Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Antispyware.net [RESOLVED]

Started by nyychick2 , Mar 08 2008 10:03 PM

  • This topic is locked This topic is locked

#16
Rorschach112
Posted 17 March 2008 - 01:15 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download WinPFind35U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
  • Under Additional Scans check the boxes beside Reg - Bot Check, Reg - Disabled MS Config Items, Reg - File Additional Folder Scans, File - Lop Check and File - Purity Scan.
  • Under Drivers change it to Non-Microsoft.
  • Check the box beside Scan All User Accounts at the top
  • Under Files Created Within and Files Modified Within change it to 90 days.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
  • 0

Advertisements

#17
nyychick2
Posted 17 March 2008 - 09:03 PM

nyychick2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Thank you for all your help. This problem is fixable, right?

Attached Files


  • 0

#18
Rorschach112
Posted 18 March 2008 - 05:57 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Start WinPFind35U. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> Windows Defender ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> AOL Fast Start -> %SystemDrive%\PROGRA~1\AMERIC~1.0A\AOL.EXE
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> Sidebar ->
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> Sidebar ->
< Run [HKEY_USERS\S-1-5-21-4125837550-2163220547-2190492486-1009\] > -> HKEY_USERS\S-1-5-21-4125837550-2163220547-2190492486-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> AOL Fast Start -> %SystemDrive%\PROGRA~1\AMERIC~1.0A\AOL.EXE
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. []
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {A98C34C6-A944-B922-7851-E9DA1F7785B7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ClsidExtension [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Exec [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-4125837550-2163220547-2190492486-1009\] > -> HKEY_USERS\S-1-5-21-4125837550-2163220547-2190492486-1009\Software\Microsoft\Internet Explorer\Extensions\
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ClsidExtension [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Exec [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.]
YN -> msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.]
[Files/Folders - Created Within 90 days]
NY -> 1 C:\*.tmp files -> C:\*.tmp
[Files/Folders - Modified Within 90 days]
NY -> 3 C:\Windows\*.tmp files -> C:\Windows\*.tmp
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.


Post a new HijackThis log
  • 0

#19
nyychick2
Posted 19 March 2008 - 03:19 PM

nyychick2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Deckard's System Scanner v20071014.68
Run by Home on 2008-03-19 17:15:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (1024 MiB recommended).


-- HijackThis (run as Home.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:43 PM, on 3/19/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\DSentry.exe
C:\Program Files\Common Files\AOL\1133723631\ee\aolsoftware.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\hpwuSchd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Home\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Home.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {A98C34C6-A944-B922-7851-E9DA1F7785B7} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\toolbar.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133723631\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - (no file) (HKCU)
O13 - Gopher Prefix:
O15 - Trusted Zone: admissions.nyu.edu
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictive...ab/1w2fcksh.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft....ayx_vp3_mp3.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontec...2ie06101001.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driver...driveragent.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: myivqjirjkoj (sawadtww6) - Unknown owner - C:\WINDOWS\system32\nujwjkwv6.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 8596 bytes

-- Files created between 2008-02-19 and 2008-03-19 -----------------------------

2008-03-15 11:51:42 0 d-------- C:\Program Files\Trend Micro
2008-03-14 21:29:37 3612 --a------ C:\Windows\system32\tmp.reg
2008-03-14 21:29:02 25600 --a------ C:\Windows\system32\WS2Fix.exe
2008-03-14 21:29:02 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-14 21:29:02 82432 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-14 21:24:39 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-14 21:24:38 51200 --a------ C:\Windows\system32\dumphive.exe
2008-03-14 21:24:36 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-14 21:24:36 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-08 21:23:10 0 d-------- C:\Users\Home\.housecall6.6
2008-03-07 23:35:53 0 d-------- C:\Windows\Panther
2008-03-07 23:10:47 0 d--h----- C:\$WINDOWS.~Q
2008-03-07 22:56:18 0 d--h----- C:\$INPLACE.~TR
2008-03-07 22:35:09 0 d-------- C:\Program Files\Norton Internet Security
2008-03-07 22:11:38 0 dr------- C:\Users\Home\Searches
2008-03-07 22:11:21 0 dr------- C:\Users\Home\Contacts
2008-03-07 21:48:22 22668 --a------ C:\Windows\system32\emptyregdb.dat
2008-03-07 21:33:20 0 d-------- C:\Users\Default\video
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\Templates
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\Start Menu
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\SendTo
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\Recent
2008-03-07 20:52:32 0 d--h----- C:\Users\Bhavini\PrintHood
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\NetHood
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\My Documents
2008-03-07 20:52:32 0 dr------- C:\Users\Bhavini\Music
2008-03-07 20:52:32 0 d--h----- C:\Users\Bhavini\Local Settings
2008-03-07 20:52:32 0 dr------- C:\Users\Bhavini\Links
2008-03-07 20:52:32 0 dr------- C:\Users\Bhavini\Favorites
2008-03-07 20:52:32 0 dr------- C:\Users\Bhavini\Downloads
2008-03-07 20:52:32 0 dr------- C:\Users\Bhavini\Documents
2008-03-07 20:52:32 0 dr------- C:\Users\Bhavini\Desktop
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\Cookies
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\Application Data
2008-03-07 20:52:32 0 d--h----- C:\Users\Bhavini\AppData
2008-03-07 20:52:31 0 dr------- C:\Users\Bhavini\Videos
2008-03-07 20:52:31 0 d-------- C:\Users\Bhavini\Saved Games
2008-03-07 20:52:31 0 dr------- C:\Users\Bhavini\Pictures
2008-03-07 20:52:31 2105344 --a------ C:\Users\Bhavini\NTUSER.DAT
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\Templates
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\Start Menu
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\SendTo
2008-03-07 20:52:27 0 d-------- C:\Users\Minal\Saved Games
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\Recent
2008-03-07 20:52:27 0 d--h----- C:\Users\Minal\PrintHood
2008-03-07 20:52:27 0 dr------- C:\Users\Minal\Pictures
2008-03-07 20:52:27 2748416 --a------ C:\Users\Minal\NTUSER.DAT
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\NetHood
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\My Documents
2008-03-07 20:52:27 0 d--h----- C:\Users\Minal\Local Settings
2008-03-07 20:52:27 0 dr------- C:\Users\Minal\Links
2008-03-07 20:52:27 0 dr------- C:\Users\Minal\Favorites
2008-03-07 20:52:27 0 dr------- C:\Users\Minal\Downloads
2008-03-07 20:52:27 0 dr------- C:\Users\Minal\Documents
2008-03-07 20:52:27 0 dr------- C:\Users\Minal\Desktop
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\Cookies
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\Application Data
2008-03-07 20:52:27 0 d--h----- C:\Users\Minal\AppData
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\Templates
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\Start Menu
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\SendTo
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\Recent
2008-03-07 20:52:23 0 d--h----- C:\Users\Home\PrintHood
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\NetHood
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\My Documents
2008-03-07 20:52:23 0 d--h----- C:\Users\Home\Local Settings
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\Cookies
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\Application Data
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Saved Games
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Pictures
2008-03-07 20:52:22 3670016 --ahs---- C:\Users\Home\NTUSER.DAT
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Music
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Links
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Favorites
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Downloads
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Documents
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Desktop
2008-03-07 20:52:22 0 d--h----- C:\Users\Home\AppData
2008-03-07 20:50:18 0 d-------- C:\Windows\system32\URTTEMP
2008-03-07 20:50:05 0 d--hs---- C:\Windows\Installer
2008-03-07 20:45:56 0 d-------- C:\Windows\system32\catroot2
2008-03-07 20:45:28 0 d-------- C:\Windows\Debug
2008-03-07 20:45:27 0 d-------- C:\Windows\CSC
2008-03-07 20:36:56 0 d-------- C:\Windows\Prefetch
2008-03-07 19:49:51 0 d--hs---- C:\Boot
2008-03-07 19:10:36 0 d------c- C:\Windows\system32\DRVSTORE
2008-03-03 01:09:18 0 d-------- C:\Program Files\Enigma Software Group
2008-03-02 19:14:43 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-02 17:31:30 0 d-------- C:\Program Files\Common Files\Download Manager
2008-03-02 00:01:22 0 d-a------ C:\Users\All Users\TEMP


-- Find3M Report ---------------------------------------------------------------

2008-03-13 09:13:49 0 d-------- C:\Program Files\Windows Mail
2008-03-08 21:04:53 9826 --a------ C:\Windows\mozver.dat
2008-03-08 17:33:27 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-08 16:49:29 0 d-------- C:\Program Files\Symantec
2008-03-08 04:26:29 174 --ahs---- C:\Program Files\desktop.ini
2008-03-08 04:12:23 0 d-------- C:\Program Files\Windows Calendar
2008-03-08 04:12:09 0 d-------- C:\Program Files\Windows Defender
2008-03-08 04:11:56 0 d-------- C:\Program Files\Windows Sidebar
2008-03-07 23:01:39 0 d-------- C:\Program Files\Common Files
2008-03-07 21:23:04 0 d-------- C:\Users\Home\AppData\Roaming\Webshots
2008-03-07 21:23:01 0 d-------- C:\Users\Home\AppData\Roaming\WeatherBug
2008-03-07 21:23:01 0 d-------- C:\Users\Home\AppData\Roaming\vlc
2008-03-07 21:23:01 0 d-------- C:\Users\Home\AppData\Roaming\Viewpoint
2008-03-07 21:23:00 0 d-------- C:\Users\Home\AppData\Roaming\Talkback
2008-03-07 21:23:00 0 d-------- C:\Users\Home\AppData\Roaming\Symantec
2008-03-07 21:22:17 0 d-------- C:\Users\Home\AppData\Roaming\Sun
2008-03-07 21:22:17 0 d-------- C:\Users\Home\AppData\Roaming\Sonic
2008-03-07 21:22:17 0 d-------- C:\Users\Home\AppData\Roaming\Registry Defender
2008-03-07 21:22:17 0 d-------- C:\Users\Home\AppData\Roaming\Real
2008-03-07 21:22:15 0 d-------- C:\Users\Home\AppData\Roaming\MSN6
2008-03-07 21:22:15 0 d-------- C:\Users\Home\AppData\Roaming\Mozilla
2008-03-07 21:22:13 0 d--h----- C:\Users\Home\AppData\Roaming\Move Networks
2008-03-07 21:21:29 0 d-------- C:\Users\Home\AppData\Roaming\Macromedia
2008-03-07 21:21:29 0 d-------- C:\Users\Home\AppData\Roaming\Leadertech
2008-03-07 21:21:29 0 d-------- C:\Users\Home\AppData\Roaming\Jasc Software Inc
2008-03-07 21:21:28 0 d-------- C:\Users\Home\AppData\Roaming\Jasc
2008-03-07 21:21:28 0 d-------- C:\Users\Home\AppData\Roaming\Identities
2008-03-07 21:21:28 0 d-------- C:\Users\Home\AppData\Roaming\ICAClient
2008-03-07 21:21:28 0 d-------- C:\Users\Home\AppData\Roaming\HotSync
2008-03-07 21:21:28 0 d--h----- C:\Users\Home\AppData\Roaming\Gtek
2008-03-07 21:21:28 0 d-------- C:\Users\Home\AppData\Roaming\Google
2008-03-07 21:21:27 0 d-------- C:\Users\Home\AppData\Roaming\ESPN
2008-03-07 21:21:27 0 d-------- C:\Users\Home\AppData\Roaming\CyberLink
2008-03-07 21:21:27 0 d-------- C:\Users\Home\AppData\Roaming\Corel
2008-03-07 21:21:27 0 d-------- C:\Users\Home\AppData\Roaming\Corel Photo Album
2008-03-07 21:21:25 0 d-------- C:\Users\Home\AppData\Roaming\Apple Computer
2008-03-07 21:21:25 0 d-------- C:\Users\Home\AppData\Roaming\AOL
2008-03-07 21:20:47 0 d-------- C:\Users\Home\AppData\Roaming\Aim
2008-03-07 21:20:47 0 d-------- C:\Users\Home\AppData\Roaming\Adobe
2008-03-07 21:20:47 0 d-------- C:\Users\Home\AppData\Roaming\acccore
2008-03-07 21:09:39 0 d-------- C:\Program Files\Your Company Name
2008-03-07 21:09:37 0 d-------- C:\Program Files\WordPerfect Office 11
2008-03-07 21:09:13 0 d-------- C:\Program Files\WildTangent
2008-03-07 21:09:06 0 d-------- C:\Program Files\support.com
2008-03-07 21:08:57 0 d-------- C:\Program Files\Real
2008-03-07 21:08:56 0 d-------- C:\Program Files\QuickTime
2008-03-07 21:08:42 0 d-------- C:\Program Files\PokerRoom.com
2008-03-07 21:08:42 0 d-------- C:\Program Files\Photo Pos Pro
2008-03-07 21:08:41 0 d-------- C:\Program Files\palmOne
2008-03-07 21:08:37 0 d-------- C:\Program Files\Ofoto
2008-03-07 21:06:25 0 d-------- C:\Program Files\NetZero
2008-03-07 21:06:22 0 d-------- C:\Program Files\MUSICMATCH
2008-03-07 21:06:22 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-07 21:06:17 0 d-------- C:\Program Files\Modem Helper
2008-03-07 21:06:00 0 d-------- C:\Program Files\microsoft frontpage
2008-03-07 21:06:00 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-07 21:06:00 0 d-------- C:\Program Files\McAfee.com
2008-03-07 21:06:00 0 d-------- C:\Program Files\MasqueAIM
2008-03-07 21:05:59 0 d-------- C:\Program Files\Learn2.com
2008-03-07 21:05:48 0 d-------- C:\Program Files\Java
2008-03-07 21:05:28 0 d-------- C:\Program Files\Jasc Software Inc
2008-03-07 21:04:33 0 d-------- C:\Program Files\iTunes
2008-03-07 21:04:30 0 d-------- C:\Program Files\iPod
2008-03-07 21:04:27 0 d-------- C:\Program Files\Intel
2008-03-07 21:04:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-07 21:04:25 0 d-------- C:\Program Files\HP
2008-03-07 21:03:00 0 d-------- C:\Program Files\Google
2008-03-07 21:02:59 0 d-------- C:\Program Files\DivX
2008-03-07 21:02:58 0 d-------- C:\Program Files\DellSupport
2008-03-07 21:02:50 0 d-------- C:\Program Files\Dell
2008-03-07 21:02:50 0 d-------- C:\Program Files\Dell Computer
2008-03-07 21:02:38 0 d-------- C:\Program Files\CyberLink
2008-03-07 21:02:38 0 d-------- C:\Program Files\CorelPaintShopProX_
2008-03-07 21:01:48 0 d-------- C:\Program Files\CorelPaintShopProX
2008-03-07 21:00:39 0 d-------- C:\Program Files\Corel
2008-03-07 21:00:37 0 d-------- C:\Program Files\Connection Wizard
2008-03-07 21:00:36 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-07 21:00:36 0 d-------- C:\Program Files\Common Files\WhenU
2008-03-07 21:00:36 0 d-------- C:\Program Files\Common Files\Thraex Software
2008-03-07 21:00:29 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-03-07 21:00:29 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-07 21:00:29 0 d-------- C:\Program Files\Common Files\Real
2008-03-07 21:00:27 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-07 21:00:27 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-03-07 21:00:26 0 d-------- C:\Program Files\Common Files\NSV
2008-03-07 21:00:26 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-07 21:00:17 0 d-------- C:\Program Files\Common Files\Java
2008-03-07 21:00:17 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-07 21:00:10 0 d-------- C:\Program Files\Common Files\HP
2008-03-07 21:00:09 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-07 21:00:08 0 d-------- C:\Program Files\Common Files\Corel
2008-03-07 21:00:07 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-03-07 21:00:07 0 d-------- C:\Program Files\Common Files\aolshare
2008-03-07 21:00:05 0 d-------- C:\Program Files\Common Files\aolback
2008-03-07 21:00:04 0 d-------- C:\Program Files\Common Files\AOL
2008-03-07 20:59:39 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-07 20:59:39 0 d-------- C:\Program Files\Citrix
2008-03-07 20:59:39 0 d-------- C:\Program Files\BearShare
2008-03-07 20:59:37 0 d-------- C:\Program Files\AOL Companion
2008-03-07 20:59:37 0 d-------- C:\Program Files\AOD
2008-03-07 20:59:36 0 d-------- C:\Program Files\America Online 9.0c
2008-03-07 20:59:31 0 d-------- C:\Program Files\America Online 9.0b
2008-03-07 20:59:27 0 d-------- C:\Program Files\America Online 9.0a
2008-03-07 20:59:27 0 d-------- C:\Program Files\America Online 9.0
2008-03-07 20:59:15 0 d-------- C:\Program Files\AIM+
2008-03-07 20:59:15 0 d-------- C:\Program Files\AIM Toolbar
2008-03-07 20:59:14 0 d-------- C:\Program Files\AIM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
08/24/2007 11:51 PM 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
03/07/2008 11:01 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A98C34C6-A944-B922-7851-E9DA1F7785B7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [08/24/2007 11:51 PM 316784]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [08/13/2003 12:27 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1133723631\ee\AOLSoftware.exe" [11/02/2005 11:01 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 09:38 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [08/04/2003 06:28 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/14/2006 04:24 PM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [08/26/2003 09:47 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [08/02/2006 10:13 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/07/2004 12:39 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/14/2008 12:01 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [11/02/2006 05:45 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/21/2007 06:55 AM]
"NetZero_uoltray"="C:\Program Files\NetZero\exec.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0c\aoltray.exe [6/28/2005 6:54:13 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/16/2003 6:19:24 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork PLA DPS BFE mpssvc
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-03-19 17:16:48 ------------
  • 0

#20
Rorschach112
Posted 19 March 2008 - 04:55 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "C:\WINDOWS\system32\nujwjkwv6.exe"
  • Put a link to this topic in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:


    • C:\WINDOWS\system32\nujwjkwv6.exe

  • Click Open.
  • Click Post.
Thank you!




Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#21
nyychick2
Posted 19 March 2008 - 07:22 PM

nyychick2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
ComboFix 08-03-18.1 - Home 2008-03-19 20:19:43.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.137 [GMT -4:00]
Running from: C:\Users\Home\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\bszip.dll
C:\Windows\system32\uninsticn.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 23:26 --------- d-----w C:\ProgramData\Symantec
2008-03-15 15:51 --------- d-----w C:\Program Files\Trend Micro
2008-03-15 01:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-15 01:46 --------- d---a-w C:\ProgramData\TEMP
2008-03-15 01:44 --------- d-----w C:\Program Files\Enigma Software Group
2008-03-15 01:43 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-13 13:13 --------- d-----w C:\Program Files\Windows Mail
2008-03-13 13:01 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-13 13:01 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-08 21:33 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-08 21:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-08 20:49 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-03-08 20:49 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-03-08 20:49 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-03-08 20:49 --------- d-----w C:\Program Files\Symantec
2008-03-08 08:26 174 --sha-w C:\Program Files\desktop.ini
2008-03-08 08:12 --------- d-----w C:\Program Files\Windows Defender
2008-03-08 08:12 --------- d-----w C:\Program Files\Windows Calendar
2008-03-08 08:11 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-08 07:51 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-03-08 07:51 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-03-08 07:50 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-03-08 07:50 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-03-08 07:50 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-03-08 07:47 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-03-08 07:47 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-08 07:46 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-08 07:40 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-03-08 07:40 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-03-08 07:40 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-03-08 07:40 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-03-08 07:40 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-03-08 07:40 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-03-08 07:25 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-03-08 07:25 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-03-08 07:25 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-03-08 07:22 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-08 07:22 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-03-08 07:22 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-03-08 07:22 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-03-08 07:22 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-08 07:22 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-03-08 07:19 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-03-08 07:19 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-03-08 07:19 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-03-08 07:19 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2008-03-08 07:19 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-03-08 07:19 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-03-08 07:16 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-08 07:16 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-08 07:10 320,000 ----a-w C:\Windows\system32\drivers\csc.sys
2008-03-08 07:09 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 07:09 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 07:09 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 07:09 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 07:06 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-03-08 07:06 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-03-08 07:06 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-03-08 07:06 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-03-08 07:05 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
2008-03-08 07:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-03-08 01:23 --------- d-----w C:\Users\Home\AppData\Roaming\Webshots
2008-03-08 01:23 --------- d-----w C:\Users\Home\AppData\Roaming\WeatherBug
2008-03-08 01:23 --------- d-----w C:\Users\Home\AppData\Roaming\vlc
2008-03-08 01:23 --------- d-----w C:\Users\Home\AppData\Roaming\Viewpoint
2008-03-08 01:23 --------- d-----w C:\Users\Home\AppData\Roaming\Talkback
2008-03-08 01:23 --------- d-----w C:\Users\Home\AppData\Roaming\Symantec
2008-03-08 01:22 --------- d--h--w C:\Users\Home\AppData\Roaming\Move Networks
2008-03-08 01:22 --------- d-----w C:\Users\Home\AppData\Roaming\Sonic
2008-03-08 01:22 --------- d-----w C:\Users\Home\AppData\Roaming\Registry Defender
2008-03-08 01:22 --------- d-----w C:\Users\Home\AppData\Roaming\MSN6
2008-03-08 01:21 --------- d--h--w C:\Users\Home\AppData\Roaming\Gtek
2008-03-08 01:21 --------- d-----w C:\Users\Home\AppData\Roaming\Leadertech
2008-03-08 01:21 --------- d-----w C:\Users\Home\AppData\Roaming\Jasc Software Inc
2008-03-08 01:21 --------- d-----w C:\Users\Home\AppData\Roaming\Jasc
2008-03-08 01:21 --------- d-----w C:\Users\Home\AppData\Roaming\ICAClient
2008-03-08 01:21 --------- d-----w C:\Users\Home\AppData\Roaming\HotSync
2008-03-08 01:21 --------- d-----w C:\Users\Home\AppData\Roaming\ESPN
2008-03-08 01:21 --------- d-----w C:\Users\Home\AppData\Roaming\CyberLink
2008-03-08 01:21 --------- d-----w C:\Users\Home\AppData\Roaming\Corel Photo Album
2008-03-08 01:21 --------- d-----w C:\Users\Home\AppData\Roaming\Corel
2008-03-08 01:21 --------- d-----w C:\Users\Home\AppData\Roaming\Apple Computer
2008-03-08 01:21 --------- d-----w C:\Users\Home\AppData\Roaming\AOL
2008-03-08 01:20 --------- d-----w C:\Users\Home\AppData\Roaming\Aim
2008-03-08 01:20 --------- d-----w C:\Users\Home\AppData\Roaming\acccore
2008-03-08 01:09 --------- d-----w C:\Program Files\Your Company Name
2008-03-08 01:09 --------- d-----w C:\Program Files\WordPerfect Office 11
2008-03-08 01:09 --------- d-----w C:\Program Files\WildTangent
2008-03-08 01:09 --------- d-----w C:\Program Files\support.com
2008-03-08 01:08 --------- d-----w C:\Program Files\Real
2008-03-08 01:08 --------- d-----w C:\Program Files\QuickTime
2008-03-08 01:08 --------- d-----w C:\Program Files\PokerRoom.com
2008-03-08 01:08 --------- d-----w C:\Program Files\Photo Pos Pro
2008-03-08 01:08 --------- d-----w C:\Program Files\palmOne
2008-03-08 01:08 --------- d-----w C:\Program Files\Ofoto
2008-03-08 01:06 --------- d-----w C:\Program Files\NetZero
2008-03-08 01:06 --------- d-----w C:\Program Files\MUSICMATCH
2008-03-08 01:06 --------- d-----w C:\Program Files\Modem Helper
2008-03-08 01:06 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-08 01:06 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2006-08-09 01:55 152 --sha-r C:\Windows\System32\1EF6FB4423.sys
2006-08-23 04:50 5,852 --sha-w C:\Windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 23:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-07 23:01 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 23:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 23:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-11-02 05:45 8704]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 06:55 68856]
"NetZero_uoltray"="C:\Program Files\NetZero\exec.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 12:27 28672]
"HostManager"="C:\Program Files\Common Files\AOL\1133723631\ee\AOLSoftware.exe" [2005-11-02 23:01 50792]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38 241664]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 18:28 49152]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24 278528]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 21:47 204800]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-02 22:13 282624]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-01-07 00:39 151597]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 12:01 51048]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0c\aoltray.exe [2005-06-28 18:54:13 36953]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 06:19:24 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\\Program Files\\AIM\\aim.exe"= C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"= C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe-UDP-Domain"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe-TCP-Domain"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe-UDP-Domain"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe-TCP-Domain"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:AOL
"C:\\Program Files\\AIM\\aim.exe-UDP-Domain"= TCP:C:\Program Files\AIM\aim.exe:AOL Instant Messenger
"C:\\Program Files\\AIM\\aim.exe-TCP-Domain"= UDP:C:\Program Files\AIM\aim.exe:AOL Instant Messenger
"%windir%\\Network Diagnostic\\xpnetdiag.exe-UDP-Domain"= TCP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\\Network Diagnostic\\xpnetdiag.exe-TCP-Domain"= UDP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"C:\\XP_FixWinpack.exe-UDP-Standard"= TCP:Profile=Public|C:\XP_FixWinpack.exe:XP_FixWinpack
"C:\\XP_FixWinpack.exe-TCP-Standard"= UDP:Profile=Public|C:\XP_FixWinpack.exe:XP_FixWinpack
"C:\\WINDOWS\\SYSTEM32\\smsc.exe-UDP-Standard"= TCP:Profile=Public|C:\WINDOWS\SYSTEM32\smsc.exe:smsc
"C:\\WINDOWS\\SYSTEM32\\smsc.exe-TCP-Standard"= UDP:Profile=Public|C:\WINDOWS\SYSTEM32\smsc.exe:smsc
"C:\\WINDOWS\\SYSTEM32\\rnhtfans.exe-UDP-Standard"= TCP:Profile=Public|C:\WINDOWS\SYSTEM32\rnhtfans.exe:rnhtfans
"C:\\WINDOWS\\SYSTEM32\\rnhtfans.exe-TCP-Standard"= UDP:Profile=Public|C:\WINDOWS\SYSTEM32\rnhtfans.exe:rnhtfans
"C:\\WINDOWS\\system32-UDP-Standard"= TCP:Profile=Public|C:\WINDOWS\system32:lockx
"C:\\WINDOWS\\system32-TCP-Standard"= UDP:Profile=Public|C:\WINDOWS\system32:lockx
"C:\\Program Files\\LimeWire\\LimeWire.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"C:\\Program Files\\LimeWire\\LimeWire.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"C:\\Program Files\\iTunes\\iTunes.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\iTunes\iTunes.exe:iTunes
"C:\\Program Files\\iTunes\\iTunes.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\iTunes\iTunes.exe:iTunes
"C:\\Program Files\\Internet Explorer\\iexplore.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Internet Explorer\iexplore.exe:Internet Explorer
"C:\\Program Files\\Internet Explorer\\iexplore.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Internet Explorer\iexplore.exe:Internet Explorer
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"C:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe:Jasc Paint Shop Photo Album Application
"C:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe:Jasc Paint Shop Photo Album Application
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:AOL
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:AOLTsMon
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:AOLTsMon
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:AOLTopSpeed
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:AOLTopSpeed
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Common Files\AOL\System Information\sinf.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Common Files\AOL\System Information\sinf.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Application Loader
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Application Loader
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\1110582691\\EE\\AOLServiceHost.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Common Files\AOL\1110582691\EE\AOLServiceHost.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\1110582691\\EE\\AOLServiceHost.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Common Files\AOL\1110582691\EE\AOLServiceHost.exe:AOL
"C:\\Program Files\\America Online 9.0a\\waol.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\America Online 9.0a\waol.exe:AOL
"C:\\Program Files\\America Online 9.0a\\waol.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\America Online 9.0a\waol.exe:AOL
"C:\\Program Files\\AIM\\AIM95_c2\\aim.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\AIM\AIM95_c2\aim.exe:AOL Instant Messenger
"C:\\Program Files\\AIM\\AIM95_c2\\aim.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\AIM\AIM95_c2\aim.exe:AOL Instant Messenger
"C:\\Program Files\\AIM\\AIM95_c1\\aim.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\AIM\AIM95_c1\aim.exe:AOL Instant Messenger
"C:\\Program Files\\AIM\\AIM95_c1\\aim.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\AIM\AIM95_c1\aim.exe:AOL Instant Messenger
"C:\\Program Files\\AIM\\AIM95_c0\\aim.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\AIM\AIM95_c0\aim.exe:AOL Instant Messenger
"C:\\Program Files\\AIM\\AIM95_c0\\aim.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\AIM\AIM95_c0\aim.exe:AOL Instant Messenger
"C:\\Program Files\\AIM\\aim.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\AIM\aim.exe:AOL Instant Messenger
"C:\\Program Files\\AIM\\aim.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\AIM\aim.exe:AOL Instant Messenger
"%windir%\\Network Diagnostic\\xpnetdiag.exe-UDP-Standard"= TCP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\\Network Diagnostic\\xpnetdiag.exe-TCP-Standard"= UDP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\\Program Files\\AIM\\aim.exe"= C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"C:\\Program Files\\AIM\\AIM95_c0\\aim.exe"= C:\Program Files\AIM\AIM95_c0\aim.exe:*:Enabled:AOL Instant Messenger
"C:\\Program Files\\AIM\\AIM95_c1\\aim.exe"= C:\Program Files\AIM\AIM95_c1\aim.exe:*:Enabled:AOL Instant Messenger
"C:\\Program Files\\AIM\\AIM95_c2\\aim.exe"= C:\Program Files\AIM\AIM95_c2\aim.exe:*:Enabled:AOL Instant Messenger
"C:\\Program Files\\America Online 9.0a\\waol.exe"= C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL
"C:\\Program Files\\Common Files\\AOL\\1110582691\\EE\\AOLHostManager.exe"= C:\Program Files\Common Files\AOL\1110582691\EE\AOLHostManager.exe:*:Disabled:AOLHostManager Service
"C:\\Program Files\\Common Files\\AOL\\1110582691\\EE\\AOLServiceHost.exe"= C:\Program Files\Common Files\AOL\1110582691\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"= C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"C:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"= C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe:*:Enabled:Jasc Paint Shop Photo Album Application
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
"C:\\Program Files\\iTunes\\iTunes.exe"= C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
"C:\\Program Files\\LimeWire\\LimeWire.exe"= C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\\Program Files\\Save\\Save.exe"= C:\Program Files\Save\Save.exe:*:Disabled:Save!
"C:\\WINDOWS\\system32"= C:\WINDOWS\system32:*:Enabled:lockx
"C:\\WINDOWS\\SYSTEM32\\rnhtfans.exe"= C:\WINDOWS\SYSTEM32\rnhtfans.exe:*:Enabled:rnhtfans
"C:\\WINDOWS\\SYSTEM32\\smsc.exe"= C:\WINDOWS\SYSTEM32\smsc.exe:*:Enabled:smsc
"C:\\XP_FixWinpack.exe"= C:\XP_FixWinpack.exe:*:Enabled:XP_FixWinpack

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080314.001\IDSvix86.sys [2008-02-13 12:18]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-01-12 19:32]
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 20:27]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 16:50]
S2 sawadtww6;myivqjirjkoj;C:\WINDOWS\system32\nujwjkwv6.exe [2005-03-16 22:14]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" []
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 20:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-18 00:38:11 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Home.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 20:29:29
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-19 20:41:37
ComboFix-quarantined-files.txt 2008-03-20 00:41:28
.
2008-03-19 09:23:13 --- E O F ---

Edited by nyychick2, 19 March 2008 - 07:23 PM.

  • 0

#22
nyychick2
Posted 19 March 2008 - 07:23 PM

nyychick2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Deckard's System Scanner v20071014.68
Run by Home on 2008-03-19 21:23:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (1024 MiB recommended).


-- HijackThis (run as Home.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:23 PM, on 3/19/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\DSentry.exe
C:\Program Files\Common Files\AOL\1133723631\ee\aolsoftware.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\hpwuSchd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Home\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Home.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\toolbar.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133723631\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - (no file) (HKCU)
O13 - Gopher Prefix:
O15 - Trusted Zone: admissions.nyu.edu
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictive...ab/1w2fcksh.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft....ayx_vp3_mp3.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontec...2ie06101001.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driver...driveragent.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: myivqjirjkoj (sawadtww6) - Unknown owner - C:\WINDOWS\system32\nujwjkwv6.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 9035 bytes

-- Files created between 2008-02-19 and 2008-03-19 -----------------------------

2008-03-19 20:17:18 68096 --a------ C:\Windows\system32\zip.exe
2008-03-19 20:17:18 98816 --a------ C:\Windows\system32\sed.exe
2008-03-19 20:17:18 80412 --a------ C:\Windows\system32\grep.exe
2008-03-19 20:17:17 73728 --a------ C:\Windows\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-15 11:51:42 0 d-------- C:\Program Files\Trend Micro
2008-03-14 21:29:37 3612 --a------ C:\Windows\system32\tmp.reg
2008-03-14 21:29:02 25600 --a------ C:\Windows\system32\WS2Fix.exe
2008-03-14 21:29:02 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-14 21:29:02 82432 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-14 21:24:39 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-14 21:24:38 51200 --a------ C:\Windows\system32\dumphive.exe
2008-03-14 21:24:36 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-14 21:24:36 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-08 21:23:10 0 d-------- C:\Users\Home\.housecall6.6
2008-03-07 23:35:53 0 d-------- C:\Windows\Panther
2008-03-07 23:10:47 0 d--h----- C:\$WINDOWS.~Q
2008-03-07 22:56:18 0 d--h----- C:\$INPLACE.~TR
2008-03-07 22:35:09 0 d-------- C:\Program Files\Norton Internet Security
2008-03-07 22:11:38 0 dr------- C:\Users\Home\Searches
2008-03-07 22:11:21 0 dr------- C:\Users\Home\Contacts
2008-03-07 21:48:22 22668 --a------ C:\Windows\system32\emptyregdb.dat
2008-03-07 21:33:20 0 d-------- C:\Users\Default\video
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\Templates
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\Start Menu
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\SendTo
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\Recent
2008-03-07 20:52:32 0 d--h----- C:\Users\Bhavini\PrintHood
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\NetHood
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\My Documents
2008-03-07 20:52:32 0 dr------- C:\Users\Bhavini\Music
2008-03-07 20:52:32 0 d--h----- C:\Users\Bhavini\Local Settings
2008-03-07 20:52:32 0 dr------- C:\Users\Bhavini\Links
2008-03-07 20:52:32 0 dr------- C:\Users\Bhavini\Favorites
2008-03-07 20:52:32 0 dr------- C:\Users\Bhavini\Downloads
2008-03-07 20:52:32 0 dr------- C:\Users\Bhavini\Documents
2008-03-07 20:52:32 0 dr------- C:\Users\Bhavini\Desktop
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\Cookies
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\Application Data
2008-03-07 20:52:32 0 d--h----- C:\Users\Bhavini\AppData
2008-03-07 20:52:31 0 dr------- C:\Users\Bhavini\Videos
2008-03-07 20:52:31 0 d-------- C:\Users\Bhavini\Saved Games
2008-03-07 20:52:31 0 dr------- C:\Users\Bhavini\Pictures
2008-03-07 20:52:31 2105344 --a------ C:\Users\Bhavini\NTUSER.DAT
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\Templates
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\Start Menu
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\SendTo
2008-03-07 20:52:27 0 d-------- C:\Users\Minal\Saved Games
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\Recent
2008-03-07 20:52:27 0 d--h----- C:\Users\Minal\PrintHood
2008-03-07 20:52:27 0 dr------- C:\Users\Minal\Pictures
2008-03-07 20:52:27 2748416 --a------ C:\Users\Minal\NTUSER.DAT
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\NetHood
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\My Documents
2008-03-07 20:52:27 0 d--h----- C:\Users\Minal\Local Settings
2008-03-07 20:52:27 0 dr------- C:\Users\Minal\Links
2008-03-07 20:52:27 0 dr------- C:\Users\Minal\Favorites
2008-03-07 20:52:27 0 dr------- C:\Users\Minal\Downloads
2008-03-07 20:52:27 0 dr------- C:\Users\Minal\Documents
2008-03-07 20:52:27 0 dr------- C:\Users\Minal\Desktop
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\Cookies
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\Application Data
2008-03-07 20:52:27 0 d--h----- C:\Users\Minal\AppData
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\Templates
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\Start Menu
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\SendTo
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\Recent
2008-03-07 20:52:23 0 d--h----- C:\Users\Home\PrintHood
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\NetHood
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\My Documents
2008-03-07 20:52:23 0 d--h----- C:\Users\Home\Local Settings
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\Cookies
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\Application Data
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Saved Games
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Pictures
2008-03-07 20:52:22 3670016 --ahs---- C:\Users\Home\NTUSER.DAT
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Music
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Links
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Favorites
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Downloads
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Documents
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Desktop
2008-03-07 20:52:22 0 d--h----- C:\Users\Home\AppData
2008-03-07 20:50:18 0 d-------- C:\Windows\system32\URTTEMP
2008-03-07 20:50:05 0 d--hs---- C:\Windows\Installer
2008-03-07 20:45:56 0 d-------- C:\Windows\system32\catroot2
2008-03-07 20:45:28 0 d-------- C:\Windows\Debug
2008-03-07 20:45:27 0 d-------- C:\Windows\CSC
2008-03-07 20:36:56 0 d-------- C:\Windows\Prefetch
2008-03-07 19:49:51 0 d--hs---- C:\Boot
2008-03-07 19:10:36 0 d------c- C:\Windows\system32\DRVSTORE
2008-03-03 01:09:18 0 d-------- C:\Program Files\Enigma Software Group
2008-03-02 19:14:43 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-02 17:31:30 0 d-------- C:\Program Files\Common Files\Download Manager
2008-03-02 00:01:22 0 d-a------ C:\Users\All Users\TEMP


-- Find3M Report ---------------------------------------------------------------

2008-03-13 09:13:49 0 d-------- C:\Program Files\Windows Mail
2008-03-08 21:04:53 9826 --a------ C:\Windows\mozver.dat
2008-03-08 17:33:27 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-08 16:49:29 0 d-------- C:\Program Files\Symantec
2008-03-08 04:26:29 174 --ahs---- C:\Program Files\desktop.ini
2008-03-08 04:12:23 0 d-------- C:\Program Files\Windows Calendar
2008-03-08 04:12:09 0 d-------- C:\Program Files\Windows Defender
2008-03-08 04:11:56 0 d-------- C:\Program Files\Windows Sidebar
2008-03-07 23:01:39 0 d-------- C:\Program Files\Common Files
2008-03-07 21:23:04 0 d-------- C:\Users\Home\AppData\Roaming\Webshots
2008-03-07 21:23:01 0 d-------- C:\Users\Home\AppData\Roaming\WeatherBug
2008-03-07 21:23:01 0 d-------- C:\Users\Home\AppData\Roaming\vlc
2008-03-07 21:23:01 0 d-------- C:\Users\Home\AppData\Roaming\Viewpoint
2008-03-07 21:23:00 0 d-------- C:\Users\Home\AppData\Roaming\Talkback
2008-03-07 21:23:00 0 d-------- C:\Users\Home\AppData\Roaming\Symantec
2008-03-07 21:22:17 0 d-------- C:\Users\Home\AppData\Roaming\Sun
2008-03-07 21:22:17 0 d-------- C:\Users\Home\AppData\Roaming\Sonic
2008-03-07 21:22:17 0 d-------- C:\Users\Home\AppData\Roaming\Registry Defender
2008-03-07 21:22:17 0 d-------- C:\Users\Home\AppData\Roaming\Real
2008-03-07 21:22:15 0 d-------- C:\Users\Home\AppData\Roaming\MSN6
2008-03-07 21:22:15 0 d-------- C:\Users\Home\AppData\Roaming\Mozilla
2008-03-07 21:22:13 0 d--h----- C:\Users\Home\AppData\Roaming\Move Networks
2008-03-07 21:21:29 0 d-------- C:\Users\Home\AppData\Roaming\Macromedia
2008-03-07 21:21:29 0 d-------- C:\Users\Home\AppData\Roaming\Leadertech
2008-03-07 21:21:29 0 d-------- C:\Users\Home\AppData\Roaming\Jasc Software Inc
2008-03-07 21:21:28 0 d-------- C:\Users\Home\AppData\Roaming\Jasc
2008-03-07 21:21:28 0 d-------- C:\Users\Home\AppData\Roaming\Identities
2008-03-07 21:21:28 0 d-------- C:\Users\Home\AppData\Roaming\ICAClient
2008-03-07 21:21:28 0 d-------- C:\Users\Home\AppData\Roaming\HotSync
2008-03-07 21:21:28 0 d--h----- C:\Users\Home\AppData\Roaming\Gtek
2008-03-07 21:21:28 0 d-------- C:\Users\Home\AppData\Roaming\Google
2008-03-07 21:21:27 0 d-------- C:\Users\Home\AppData\Roaming\ESPN
2008-03-07 21:21:27 0 d-------- C:\Users\Home\AppData\Roaming\CyberLink
2008-03-07 21:21:27 0 d-------- C:\Users\Home\AppData\Roaming\Corel
2008-03-07 21:21:27 0 d-------- C:\Users\Home\AppData\Roaming\Corel Photo Album
2008-03-07 21:21:25 0 d-------- C:\Users\Home\AppData\Roaming\Apple Computer
2008-03-07 21:21:25 0 d-------- C:\Users\Home\AppData\Roaming\AOL
2008-03-07 21:20:47 0 d-------- C:\Users\Home\AppData\Roaming\Aim
2008-03-07 21:20:47 0 d-------- C:\Users\Home\AppData\Roaming\Adobe
2008-03-07 21:20:47 0 d-------- C:\Users\Home\AppData\Roaming\acccore
2008-03-07 21:09:39 0 d-------- C:\Program Files\Your Company Name
2008-03-07 21:09:37 0 d-------- C:\Program Files\WordPerfect Office 11
2008-03-07 21:09:13 0 d-------- C:\Program Files\WildTangent
2008-03-07 21:09:06 0 d-------- C:\Program Files\support.com
2008-03-07 21:08:57 0 d-------- C:\Program Files\Real
2008-03-07 21:08:56 0 d-------- C:\Program Files\QuickTime
2008-03-07 21:08:42 0 d-------- C:\Program Files\PokerRoom.com
2008-03-07 21:08:42 0 d-------- C:\Program Files\Photo Pos Pro
2008-03-07 21:08:41 0 d-------- C:\Program Files\palmOne
2008-03-07 21:08:37 0 d-------- C:\Program Files\Ofoto
2008-03-07 21:06:25 0 d-------- C:\Program Files\NetZero
2008-03-07 21:06:22 0 d-------- C:\Program Files\MUSICMATCH
2008-03-07 21:06:22 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-07 21:06:17 0 d-------- C:\Program Files\Modem Helper
2008-03-07 21:06:00 0 d-------- C:\Program Files\microsoft frontpage
2008-03-07 21:06:00 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-07 21:06:00 0 d-------- C:\Program Files\McAfee.com
2008-03-07 21:06:00 0 d-------- C:\Program Files\MasqueAIM
2008-03-07 21:05:59 0 d-------- C:\Program Files\Learn2.com
2008-03-07 21:05:48 0 d-------- C:\Program Files\Java
2008-03-07 21:05:28 0 d-------- C:\Program Files\Jasc Software Inc
2008-03-07 21:04:33 0 d-------- C:\Program Files\iTunes
2008-03-07 21:04:30 0 d-------- C:\Program Files\iPod
2008-03-07 21:04:27 0 d-------- C:\Program Files\Intel
2008-03-07 21:04:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-07 21:04:25 0 d-------- C:\Program Files\HP
2008-03-07 21:03:00 0 d-------- C:\Program Files\Google
2008-03-07 21:02:59 0 d-------- C:\Program Files\DivX
2008-03-07 21:02:58 0 d-------- C:\Program Files\DellSupport
2008-03-07 21:02:50 0 d-------- C:\Program Files\Dell
2008-03-07 21:02:50 0 d-------- C:\Program Files\Dell Computer
2008-03-07 21:02:38 0 d-------- C:\Program Files\CyberLink
2008-03-07 21:02:38 0 d-------- C:\Program Files\CorelPaintShopProX_
2008-03-07 21:01:48 0 d-------- C:\Program Files\CorelPaintShopProX
2008-03-07 21:00:39 0 d-------- C:\Program Files\Corel
2008-03-07 21:00:37 0 d-------- C:\Program Files\Connection Wizard
2008-03-07 21:00:36 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-07 21:00:36 0 d-------- C:\Program Files\Common Files\WhenU
2008-03-07 21:00:36 0 d-------- C:\Program Files\Common Files\Thraex Software
2008-03-07 21:00:29 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-03-07 21:00:29 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-07 21:00:29 0 d-------- C:\Program Files\Common Files\Real
2008-03-07 21:00:27 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-07 21:00:27 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-03-07 21:00:26 0 d-------- C:\Program Files\Common Files\NSV
2008-03-07 21:00:26 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-07 21:00:17 0 d-------- C:\Program Files\Common Files\Java
2008-03-07 21:00:17 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-07 21:00:10 0 d-------- C:\Program Files\Common Files\HP
2008-03-07 21:00:09 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-07 21:00:08 0 d-------- C:\Program Files\Common Files\Corel
2008-03-07 21:00:07 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-03-07 21:00:07 0 d-------- C:\Program Files\Common Files\aolshare
2008-03-07 21:00:05 0 d-------- C:\Program Files\Common Files\aolback
2008-03-07 21:00:04 0 d-------- C:\Program Files\Common Files\AOL
2008-03-07 20:59:39 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-07 20:59:39 0 d-------- C:\Program Files\Citrix
2008-03-07 20:59:39 0 d-------- C:\Program Files\BearShare
2008-03-07 20:59:37 0 d-------- C:\Program Files\AOL Companion
2008-03-07 20:59:37 0 d-------- C:\Program Files\AOD
2008-03-07 20:59:36 0 d-------- C:\Program Files\America Online 9.0c
2008-03-07 20:59:31 0 d-------- C:\Program Files\America Online 9.0b
2008-03-07 20:59:27 0 d-------- C:\Program Files\America Online 9.0a
2008-03-07 20:59:27 0 d-------- C:\Program Files\America Online 9.0
2008-03-07 20:59:15 0 d-------- C:\Program Files\AIM+
2008-03-07 20:59:15 0 d-------- C:\Program Files\AIM Toolbar
2008-03-07 20:59:14 0 d-------- C:\Program Files\AIM


-- Registry Dump ---------------------------------------------------------------

Unable to run batchfile; The system cannot find the file specified.
ComSpec: C:\Windows\system32\CF8415.exe


-- End of Deckard's System Scanner: finished at 2008-03-19 21:23:58 ------------
  • 0

#23
Rorschach112
Posted 19 March 2008 - 07:26 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\nujwjkwv6.exe

Driver::
sawadtww6


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Reboot and post a new HijackThis log
  • 0

#24
nyychick2
Posted 20 March 2008 - 12:33 PM

nyychick2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
ComboFix 08-03-18.1 - Home 2008-03-20 14:14:14.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.143 [GMT -4:00]
Running from: C:\Users\Home\Desktop\ComboFix.exe
Command switches used :: C:\Users\Home\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\nujwjkwv6.exe
.
TimedOut: Windir.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\nujwjkwv6.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SAWADTWW6
-------\Service_sawadtww6


((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 17:45 --------- d-----w C:\ProgramData\Symantec
2008-03-15 15:51 --------- d-----w C:\Program Files\Trend Micro
2008-03-15 01:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-15 01:46 --------- d---a-w C:\ProgramData\TEMP
2008-03-15 01:44 --------- d-----w C:\Program Files\Enigma Software Group
2008-03-15 01:43 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-15 01:29 3,612 ----a-w C:\Windows\System32\tmp.reg
2008-03-14 13:09 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-03-13 13:13 --------- d-----w C:\Program Files\Windows Mail
2008-03-13 13:01 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-13 13:01 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-08 21:33 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-08 21:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-08 20:49 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-03-08 20:49 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-03-08 20:49 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-03-08 20:49 --------- d-----w C:\Program Files\Symantec
2008-03-08 08:26 174 --sha-w C:\Program Files\desktop.ini
2008-03-08 08:12 --------- d-----w C:\Program Files\Windows Defender
2008-03-08 08:12 --------- d-----w C:\Program Files\Windows Calendar
2008-03-08 08:11 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-08 07:51 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-03-08 07:51 77,824 ----a-w C:\Windows\System32\rascfg.dll
2008-03-08 07:51 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2008-03-08 07:51 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-03-08 07:51 22,016 ----a-w C:\Windows\System32\rasser.dll
2008-03-08 07:51 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-03-08 07:49 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-03-08 07:49 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-03-08 07:49 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-03-08 07:48 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-03-08 07:47 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-03-08 07:47 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-03-08 07:47 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-03-08 07:47 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-03-08 07:47 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-03-08 07:47 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-03-08 07:47 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-03-08 07:47 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-03-08 07:47 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-08 07:47 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-03-08 07:46 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-08 07:46 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-08 07:44 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-03-08 07:44 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-03-08 07:31 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-03-08 07:29 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-03-08 07:27 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-08 07:27 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-08 07:27 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-08 07:27 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-08 07:25 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-03-08 07:25 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-03-08 07:25 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-03-08 07:25 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-03-08 07:25 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-03-08 07:25 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-03-08 07:25 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-03-08 07:25 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-03-08 07:25 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-03-08 07:22 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-08 07:22 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-08 07:22 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-08 07:22 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-03-08 07:22 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-03-08 07:22 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-03-08 07:22 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-08 07:22 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-03-08 07:21 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-03-08 07:20 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-08 07:19 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-03-08 07:19 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-03-08 07:19 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-03-08 07:19 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-03-08 07:19 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-03-08 07:19 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2008-03-08 07:19 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-03-08 07:19 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-03-08 07:16 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-08 07:16 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-08 07:16 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-08 07:16 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-08 07:16 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-08 07:15 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-08 07:14 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-08 07:14 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-08 07:13 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-03-08 07:13 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-03-08 07:13 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-03-08 07:13 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-03-08 07:13 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-03-08 07:13 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-03-08 07:13 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-03-08 07:13 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-03-08 07:13 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-03-08 07:12 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-03-08 07:09 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-03-08 07:09 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-03-08 07:09 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 07:09 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2006-08-09 01:55 152 --sha-r C:\Windows\System32\1EF6FB4423.sys
2006-08-23 04:50 5,852 --sha-w C:\Windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-03-19_20.41.03.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-19 21:10:41 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-20 18:24:36 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2000-08-31 12:00:00 163,328 ----a-w C:\Windows\ERDNT\subs\ERDNT.EXE
+ 2004-07-15 06:49:16 258,048 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1048\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1048\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1048\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1048\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1048\_mscorlib.dll
+ 2003-02-21 00:09:18 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1048\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1048\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1048\_mscorwks.dll
+ 2003-02-21 09:42:22 348,160 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1048\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1048\_PerfCounter.dll
- 2008-03-19 21:12:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-20 18:25:32 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-20 18:25:32 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-03-19 21:12:46 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-20 18:25:32 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-20 18:25:32 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-03-19 23:25:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-20 17:44:31 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-19 23:25:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-20 17:44:31 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-19 23:25:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-20 17:44:31 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-19 21:13:13 5,604 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4125837550-2163220547-2190492486-1009_UserData.bin
+ 2008-03-20 13:34:33 5,752 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4125837550-2163220547-2190492486-1009_UserData.bin
- 2008-03-19 21:13:13 48,404 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-20 13:34:32 48,420 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-19 21:13:08 28,016 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-20 13:34:30 28,812 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 23:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-07 23:01 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 23:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 23:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-11-02 05:45 8704]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 06:55 68856]
"NetZero_uoltray"="C:\Program Files\NetZero\exec.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 12:27 28672]
"HostManager"="C:\Program Files\Common Files\AOL\1133723631\ee\AOLSoftware.exe" [2005-11-02 23:01 50792]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38 241664]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 18:28 49152]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24 278528]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 21:47 204800]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-02 22:13 282624]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-01-07 00:39 151597]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 12:01 51048]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0c\aoltray.exe [2005-06-28 18:54:13 36953]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 06:19:24 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\\Program Files\\AIM\\aim.exe"= C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"= C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe-UDP-Domain"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe-TCP-Domain"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe-UDP-Domain"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe-TCP-Domain"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:AOL
"C:\\Program Files\\AIM\\aim.exe-UDP-Domain"= TCP:C:\Program Files\AIM\aim.exe:AOL Instant Messenger
"C:\\Program Files\\AIM\\aim.exe-TCP-Domain"= UDP:C:\Program Files\AIM\aim.exe:AOL Instant Messenger
"%windir%\\Network Diagnostic\\xpnetdiag.exe-UDP-Domain"= TCP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\\Network Diagnostic\\xpnetdiag.exe-TCP-Domain"= UDP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"C:\\XP_FixWinpack.exe-UDP-Standard"= TCP:Profile=Public|C:\XP_FixWinpack.exe:XP_FixWinpack
"C:\\XP_FixWinpack.exe-TCP-Standard"= UDP:Profile=Public|C:\XP_FixWinpack.exe:XP_FixWinpack
"C:\\WINDOWS\\SYSTEM32\\smsc.exe-UDP-Standard"= TCP:Profile=Public|C:\WINDOWS\SYSTEM32\smsc.exe:smsc
"C:\\WINDOWS\\SYSTEM32\\smsc.exe-TCP-Standard"= UDP:Profile=Public|C:\WINDOWS\SYSTEM32\smsc.exe:smsc
"C:\\WINDOWS\\SYSTEM32\\rnhtfans.exe-UDP-Standard"= TCP:Profile=Public|C:\WINDOWS\SYSTEM32\rnhtfans.exe:rnhtfans
"C:\\WINDOWS\\SYSTEM32\\rnhtfans.exe-TCP-Standard"= UDP:Profile=Public|C:\WINDOWS\SYSTEM32\rnhtfans.exe:rnhtfans
"C:\\WINDOWS\\system32-UDP-Standard"= TCP:Profile=Public|C:\WINDOWS\system32:lockx
"C:\\WINDOWS\\system32-TCP-Standard"= UDP:Profile=Public|C:\WINDOWS\system32:lockx
"C:\\Program Files\\LimeWire\\LimeWire.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"C:\\Program Files\\LimeWire\\LimeWire.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"C:\\Program Files\\iTunes\\iTunes.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\iTunes\iTunes.exe:iTunes
"C:\\Program Files\\iTunes\\iTunes.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\iTunes\iTunes.exe:iTunes
"C:\\Program Files\\Internet Explorer\\iexplore.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Internet Explorer\iexplore.exe:Internet Explorer
"C:\\Program Files\\Internet Explorer\\iexplore.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Internet Explorer\iexplore.exe:Internet Explorer
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"C:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe:Jasc Paint Shop Photo Album Application
"C:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe:Jasc Paint Shop Photo Album Application
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:AOL
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:AOLTsMon
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:AOLTsMon
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:AOLTopSpeed
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:AOLTopSpeed
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Common Files\AOL\System Information\sinf.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Common Files\AOL\System Information\sinf.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Application Loader
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Application Loader
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\1110582691\\EE\\AOLServiceHost.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Common Files\AOL\1110582691\EE\AOLServiceHost.exe:AOL
"C:\\Program Files\\Common Files\\AOL\\1110582691\\EE\\AOLServiceHost.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Common Files\AOL\1110582691\EE\AOLServiceHost.exe:AOL
"C:\\Program Files\\America Online 9.0a\\waol.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\America Online 9.0a\waol.exe:AOL
"C:\\Program Files\\America Online 9.0a\\waol.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\America Online 9.0a\waol.exe:AOL
"C:\\Program Files\\AIM\\AIM95_c2\\aim.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\AIM\AIM95_c2\aim.exe:AOL Instant Messenger
"C:\\Program Files\\AIM\\AIM95_c2\\aim.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\AIM\AIM95_c2\aim.exe:AOL Instant Messenger
"C:\\Program Files\\AIM\\AIM95_c1\\aim.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\AIM\AIM95_c1\aim.exe:AOL Instant Messenger
"C:\\Program Files\\AIM\\AIM95_c1\\aim.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\AIM\AIM95_c1\aim.exe:AOL Instant Messenger
"C:\\Program Files\\AIM\\AIM95_c0\\aim.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\AIM\AIM95_c0\aim.exe:AOL Instant Messenger
"C:\\Program Files\\AIM\\AIM95_c0\\aim.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\AIM\AIM95_c0\aim.exe:AOL Instant Messenger
"C:\\Program Files\\AIM\\aim.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\AIM\aim.exe:AOL Instant Messenger
"C:\\Program Files\\AIM\\aim.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\AIM\aim.exe:AOL Instant Messenger
"%windir%\\Network Diagnostic\\xpnetdiag.exe-UDP-Standard"= TCP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\\Network Diagnostic\\xpnetdiag.exe-TCP-Standard"= UDP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\\Program Files\\AIM\\aim.exe"= C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"C:\\Program Files\\AIM\\AIM95_c0\\aim.exe"= C:\Program Files\AIM\AIM95_c0\aim.exe:*:Enabled:AOL Instant Messenger
"C:\\Program Files\\AIM\\AIM95_c1\\aim.exe"= C:\Program Files\AIM\AIM95_c1\aim.exe:*:Enabled:AOL Instant Messenger
"C:\\Program Files\\AIM\\AIM95_c2\\aim.exe"= C:\Program Files\AIM\AIM95_c2\aim.exe:*:Enabled:AOL Instant Messenger
"C:\\Program Files\\America Online 9.0a\\waol.exe"= C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL
"C:\\Program Files\\Common Files\\AOL\\1110582691\\EE\\AOLHostManager.exe"= C:\Program Files\Common Files\AOL\1110582691\EE\AOLHostManager.exe:*:Disabled:AOLHostManager Service
"C:\\Program Files\\Common Files\\AOL\\1110582691\\EE\\AOLServiceHost.exe"= C:\Program Files\Common Files\AOL\1110582691\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"= C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"C:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"= C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe:*:Enabled:Jasc Paint Shop Photo Album Application
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
"C:\\Program Files\\iTunes\\iTunes.exe"= C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
"C:\\Program Files\\LimeWire\\LimeWire.exe"= C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\\Program Files\\Save\\Save.exe"= C:\Program Files\Save\Save.exe:*:Disabled:Save!
"C:\\WINDOWS\\system32"= C:\WINDOWS\system32:*:Enabled:lockx
"C:\\WINDOWS\\SYSTEM32\\rnhtfans.exe"= C:\WINDOWS\SYSTEM32\rnhtfans.exe:*:Enabled:rnhtfans
"C:\\WINDOWS\\SYSTEM32\\smsc.exe"= C:\WINDOWS\SYSTEM32\smsc.exe:*:Enabled:smsc
"C:\\XP_FixWinpack.exe"= C:\XP_FixWinpack.exe:*:Enabled:XP_FixWinpack

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080314.001\IDSvix86.sys [2008-02-13 12:18]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 20:27]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 16:50]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" []
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-01-12 19:32]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 20:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-18 00:38:11 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Home.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 14:25:46
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
.
**************************************************************************
.
Completion time: 2008-03-20 14:33:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-20 18:32:50
ComboFix2.txt 2008-03-20 00:41:39
.
2008-03-20 08:51:40 --- E O F ---
  • 0

#25
nyychick2
Posted 20 March 2008 - 12:35 PM

nyychick2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Deckard's System Scanner v20071014.68
Run by Home on 2008-03-20 14:35:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 510 MiB (1024 MiB recommended).


-- HijackThis (run as Home.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:35:56 PM, on 3/20/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DSentry.exe
C:\Program Files\Common Files\AOL\1133723631\ee\aolsoftware.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\hpwuSchd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\Explorer.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Home\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Home.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\toolbar.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133723631\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - (no file) (HKCU)
O13 - Gopher Prefix:
O15 - Trusted Zone: admissions.nyu.edu
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictive...ab/1w2fcksh.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft....ayx_vp3_mp3.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontec...2ie06101001.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driver...driveragent.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 8796 bytes

-- Files created between 2008-02-20 and 2008-03-20 -----------------------------

2008-03-20 14:33:11 6736 --a------ C:\Windows\system32\drivers\PROCEXP90.SYS <Not Verified; Sysinternals - www.sysinternals.com; Process Explorer>
2008-03-19 20:17:18 68096 --a------ C:\Windows\system32\zip.exe
2008-03-19 20:17:18 98816 --a------ C:\Windows\system32\sed.exe
2008-03-19 20:17:18 80412 --a------ C:\Windows\system32\grep.exe
2008-03-19 20:17:17 73728 --a------ C:\Windows\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-15 11:51:42 0 d-------- C:\Program Files\Trend Micro
2008-03-14 21:29:37 3612 --a------ C:\Windows\system32\tmp.reg
2008-03-14 21:29:02 25600 --a------ C:\Windows\system32\WS2Fix.exe
2008-03-14 21:29:02 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-14 21:29:02 82432 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-14 21:24:39 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-14 21:24:38 51200 --a------ C:\Windows\system32\dumphive.exe
2008-03-14 21:24:36 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-14 21:24:36 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-08 21:23:10 0 d-------- C:\Users\Home\.housecall6.6
2008-03-07 23:35:53 0 d-------- C:\Windows\Panther
2008-03-07 23:10:47 0 d--h----- C:\$WINDOWS.~Q
2008-03-07 22:56:18 0 d--h----- C:\$INPLACE.~TR
2008-03-07 22:35:09 0 d-------- C:\Program Files\Norton Internet Security
2008-03-07 22:11:38 0 dr------- C:\Users\Home\Searches
2008-03-07 22:11:21 0 dr------- C:\Users\Home\Contacts
2008-03-07 21:48:22 22668 --a------ C:\Windows\system32\emptyregdb.dat
2008-03-07 21:33:20 0 d-------- C:\Users\Default\video
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\Templates
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\Start Menu
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\SendTo
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\Recent
2008-03-07 20:52:32 0 d--h----- C:\Users\Bhavini\PrintHood
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\NetHood
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\My Documents
2008-03-07 20:52:32 0 dr------- C:\Users\Bhavini\Music
2008-03-07 20:52:32 0 d--h----- C:\Users\Bhavini\Local Settings
2008-03-07 20:52:32 0 dr------- C:\Users\Bhavini\Links
2008-03-07 20:52:32 0 dr------- C:\Users\Bhavini\Favorites
2008-03-07 20:52:32 0 dr------- C:\Users\Bhavini\Downloads
2008-03-07 20:52:32 0 dr------- C:\Users\Bhavini\Documents
2008-03-07 20:52:32 0 dr------- C:\Users\Bhavini\Desktop
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\Cookies
2008-03-07 20:52:32 0 d--hs---- C:\Users\Bhavini\Application Data
2008-03-07 20:52:32 0 d--h----- C:\Users\Bhavini\AppData
2008-03-07 20:52:31 0 dr------- C:\Users\Bhavini\Videos
2008-03-07 20:52:31 0 d-------- C:\Users\Bhavini\Saved Games
2008-03-07 20:52:31 0 dr------- C:\Users\Bhavini\Pictures
2008-03-07 20:52:31 2105344 --a------ C:\Users\Bhavini\NTUSER.DAT
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\Templates
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\Start Menu
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\SendTo
2008-03-07 20:52:27 0 d-------- C:\Users\Minal\Saved Games
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\Recent
2008-03-07 20:52:27 0 d--h----- C:\Users\Minal\PrintHood
2008-03-07 20:52:27 0 dr------- C:\Users\Minal\Pictures
2008-03-07 20:52:27 2748416 --a------ C:\Users\Minal\NTUSER.DAT
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\NetHood
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\My Documents
2008-03-07 20:52:27 0 d--h----- C:\Users\Minal\Local Settings
2008-03-07 20:52:27 0 dr------- C:\Users\Minal\Links
2008-03-07 20:52:27 0 dr------- C:\Users\Minal\Favorites
2008-03-07 20:52:27 0 dr------- C:\Users\Minal\Downloads
2008-03-07 20:52:27 0 dr------- C:\Users\Minal\Documents
2008-03-07 20:52:27 0 dr------- C:\Users\Minal\Desktop
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\Cookies
2008-03-07 20:52:27 0 d--hs---- C:\Users\Minal\Application Data
2008-03-07 20:52:27 0 d--h----- C:\Users\Minal\AppData
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\Templates
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\Start Menu
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\SendTo
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\Recent
2008-03-07 20:52:23 0 d--h----- C:\Users\Home\PrintHood
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\NetHood
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\My Documents
2008-03-07 20:52:23 0 d--h----- C:\Users\Home\Local Settings
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\Cookies
2008-03-07 20:52:23 0 d--hs---- C:\Users\Home\Application Data
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Saved Games
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Pictures
2008-03-07 20:52:22 3670016 --ahs---- C:\Users\Home\NTUSER.DAT
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Music
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Links
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Favorites
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Downloads
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Documents
2008-03-07 20:52:22 0 dr------- C:\Users\Home\Desktop
2008-03-07 20:52:22 0 d--h----- C:\Users\Home\AppData
2008-03-07 20:50:18 0 d-------- C:\Windows\system32\URTTEMP
2008-03-07 20:50:05 0 d--hs---- C:\Windows\Installer
2008-03-07 20:45:56 0 d-------- C:\Windows\system32\catroot2
2008-03-07 20:45:28 0 d-------- C:\Windows\Debug
2008-03-07 20:45:27 0 d-------- C:\Windows\CSC
2008-03-07 20:36:56 0 d-------- C:\Windows\Prefetch
2008-03-07 19:49:51 0 d--hs---- C:\Boot
2008-03-07 19:10:36 0 d------c- C:\Windows\system32\DRVSTORE
2008-03-03 01:09:18 0 d-------- C:\Program Files\Enigma Software Group
2008-03-02 19:14:43 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-02 17:31:30 0 d-------- C:\Program Files\Common Files\Download Manager
2008-03-02 00:01:22 0 d-a------ C:\Users\All Users\TEMP


-- Find3M Report ---------------------------------------------------------------

2008-03-13 09:13:49 0 d-------- C:\Program Files\Windows Mail
2008-03-08 21:04:53 9826 --a------ C:\Windows\mozver.dat
2008-03-08 17:33:27 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-08 16:49:29 0 d-------- C:\Program Files\Symantec
2008-03-08 04:26:29 174 --ahs---- C:\Program Files\desktop.ini
2008-03-08 04:12:23 0 d-------- C:\Program Files\Windows Calendar
2008-03-08 04:12:09 0 d-------- C:\Program Files\Windows Defender
2008-03-08 04:11:56 0 d-------- C:\Program Files\Windows Sidebar
2008-03-07 23:01:39 0 d-------- C:\Program Files\Common Files
2008-03-07 21:23:04 0 d-------- C:\Users\Home\AppData\Roaming\Webshots
2008-03-07 21:23:01 0 d-------- C:\Users\Home\AppData\Roaming\WeatherBug
2008-03-07 21:23:01 0 d-------- C:\Users\Home\AppData\Roaming\vlc
2008-03-07 21:23:01 0 d-------- C:\Users\Home\AppData\Roaming\Viewpoint
2008-03-07 21:23:00 0 d-------- C:\Users\Home\AppData\Roaming\Talkback
2008-03-07 21:23:00 0 d-------- C:\Users\Home\AppData\Roaming\Symantec
2008-03-07 21:22:17 0 d-------- C:\Users\Home\AppData\Roaming\Sun
2008-03-07 21:22:17 0 d-------- C:\Users\Home\AppData\Roaming\Sonic
2008-03-07 21:22:17 0 d-------- C:\Users\Home\AppData\Roaming\Registry Defender
2008-03-07 21:22:17 0 d-------- C:\Users\Home\AppData\Roaming\Real
2008-03-07 21:22:15 0 d-------- C:\Users\Home\AppData\Roaming\MSN6
2008-03-07 21:22:15 0 d-------- C:\Users\Home\AppData\Roaming\Mozilla
2008-03-07 21:22:13 0 d--h----- C:\Users\Home\AppData\Roaming\Move Networks
2008-03-07 21:21:29 0 d-------- C:\Users\Home\AppData\Roaming\Macromedia
2008-03-07 21:21:29 0 d-------- C:\Users\Home\AppData\Roaming\Leadertech
2008-03-07 21:21:29 0 d-------- C:\Users\Home\AppData\Roaming\Jasc Software Inc
2008-03-07 21:21:28 0 d-------- C:\Users\Home\AppData\Roaming\Jasc
2008-03-07 21:21:28 0 d-------- C:\Users\Home\AppData\Roaming\Identities
2008-03-07 21:21:28 0 d-------- C:\Users\Home\AppData\Roaming\ICAClient
2008-03-07 21:21:28 0 d-------- C:\Users\Home\AppData\Roaming\HotSync
2008-03-07 21:21:28 0 d--h----- C:\Users\Home\AppData\Roaming\Gtek
2008-03-07 21:21:28 0 d-------- C:\Users\Home\AppData\Roaming\Google
2008-03-07 21:21:27 0 d-------- C:\Users\Home\AppData\Roaming\ESPN
2008-03-07 21:21:27 0 d-------- C:\Users\Home\AppData\Roaming\CyberLink
2008-03-07 21:21:27 0 d-------- C:\Users\Home\AppData\Roaming\Corel
2008-03-07 21:21:27 0 d-------- C:\Users\Home\AppData\Roaming\Corel Photo Album
2008-03-07 21:21:25 0 d-------- C:\Users\Home\AppData\Roaming\Apple Computer
2008-03-07 21:21:25 0 d-------- C:\Users\Home\AppData\Roaming\AOL
2008-03-07 21:20:47 0 d-------- C:\Users\Home\AppData\Roaming\Aim
2008-03-07 21:20:47 0 d-------- C:\Users\Home\AppData\Roaming\Adobe
2008-03-07 21:20:47 0 d-------- C:\Users\Home\AppData\Roaming\acccore
2008-03-07 21:09:39 0 d-------- C:\Program Files\Your Company Name
2008-03-07 21:09:37 0 d-------- C:\Program Files\WordPerfect Office 11
2008-03-07 21:09:13 0 d-------- C:\Program Files\WildTangent
2008-03-07 21:09:06 0 d-------- C:\Program Files\support.com
2008-03-07 21:08:57 0 d-------- C:\Program Files\Real
2008-03-07 21:08:56 0 d-------- C:\Program Files\QuickTime
2008-03-07 21:08:42 0 d-------- C:\Program Files\PokerRoom.com
2008-03-07 21:08:42 0 d-------- C:\Program Files\Photo Pos Pro
2008-03-07 21:08:41 0 d-------- C:\Program Files\palmOne
2008-03-07 21:08:37 0 d-------- C:\Program Files\Ofoto
2008-03-07 21:06:25 0 d-------- C:\Program Files\NetZero
2008-03-07 21:06:22 0 d-------- C:\Program Files\MUSICMATCH
2008-03-07 21:06:22 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-07 21:06:17 0 d-------- C:\Program Files\Modem Helper
2008-03-07 21:06:00 0 d-------- C:\Program Files\microsoft frontpage
2008-03-07 21:06:00 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-07 21:06:00 0 d-------- C:\Program Files\McAfee.com
2008-03-07 21:06:00 0 d-------- C:\Program Files\MasqueAIM
2008-03-07 21:05:59 0 d-------- C:\Program Files\Learn2.com
2008-03-07 21:05:48 0 d-------- C:\Program Files\Java
2008-03-07 21:05:28 0 d-------- C:\Program Files\Jasc Software Inc
2008-03-07 21:04:33 0 d-------- C:\Program Files\iTunes
2008-03-07 21:04:30 0 d-------- C:\Program Files\iPod
2008-03-07 21:04:27 0 d-------- C:\Program Files\Intel
2008-03-07 21:04:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-07 21:04:25 0 d-------- C:\Program Files\HP
2008-03-07 21:03:00 0 d-------- C:\Program Files\Google
2008-03-07 21:02:59 0 d-------- C:\Program Files\DivX
2008-03-07 21:02:58 0 d-------- C:\Program Files\DellSupport
2008-03-07 21:02:50 0 d-------- C:\Program Files\Dell
2008-03-07 21:02:50 0 d-------- C:\Program Files\Dell Computer
2008-03-07 21:02:38 0 d-------- C:\Program Files\CyberLink
2008-03-07 21:02:38 0 d-------- C:\Program Files\CorelPaintShopProX_
2008-03-07 21:01:48 0 d-------- C:\Program Files\CorelPaintShopProX
2008-03-07 21:00:39 0 d-------- C:\Program Files\Corel
2008-03-07 21:00:37 0 d-------- C:\Program Files\Connection Wizard
2008-03-07 21:00:36 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-07 21:00:36 0 d-------- C:\Program Files\Common Files\WhenU
2008-03-07 21:00:36 0 d-------- C:\Program Files\Common Files\Thraex Software
2008-03-07 21:00:29 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-03-07 21:00:29 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-07 21:00:29 0 d-------- C:\Program Files\Common Files\Real
2008-03-07 21:00:27 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-07 21:00:27 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-03-07 21:00:26 0 d-------- C:\Program Files\Common Files\NSV
2008-03-07 21:00:26 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-07 21:00:17 0 d-------- C:\Program Files\Common Files\Java
2008-03-07 21:00:17 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-07 21:00:10 0 d-------- C:\Program Files\Common Files\HP
2008-03-07 21:00:09 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-07 21:00:08 0 d-------- C:\Program Files\Common Files\Corel
2008-03-07 21:00:07 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-03-07 21:00:07 0 d-------- C:\Program Files\Common Files\aolshare
2008-03-07 21:00:05 0 d-------- C:\Program Files\Common Files\aolback
2008-03-07 21:00:04 0 d-------- C:\Program Files\Common Files\AOL
2008-03-07 20:59:39 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-07 20:59:39 0 d-------- C:\Program Files\Citrix
2008-03-07 20:59:39 0 d-------- C:\Program Files\BearShare
2008-03-07 20:59:37 0 d-------- C:\Program Files\AOL Companion
2008-03-07 20:59:37 0 d-------- C:\Program Files\AOD
2008-03-07 20:59:36 0 d-------- C:\Program Files\America Online 9.0c
2008-03-07 20:59:31 0 d-------- C:\Program Files\America Online 9.0b
2008-03-07 20:59:27 0 d-------- C:\Program Files\America Online 9.0a
2008-03-07 20:59:27 0 d-------- C:\Program Files\America Online 9.0
2008-03-07 20:59:15 0 d-------- C:\Program Files\AIM+
2008-03-07 20:59:15 0 d-------- C:\Program Files\AIM Toolbar
2008-03-07 20:59:14 0 d-------- C:\Program Files\AIM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
08/24/2007 11:51 PM 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
03/07/2008 11:01 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [08/24/2007 11:51 PM 316784]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [08/13/2003 12:27 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1133723631\ee\AOLSoftware.exe" [11/02/2005 11:01 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 09:38 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [08/04/2003 06:28 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/14/2006 04:24 PM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [08/26/2003 09:47 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [08/02/2006 10:13 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/07/2004 12:39 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/14/2008 12:01 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [11/02/2006 05:45 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/21/2007 06:55 AM]
"NetZero_uoltray"="C:\Program Files\NetZero\exec.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0c\aoltray.exe [6/28/2005 6:54:13 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/16/2003 6:19:24 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork PLA DPS BFE mpssvc
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-03-20 14:36:53 ------------
  • 0

Advertisements

#26
Rorschach112
Posted 20 March 2008 - 12:38 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also tell me how your PC is running
  • 0

#27
nyychick2
Posted 20 March 2008 - 08:08 PM

nyychick2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hi.

It is too long for me to post, so I will attach the file for you.

My computer is a bit slow at times, especially if I use internet explorer. Internet explorer is giving me alot of problems, it takes a while to load and then is really slow. Mozilla usually works fine, but freezes once in a while. The whole computer freezes time to time and you have to wait a minute to use it again.

Attached Files


Edited by nyychick2, 20 March 2008 - 08:15 PM.

  • 0

#28
Rorschach112
Posted 20 March 2008 - 08:10 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
If you can't get that log, then do this

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#29
nyychick2
Posted 20 March 2008 - 08:15 PM

nyychick2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I got the log, just a bit slow, sorry. I attached it above.

Edited by nyychick2, 20 March 2008 - 08:33 PM.

  • 0

#30
Rorschach112
Posted 20 March 2008 - 08:19 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok do this

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\BearShare\Installer\BSInstall5.1.0.26.exe
C:\Program Files\Common Files\WhenU
C:\Windows\package_MARKETING27.exe
C:\Windows\System32\i0vqklj8.ini
C:\Windows\System32\oc5hoetc.ini
C:\Windows\System32\FxsTmp
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Reboot and tell me how it's running
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP