go.microsoft....k/?LinkId=54896 ->
HKLM: Start Page ->
http://qus9.hpwis.com/ ->
HKLM: CustomizeSearch ->
http://ie.search.msn...st/srchcust.htm ->
HKLM: SearchAssistant ->
http://ie.search.msn...st/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page ->
http://www.microsoft...amp;ar=iesearch ->
HKCU: Start Page ->
http://www.yahoo.com/ ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> localhost;<local>;127.0.0.1 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} [HKLM] -> %ProgramFiles%\ESPN\Toolbar\DIGToolBar.dll [&ESPN] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
Open Picture in &Microsoft PhotoDraw -> %SystemDrive%\PROGRA~1\MICROS~2\Office\1033\phdintl.dll\phdContext.htm -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{3D9436AD-9730-4267-AABF-0D22E160733A} -> (Belkin Wireless Pre-N Notebook Network Card) ->
{C1390595-DD7C-4079-BEEE-19F9F28DD2CC} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{1663ED61-23EB-11D2-B92F-008048FDD814} -> MeadCo ScriptX - CodeBase =
https://www.polarisd.../Print/smsx.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase =
http://go.microsoft....k/?linkid=39204 ->
{406B5949-7190-4245-91A9-30A17DE16AD0} -> Snapfish Activia - CodeBase =
http://photo.walgree...eensActivia.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase =
http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase =
http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase =
http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase =
http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase =
http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase =
http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase =
http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase =
http://download.macr...ash/swflash.cab ->
{E111B6BD-3B91-410E-A989-F3392676AF34} -> PSVRecImage Control - CodeBase =
http://196.42.6.94/push01.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->
[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
AlcxMonitor -> %SystemRoot%\ALCXMNTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 9/7/2004 1:47:52 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 4640768 bytes | Modified Date = 5/3/2003 1:19:00 AM | Attr = ]
[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 528052224 bytes | Created Date = 1/1/1601 5:00:00 AM | Attr = HS]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 10/17/2007 11:59:26 AM | Attr = H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 10/17/2007 11:58:25 AM | Attr = H ]
$NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ -> [Folder | Created Date = 10/17/2007 11:54:33 AM | Attr = H ]
$NtUninstallKB914440$ -> %SystemRoot%\$NtUninstallKB914440$ -> [Folder | Created Date = 10/17/2007 11:54:48 AM | Attr = H ]
$NtUninstallKB915865$ -> %SystemRoot%\$NtUninstallKB915865$ -> [Folder | Created Date = 10/17/2007 11:57:17 AM | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Created Date = 10/10/2007 5:03:48 PM | Attr = H ]
$NtUninstallKB939653$ -> %SystemRoot%\$NtUninstallKB939653$ -> [Folder | Created Date = 10/10/2007 5:03:31 PM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Created Date = 10/10/2007 5:01:58 PM | Attr = H ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 10/17/2007 11:59:58 AM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 10/18/2007 12:00:47 PM | Attr = ]
msdownld.tmp -> %SystemRoot%\msdownld.tmp -> [Folder | Created Date = 10/17/2007 12:02:28 PM | Attr = H ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 10/17/2007 11:54:50 AM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 10/20/2007 11:06:57 AM | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 10/17/2007 12:01:54 PM | Attr = ]
Uniblue SpeedUpMyPC Nag.job -> %SystemRoot%\tasks\Uniblue SpeedUpMyPC Nag.job -> [Ver = | Size = 286 bytes | Created Date = 10/20/2007 11:13:50 AM | Attr = ]
Uniblue SpeedUpMyPC.job -> %SystemRoot%\tasks\Uniblue SpeedUpMyPC.job -> [Ver = | Size = 408 bytes | Created Date = 10/20/2007 11:13:50 AM | Attr = ]
en-US -> %System32%\en-US -> [Folder | Created Date = 10/17/2007 12:01:51 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 10/18/2007 12:12:37 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 10/18/2007 12:12:37 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 10/18/2007 12:12:37 PM | Attr = ]
[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 281 bytes | Modified Date = 10/22/2007 3:44:12 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 10/22/2007 4:32:40 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 528052224 bytes | Modified Date = 10/22/2007 4:35:46 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 10/22/2007 4:35:44 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 10/22/2007 4:28:32 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 10/18/2007 3:43:58 AM | Attr = H ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 10/17/2007 11:59:26 AM | Attr = H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 10/17/2007 11:58:26 AM | Attr = H ]
$NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ -> [Folder | Modified Date = 10/17/2007 11:54:36 AM | Attr = H ]
$NtUninstallKB914440$ -> %SystemRoot%\$NtUninstallKB914440$ -> [Folder | Modified Date = 10/17/2007 11:54:52 AM | Attr = H ]
$NtUninstallKB915865$ -> %SystemRoot%\$NtUninstallKB915865$ -> [Folder | Modified Date = 10/17/2007 11:57:18 AM | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Modified Date = 10/10/2007 5:03:50 PM | Attr = H ]
$NtUninstallKB939653$ -> %SystemRoot%\$NtUninstallKB939653$ -> [Folder | Modified Date = 10/10/2007 5:03:36 PM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Modified Date = 10/10/2007 5:02:00 PM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 10/22/2007 4:35:50 PM | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 10/22/2007 2:59:04 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 10/17/2007 12:13:56 PM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 10/17/2007 12:01:30 PM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 10/18/2007 12:00:48 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 10/18/2007 12:00:54 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 10/22/2007 3:06:34 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 10/22/2007 4:31:18 PM | Attr = HS]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 10/17/2007 12:01:44 PM | Attr = ]
msdownld.tmp -> %SystemRoot%\msdownld.tmp -> [Folder | Modified Date = 10/17/2007 12:03:24 PM | Attr = H ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 10/17/2007 11:54:52 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 10/22/2007 4:03:32 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 10/20/2007 12:09:06 PM | Attr = ]
PWSTART.INI -> %SystemRoot%\PWSTART.INI -> [Ver = | Size = 486 bytes | Modified Date = 10/22/2007 1:36:22 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 10/20/2007 12:37:20 PM | Attr = H ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 10/22/2007 3:44:12 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 10/22/2007 4:32:38 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 10/22/2007 4:23:32 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 10/22/2007 4:36:18 PM | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 10/17/2007 12:01:56 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 626 bytes | Modified Date = 10/22/2007 3:44:12 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 10/22/2007 3:07:02 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 10/22/2007 4:35:54 PM | Attr = H ]
Uniblue SpeedUpMyPC Nag.job -> %SystemRoot%\tasks\Uniblue SpeedUpMyPC Nag.job -> [Ver = | Size = 286 bytes | Modified Date = 10/20/2007 11:13:52 AM | Attr = ]
Uniblue SpeedUpMyPC.job -> %SystemRoot%\tasks\Uniblue SpeedUpMyPC.job -> [Ver = | Size = 408 bytes | Modified Date = 10/20/2007 11:13:52 AM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 10/17/2007 12:22:06 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 10/22/2007 3:06:30 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 10/17/2007 12:02:12 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 10/18/2007 12:01:12 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 10/22/2007 4:32:38 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 10/22/2007 3:06:34 PM | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 10/18/2007 12:01:12 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 283408 bytes | Modified Date = 10/22/2007 3:13:44 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Modified Date = 9/24/2007 10:30:28 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Modified Date = 9/24/2007 11:31:42 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Modified Date = 9/24/2007 10:30:30 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Modified Date = 9/24/2007 11:31:42 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 10/22/2007 4:36:18 PM | Attr = ]
[File String Scan - Non-Microsoft Only]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.34 | Size = 16121856 bytes | Modified Date = 9/20/2004 3:20:44 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
PTech , -> %System32%\igfxhcsy.lhp -> [Ver = | Size = 59914 bytes | Modified Date = 8/20/2004 3:56:24 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]
< End of report >
3rd LogComboFix 07-10-22.7 - Benny Oficina 2007-10-22 16:46:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.245 [GMT -5:00]
Running from: C:\Documents and Settings\Benny Oficina\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\nm
((((((((((((((((((((((((( Files Created from 2007-09-22 to 2007-10-22 )))))))))))))))))))))))))))))))
.
2007-10-22 16:45 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-22 15:54 <DIR> d-------- C:\Program Files\Symantec
2007-10-22 15:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-10-20 11:13 <DIR> d-------- C:\Documents and Settings\Benny Oficina\Application Data\Uniblue
2007-10-20 11:06 <DIR> d-------- C:\WINDOWS\pss
2007-10-17 12:11 <DIR> d-------- C:\Documents and Settings\Benny Oficina\Application Data\Yahoo!
2007-10-17 12:02 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-22 21:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-22 21:29 --------- d-----w C:\Program Files\Norton AntiVirus
2007-10-22 19:58 --------- d-----w C:\Program Files\Apple Software Update
2007-10-22 19:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-18 17:12 --------- d-----w C:\Program Files\Java
2007-10-17 17:37 --------- d-----w C:\Program Files\PartyPoker
2007-10-17 17:35 --------- d-----w C:\Program Files\Yahoo!
2007-10-17 17:30 --------- d-----w C:\Documents and Settings\Benny Oficina\Application Data\Symantec
2007-10-17 17:19 --------- d-----w C:\Program Files\MUSICMATCH
2007-10-17 17:14 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2007-09-20 15:42 722,176 ----a-w C:\Documents and Settings\Benny Oficina\gotomypc_428.exe
2007-01-15 14:29 87,608 ----a-w C:\Documents and Settings\Benny Oficina\Application Data\ezpinst.exe
2007-01-15 14:29 47,360 ----a-w C:\Documents and Settings\Benny Oficina\Application Data\pcouffin.sys
2006-09-01 21:03 563,712 ----a-w C:\Documents and Settings\Benny Oficina\gotomypc_370.exe
2006-04-10 13:27 1,431,040 ----a-w C:\Program Files\Common Files\PartSmartUpdate.msi
2006-02-20 18:43 563,712 -c--a-w C:\Documents and Settings\Benny Oficina\370_gotomypc.exe
2005-11-21 19:39 483,401 -c--a-w C:\Documents and Settings\Benny Oficina\314_gotomypc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 18:41]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-11 12:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
R2 ANISERVICE;Airgo Networks NIC Service;C:\WINDOWS\System32\aniServ.exe
R3 Airgo;Belkin Wireless Pre-N Notebook Network Driver;C:\WINDOWS\system32\DRIVERS\wnihdd51.sys
R3 WNIPROT5;WNIPROT5 Protocol Driver;\??\C:\WINDOWS\System32\WNIPROT5.SYS
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\E:\INSTAL~E\Core\BVRPMPR5.SYS
S3 RioS35;RioS35S driver;C:\WINDOWS\system32\Drivers\RioS35.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command - D:\Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder
"2007-10-20 16:13:51 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
"2007-10-20 16:13:50 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-10-22 16:51:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-22 16:52:37 - machine was rebooted
.
--- E O F ---