Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

iifGVmLb.dll is not a valid Windows image [RESOLVED]

Started by spaztastic , May 07 2008 04:42 PM

  • This topic is locked This topic is locked

#1
spaztastic
Posted 07 May 2008 - 04:42 PM

spaztastic

    Member

  • Member
  • PipPip
  • 36 posts
Whenever I launch an application, I get the following error message:

The application or DLL C:\WINDOWS\system32\iifGVmLb.dll is not a valid Windows image. Please check this against your installation diskette.

It occurs whenever I launch the applications from the PStart menu. I ran the System File Checker and it didn't repair the issue. Here is my HijackThis log and I am hoping that this will help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:42:33 PM, on 5/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\PStart\PStart.exe
C:\Documents and Settings\Owner\Desktop\Programs\Firefox\App\firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aflac.com...en/Default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {5C060FE2-B3CA-47DD-B68E-BD1A6E297226} - C:\WINDOWS\system32\iifGVmLb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PegtopPStart] C:\Program Files\PStart\PStart.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: SideSlide.exe
O4 - Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1139406804265
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-256fcb150...ad/MsnPUpld.cab
O20 - Winlogon Notify: iifGVmLb - C:\WINDOWS\SYSTEM32\iifGVmLb.dll
O20 - Winlogon Notify: pmnkLfGx - pmnkLfGx.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6071 bytes
  • 0

Advertisements

#2
Rorschach112
Posted 07 May 2008 - 07:17 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#3
spaztastic
Posted 07 May 2008 - 10:01 PM

spaztastic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:29 PM, on 5/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\MsiExec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aflac.com/us/en/Default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PegtopPStart] C:\Program Files\PStart\PStart.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139406804265
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-256fcb150f6c4fac.spaces.live.com/PhotoUpload/MsnPUpld.cab
O20 - Winlogon Notify: iifGVmLb - iifGVmLb.dll (file missing)
O20 - Winlogon Notify: pmnkLfGx - pmnkLfGx.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5633 bytes


ComboFix Log:

ComboFix 08-05-01.3 - Owner 2008-05-07 22:46:20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.251 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\iifGVmLb.dll
.
---- Previous Run -------
.
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 )))))))))))))))))))))))))))))))
.

2008-05-07 18:24 . 2008-05-07 18:24 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-07 18:20 . 2008-05-07 18:21 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-05-07 18:20 . 2008-05-07 18:21 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-05-07 18:20 . 2008-05-07 18:21 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-05-07 18:00 . 2008-05-07 18:00 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-05-07 18:00 . 2008-05-07 18:23 18,143 --a------ C:\WINDOWS\DIIUnin.dat
2008-05-07 18:00 . 2008-05-07 18:00 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-05-07 17:51 . 2008-05-07 18:28 <DIR> d-------- C:\Program Files\Diablo II
2008-05-07 17:42 . 2008-05-07 17:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-07 15:12 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-05-07 15:12 . 2008-04-13 22:05 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-05-07 15:12 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-05-07 15:12 . 2008-04-13 22:04 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-05-07 15:12 . 2008-04-14 00:16 19,200 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys
2008-05-07 15:12 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-05-07 15:12 . 2008-04-13 22:04 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-05-07 15:12 . 2008-04-14 00:06 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-05-07 15:12 . 2008-04-14 05:42 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-05-07 15:10 . 2001-08-17 13:28 794,399 --a--c--- C:\WINDOWS\system32\dllcache\usr1806v.sys
2008-05-07 15:09 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-05-07 15:08 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-05-07 15:07 . 2001-08-17 14:01 241,664 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd02.sys
2008-05-07 15:06 . 2001-08-17 14:56 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-05-07 15:05 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-05-07 15:04 . 2001-08-17 14:56 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll
2008-05-07 15:03 . 2001-08-17 22:36 238,592 --a--c--- C:\WINDOWS\system32\dllcache\sisgrv.dll
2008-05-07 15:02 . 2004-08-04 07:00 2,178,131 --a--c--- C:\WINDOWS\system32\dllcache\shvlres.dll
2008-05-07 15:01 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-05-07 15:00 . 2004-08-04 07:00 753,236 --a--c--- C:\WINDOWS\system32\dllcache\rvseres.dll
2008-05-07 14:59 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-07 14:58 . 2008-04-14 05:42 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-05-07 14:57 . 2008-04-14 05:40 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-05-07 14:56 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-05-07 14:55 . 2008-04-14 00:01 2,023,936 --a--c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-05-07 14:54 . 2001-08-17 12:11 128,000 --a--c--- C:\WINDOWS\system32\dllcache\n100325.sys
2008-05-07 14:53 . 2004-08-04 07:00 229,439 --a--c--- C:\WINDOWS\system32\dllcache\multibox.dll
2008-05-07 14:52 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-05-07 14:51 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-05-07 14:50 . 2008-04-14 05:41 253,952 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-05-07 14:49 . 2004-08-04 07:00 471,102 --a--c--- C:\WINDOWS\system32\dllcache\imskdic.dll
2008-05-07 14:48 . 2008-04-14 05:41 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-05-07 14:47 . 2004-08-04 07:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
2008-05-07 14:46 . 2001-08-17 22:36 324,608 --a--c--- C:\WINDOWS\system32\dllcache\hpojwia.dll
2008-05-07 14:45 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-05-07 14:44 . 2001-08-17 13:28 595,647 --a--c--- C:\WINDOWS\system32\dllcache\es56cvmp.sys
2008-05-07 14:43 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-05-07 14:42 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-05-07 14:41 . 2001-08-17 22:36 256,512 --a--c--- C:\WINDOWS\system32\dllcache\devcon32.dll
2008-05-07 14:40 . 2004-08-04 07:00 1,039,955 --a--c--- C:\WINDOWS\system32\dllcache\cmnresm.dll
2008-05-07 14:39 . 2004-08-04 07:00 195,618 --a--c--- C:\WINDOWS\system32\dllcache\c_10002.nls
2008-05-07 14:38 . 2004-08-04 07:00 1,817,687 --a--c--- C:\WINDOWS\system32\dllcache\bckgres.dll
2008-05-07 14:37 . 2001-08-17 14:55 382,592 --a--c--- C:\WINDOWS\system32\dllcache\atidrab.dll
2008-05-07 14:36 . 2008-04-14 00:54 2,145,280 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-05-07 14:35 . 2008-05-07 14:35 <DIR> d-------- C:\Program Files\TuneXP
2008-05-07 04:52 . 2008-05-07 04:52 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Pegtop
2008-05-07 04:41 . 2008-05-07 04:41 <DIR> d-------- C:\Program Files\PStart
2008-05-06 23:15 . 2008-05-06 23:31 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AstonSD
2008-05-06 03:21 . 2008-03-13 23:11 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-05-06 03:20 . 2008-05-07 18:47 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-05-06 03:20 . 2008-05-07 22:49 351,888 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-05-06 03:18 . 2008-05-06 03:18 <DIR> d-------- C:\Program Files\Zone Labs
2008-05-06 02:49 . 2008-05-07 03:14 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-06 02:48 . 2008-05-07 22:43 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-05-06 01:09 . 2008-05-06 01:09 <DIR> d-------- C:\Program Files\Avira
2008-05-06 01:09 . 2008-05-06 01:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-06 00:50 . 2008-05-06 00:50 0 --ah----- C:\Documents and Settings\Owner\ntuser.dat_TU_30595.LOG
2008-05-06 00:50 . 2008-05-06 00:50 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_33964.LOG
2008-05-06 00:50 . 2008-05-06 00:50 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_95434.LOG
2008-05-06 00:50 . 2008-05-06 00:50 0 --ah----- C:\Documents and Settings\Administrator\ntuser.dat_TU_16356.LOG
2008-05-05 23:43 . 2008-05-07 03:15 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-05 23:10 . 2008-05-05 23:10 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-05 23:08 . 2008-05-05 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-05 23:07 . 2008-05-07 02:48 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-05 23:06 . 2008-05-05 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-05 22:42 . 2008-05-05 22:43 1,868 --a------ C:\WINDOWS\mozver.dat
2008-05-05 22:40 . 2008-05-05 22:40 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-05 22:39 . 2008-05-05 22:39 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-05 22:39 . 2008-05-05 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-05 16:52 . 2008-04-14 05:42 22,528 --a------ C:\WINDOWS\system32\wsock32.dlb
2008-05-05 16:51 . 2008-05-05 16:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOC426
2008-05-05 15:06 . 2008-05-05 15:06 <DIR> d-------- C:\Documents and Settings\Owner\DoctorWeb
2008-05-05 12:18 . 2008-05-06 00:50 3,670,016 --a------ C:\Documents and Settings\Owner\ntuser.dat_BAK_30595
2008-05-05 09:53 . 2008-05-05 09:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\NirSoft
2008-05-05 09:37 . 2008-05-06 00:05 <DIR> d-------- C:\WINDOWS\ShellNew
2008-05-04 16:43 . 2008-05-04 16:49 <DIR> d-------- C:\Program Files\mp3DirectCut
2008-05-04 04:33 . 1997-06-13 10:56 56,832 --------- C:\WINDOWS\system32\iyvu9_32.dll
2008-05-04 04:31 . 2008-05-04 04:31 <DIR> d-------- C:\Program Files\Microsoft Games
2008-05-03 18:20 . 2008-05-03 18:21 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-01 16:57 . 2008-05-01 16:57 <DIR> d-------- C:\Documents and Settings\Owner\AbiSuite
2008-04-30 04:44 . 2008-03-01 08:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-30 04:44 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-30 04:44 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-30 04:44 . 2008-03-01 08:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-30 04:44 . 2008-03-01 08:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-30 04:44 . 2008-03-01 08:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-30 04:44 . 2008-03-01 08:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-30 04:44 . 2008-03-01 08:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-30 04:44 . 2008-02-22 05:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-29 20:50 . 2008-04-14 05:39 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-04-29 20:49 . 2008-04-14 05:42 679,936 --a--c--- C:\WINDOWS\system32\dllcache\sstext3d.scr
2008-04-29 20:48 . 2008-04-14 05:41 246,272 --a--c--- C:\WINDOWS\system32\dllcache\fxst30.dll
2008-04-29 20:47 . 2008-04-14 05:42 704,512 --a--c--- C:\WINDOWS\system32\dllcache\ss3dfo.scr
2008-04-29 20:46 . 2008-04-14 05:41 218,112 --a--c--- C:\WINDOWS\system32\dllcache\c_g18030.dll
2008-04-29 20:45 . 2008-04-14 05:42 610,304 --a--c--- C:\WINDOWS\system32\dllcache\sspipes.scr
2008-04-29 20:45 . 2008-04-14 05:42 456,192 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-04-29 20:45 . 2008-04-14 05:42 215,552 --a--c--- C:\WINDOWS\system32\dllcache\osk.exe
2008-04-29 20:45 . 2008-04-14 05:42 142,848 --a--c--- C:\WINDOWS\system32\dllcache\fxsclnt.exe
2008-04-29 20:45 . 2008-04-14 05:41 35,328 --a--c--- C:\WINDOWS\system32\dllcache\iprip.dll
2008-04-29 20:45 . 2008-04-14 05:41 33,792 --a--c--- C:\WINDOWS\system32\dllcache\lmmib2.dll
2008-04-29 20:45 . 2008-04-14 05:42 29,184 --a--c--- C:\WINDOWS\system32\dllcache\rw330ext.dll
2008-04-29 20:45 . 2008-04-14 05:41 26,624 --a--c--- C:\WINDOWS\system32\dllcache\fxsdrv.dll
2008-04-29 20:45 . 2008-04-14 05:39 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbdax2.dll
2008-04-29 20:44 . 2008-04-14 05:42 393,216 --a--c--- C:\WINDOWS\system32\dllcache\ssflwbox.scr
2008-04-29 20:44 . 2008-04-14 05:41 331,264 --a--c--- C:\WINDOWS\system32\dllcache\aqueue.dll
2008-04-29 20:44 . 2008-04-14 05:41 101,888 --a--c--- C:\WINDOWS\system32\dllcache\evntagnt.dll
2008-04-29 20:44 . 2008-04-14 05:42 53,760 --a--c--- C:\WINDOWS\system32\dllcache\narrator.exe
2008-04-29 20:44 . 2008-04-14 05:42 39,936 --a--c--- C:\WINDOWS\system32\dllcache\snmpthrd.dll
2008-04-29 20:41 . 2008-04-13 22:06 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-04-28 06:53 . 2008-05-04 21:57 <DIR> d-------- C:\Program Files\Google
2008-04-28 06:45 . 2008-04-28 06:45 244 --ah----- C:\sqmnoopt00.sqm
2008-04-28 06:45 . 2008-04-28 06:45 232 --ah----- C:\sqmdata00.sqm
2008-04-27 22:06 . 2008-04-27 22:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-27 06:12 . 2008-04-28 17:13 <DIR> d-------- C:\Documents and Settings\Owner\Contacts
2008-04-26 17:46 . 2008-04-26 17:46 <DIR> d-------- C:\Program Files\Windows Live
2008-04-25 18:56 . 2000-11-08 17:50 138,240 --------- C:\WINDOWS\system32\MMKEYBD.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 03:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-07 22:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-07 08:24 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-05-06 05:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-06 04:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-21 01:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-04-19 01:01 6,051 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-19 00:52 --------- d-----w C:\Program Files\Java
2008-04-19 00:51 --------- d-----w C:\Program Files\Common Files\Java
2008-04-19 00:51 --------- d-----w C:\Documents and Settings\Owner\Application Data\TuneUp Software
2008-04-19 00:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-19 00:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-19 00:49 --------- d-----w C:\Program Files\iTunes
2008-04-19 00:49 --------- d-----w C:\Program Files\iPod
2008-04-19 00:49 --------- d-----w C:\Program Files\Bonjour
2008-04-19 00:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-19 00:48 --------- d-----w C:\Program Files\QuickTime
2008-04-19 00:47 --------- d-----w C:\Program Files\K-Lite
2008-04-19 00:46 --------- d-----w C:\Program Files\Common Files\Apple
2008-04-19 00:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-19 00:33 --------- d-----w C:\Program Files\Intel
2008-04-19 00:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-19 00:30 --------- d-----w C:\Program Files\Analog Devices
2008-04-19 00:20 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-19 00:08 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-14 10:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 10:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 10:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 10:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 10:42 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 10:42 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 10:42 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 10:42 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 10:42 32,866 ----a-w C:\WINDOWS\slrundll.exe
2008-04-14 10:42 3,901 ----a-w C:\WINDOWS\system32\drivers\siint5.dll
2008-04-14 10:42 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 10:42 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 10:42 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 10:42 11,325 ----a-w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 10:42 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 10:42 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 05:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-14 05:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-14 05:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-14 05:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-14 05:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-14 05:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-14 05:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-14 05:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-14 05:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-14 05:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-14 05:48 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 05:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-14 05:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-14 05:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-14 05:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-14 05:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-14 05:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 05:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-14 05:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-14 05:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-14 05:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-14 05:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-14 05:30 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 05:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-14 05:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-14 05:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-14 05:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-14 05:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-14 05:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-14 05:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-14 05:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-14 05:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-14 05:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-14 05:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-14 05:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-14 05:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-14 05:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-14 05:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-14 05:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-14 05:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-14 05:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-14 05:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-14 05:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-14 05:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-14 05:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-14 05:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-14 05:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-14 05:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-14 05:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-14 05:21 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-14 05:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-14 05:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-14 05:21 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-14 05:16 59,136 ----a-w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-14 05:16 37,888 ----a-w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-14 05:16 36,480 ----a-w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-14 05:16 273,024 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 05:16 25,600 ----a-w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 05:16 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2004-08-04 12:00 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"PegtopPStart"="C:\Program Files\PStart\PStart.exe" [2008-05-07 04:41 786952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-03-01 08:06 124928 C:\WINDOWS\system32\advpack.dll]
"KeyScrambler"="C:\Program Files\KeyScrambler\getting_started.html" [ ]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 07:00 44544]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
SpywareBlaster.lnk - C:\Program Files\SpywareBlaster\spywareblaster.exe [2008-05-05 23:43:12 1320464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"EnableShellExecuteHooks"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifGVmLb]
iifGVmLb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkLfGx]
pmnkLfGx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^SideSlide.exe]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SideSlide.exe
backup=C:\WINDOWS\pss\SideSlide.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\Programs\\uTorrent\\App\\utorrent\\uTorrent.exe"=

R0 phmcd;phmcd;C:\WINDOWS\system32\DRIVERS\phmcd.sys [2008-03-06 12:57]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42]
R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys [2008-03-22 16:37]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-25 18:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-05-08 03:50:43 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-05-03 23:21:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-08 03:53:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 22:52:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-05-07 22:54:26 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-05-08 03:54:22

Pre-Run: 63,214,632,960 bytes free
Post-Run: 63,126,904,832 bytes free

347 --- E O F --- 2008-05-06 19:56:22

Edited by Rorschach112, 08 May 2008 - 05:17 AM.

  • 0

#4
Rorschach112
Posted 08 May 2008 - 05:19 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\WINDOWS\system32\DRIVERS\phmcd.sys

Folder::

Registry::

Driver::
phmcd


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Also post a new HijackThis log

Do not put the logs in code boxes

Edited by Rorschach112, 08 May 2008 - 05:20 AM.

  • 0

#5
spaztastic
Posted 08 May 2008 - 11:53 AM

spaztastic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Before I could follow the steps instructed in your last post, the computer crapped out on me. Would turn on, get past the Gateway logo and then nothing. I got it fixed but there is no more issues on the computer. Good thing I have an external hard drive to back up all my data. Thank you tho. I had to reinstall Windows.
  • 0

#6
Rorschach112
Posted 08 May 2008 - 12:31 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP