[tanja17]

Hi,

I came across this board in looking for a solution for a nasty virus that has gripped one of my employees computers! Below is my HijackThis log file.

I've also run Combofix -- and have a logfile from that app that I will post below as well. Couldn't even believe the crap it found installed by the virus app. UGH. It ran successfully (it seemed) but my antivirus/anti-spyware apps are still being blocked "not a valid Win32...").

I need some quality geek help!

t

HIJACK THIS LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:36 PM, on 8/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\S24EvMon.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\intel\AdapterSwitching\AdapterSwitchService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\rundll32.exe
C:\PROGRA~1\Ericsson\MOBILE~1\DbgOut.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.friendster.com
O15 - Trusted Zone: http://www.geekstogo.com
O15 - Trusted Zone: http://www.ticketmaster.ca
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../CA/install.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec....rl/SymAData.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://doublecrossed...ad/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1171525778562
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://pix.futuresho...geUploader4.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D57262F5-9637-4E67-BC59-88C53EA76FC3} (ULcontrol Control) - http://pix.futuresho...ulcontrolxp.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.blogtv.ca...ct/launcher.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photogize...geUploader4.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimed...tupv2.0.0.9.cab?
O23 - Service: AdapterSwitchService - Intel ® Corporation - C:\Program Files\intel\AdapterSwitching\AdapterSwitchService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\System32\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O24 - Desktop Component 0: (no name) - http://www.spiritliv.../tuneinlive.gif
O24 - Desktop Component 1: (no name) - http://ads.nyctouris...hicagoPopUp.bmp
O24 - Desktop Component 2: (no name) - http://www.ikea.ca/P...PE130404_S4.jpg

--
End of file - 9317 bytes





________________________________________________________________________________
___________

COMBOFIX LOG:

ComboFix 08-08-14.05 - Owner 2008-08-15 19:09:00.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.719 [GMT -4:00]

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Angela\Application Data\m
C:\Documents and Settings\Angela\Application Data\m\data.oct
C:\Documents and Settings\Angela\Application Data\m\flec006.exe
C:\Documents and Settings\Angela\Application Data\m\list.oct
C:\Documents and Settings\Angela\Application Data\m\shared
C:\Documents and Settings\Angela\Application Data\m\shared\1-abc.net Registry Washer 1.10 KeyGen.zip
C:\Documents and Settings\Angela\Application Data\m\shared\123Macmini Widget 1.1.zip
C:\Documents and Settings\Angela\Application Data\m\shared\3D Fireplace Deluxe 1.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Advanced Forum 1.02.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Amiasoft Password 3.3.6.22.zip
C:\Documents and Settings\Angela\Application Data\m\shared\AN627-IH Virtual Keyboard 3.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Anasoft Scheduler PE 1.1.1.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Anti-keylogger for IE 1.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Anti-SPAM Guard 4.0 Cracked.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Arjan Mels' Font Viewer 1.14.1.564.zip
C:\Documents and Settings\Angela\Application Data\m\shared\AskSam 6.0.2.774.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Auction Monitor 3.0.2 (Crack).zip
C:\Documents and Settings\Angela\Application Data\m\shared\AVStoMPEG 8.2006.1227.0500.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Backspin Billiards 1.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Batch Replacer for MS Word 2.4.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Batch WinFax2PDF 2.0 Serial.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Breakout Point 3.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\CableMon 1.8.0.1 Key.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Camera Plus 2.0 Gold (Key).zip
C:\Documents and Settings\Angela\Application Data\m\shared\Ccy HaHaZip 3.0.2.zip
C:\Documents and Settings\Angela\Application Data\m\shared\CD Sequencer 1.0 [Crack].zip
C:\Documents and Settings\Angela\Application Data\m\shared\CD to Mobile 1.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\CELESTIAL ALPHABET 2.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Checkout Professional 2.5.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Collection of C++ Examples 6.0 (Cracked).zip
C:\Documents and Settings\Angela\Application Data\m\shared\Color Picker ActiveX Control 1.0.0.1.zip
C:\Documents and Settings\Angela\Application Data\m\shared\ConnectCode MICR E13B Font 1.0 Patch.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Crisystec Sentry 30.3.0 [Crack].zip
C:\Documents and Settings\Angela\Application Data\m\shared\Cryptomathic Secure Memorizer 2.1.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Cryptomax 1.5.2.zip
C:\Documents and Settings\Angela\Application Data\m\shared\CT Space 1.0.6.2634.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Daniusoft DVD to iPhone Converter 1.1.10.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Data Matrix Encoder 1.1.zip
C:\Documents and Settings\Angela\Application Data\m\shared\DBVA for Visual Studio Viewer Edition 4.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Delion 2.1 [KeyGen].zip
C:\Documents and Settings\Angela\Application Data\m\shared\Desert Combat (Battlefield 1942) - Coral Sea 2 with Single Co-op map.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Ecora Documentor for VMWare 4.0.6157.17003.zip
C:\Documents and Settings\Angela\Application Data\m\shared\EuromediWebcams 1.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Everica 2.zip
C:\Documents and Settings\Angela\Application Data\m\shared\EYE3 1.4.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Faith Visitation Manager 2.2 [Key+Serial].zip
C:\Documents and Settings\Angela\Application Data\m\shared\Firemonger 2.0.0.1.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Flash Banner Creator 1.00.zip
C:\Documents and Settings\Angela\Application Data\m\shared\FloatFTP 1.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Focus Magic 3.01.zip
C:\Documents and Settings\Angela\Application Data\m\shared\FOX 1.7.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\FractalTrees X 1.2.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Frame Remote Control 2.1.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Frostzone Navigator 2.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Fun Morph 6.31 Cracked.zip
C:\Documents and Settings\Angela\Application Data\m\shared\FutureDecks Lite 1.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Fx newsound 5.1.2.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Gameserver Gadget 1.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\GetData Graph Digitizer 2.22.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Google Deskbar 0.5.81 beta.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Grisoft.AVG.Anti-Malware.v7.5.Multilen.+.license.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Holidays Manager 1.zip
C:\Documents and Settings\Angela\Application Data\m\shared\HyperKeyboard 5.5.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Inquartos NetworkManager 2.0.4 R2.0.50727.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Kaspersky.Antivirus.v6.0.1.411.Final.crack.zip
C:\Documents and Settings\Angela\Application Data\m\shared\KB Piano 2.2.4.zip
C:\Documents and Settings\Angela\Application Data\m\shared\keepITsafe 5.1.0.5.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Kronos 2.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Label Maker Pro 2.1.1.zip
C:\Documents and Settings\Angela\Application Data\m\shared\LookInMyPC 1.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\MagicH-Gradienter 2.40.zip
C:\Documents and Settings\Angela\Application Data\m\shared\MailVerify Professional 3.1.5 build 1129.zip
C:\Documents and Settings\Angela\Application Data\m\shared\mCalc 1.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Minami 3D Water Illusion Screensaver 1.1.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Mp3 Music Explorer 1.1.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Net Snippets Professional 3.3.zip
C:\Documents and Settings\Angela\Application Data\m\shared\NETClick 1.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Netrazer 2 [Cracked].zip
C:\Documents and Settings\Angela\Application Data\m\shared\NewWayService 3.07 [KeyGen].zip
C:\Documents and Settings\Angela\Application Data\m\shared\Noty 1.0.1.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Official Olympic Track and Field Screensaver.zip
C:\Documents and Settings\Angela\Application Data\m\shared\on-screen ruler 1.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Osnat Fine Art 1.2.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Panda.2007+key.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Password Recovery Toolbox for Outlook 1.1.3.7.zip
C:\Documents and Settings\Angela\Application Data\m\shared\PC Construction Materials Estimator 1.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\PhotoLibrarian 4.04.zip
C:\Documents and Settings\Angela\Application Data\m\shared\PhotoUtil 1.1.zip
C:\Documents and Settings\Angela\Application Data\m\shared\PIMS Plant Hire Information Management System 2.01.zip
C:\Documents and Settings\Angela\Application Data\m\shared\PocketSlay 2.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Polar Knowledge Base 3.0.2.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Power Cook 2.50 [Patch].zip
C:\Documents and Settings\Angela\Application Data\m\shared\Power Website Builder 1.5.zip
C:\Documents and Settings\Angela\Application Data\m\shared\PrintPRNtoPrinter 1.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\ProSearchMDB 2.1.16 (Key).zip
C:\Documents and Settings\Angela\Application Data\m\shared\Rally Championship Xtreme demo.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Registry Cleaner 1.0 (Cracked).zip
C:\Documents and Settings\Angela\Application Data\m\shared\RMTrack Issue Tracking 2.3.6.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Rock'n'Roll 2004.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Rowan's Battle of Britain patch 1.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Scientific Calculator Opera Widget 1.1.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Screen Capture 2005.8.30.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Screenshot Utility 1.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Sky Bubbles Deluxe 1.2.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Smart CD Catalog Professional 2.17 [With Crack].zip
C:\Documents and Settings\Angela\Application Data\m\shared\SMASS Safelist Submitter Pro 3.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Snow & Santa Screensaver 2.0 [Key].zip
C:\Documents and Settings\Angela\Application Data\m\shared\Spruce 0.6.5.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Staff Files 5.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\systemDashboard - Time Monitor (clock) 1.2.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Text Web Clock 1.1.zip
C:\Documents and Settings\Angela\Application Data\m\shared\TimeCalc Classic 2.02.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Token2 Plus 4.6 build 1421.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Total Control 2.3.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Trading Strategy Tester for FOREX 1.0 build 8.zip
C:\Documents and Settings\Angela\Application Data\m\shared\TubeTwist 1.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Ulises-H 1.5.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Ultimate ZIP Cracker 7.3.2.0 Patch.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Unreal Tournament 2003 - Com Array map.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Unreal Tournament 2003 - The Tomb deathmatch map.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Unreal Tournament 2003 - Warrior v2 skin.zip
C:\Documents and Settings\Angela\Application Data\m\shared\VB Crash Shield 1.0.11.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Versomatic 1.0 Build 267.zip
C:\Documents and Settings\Angela\Application Data\m\shared\VertrigoServ 2.05.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Warcraft III - The Monsters are Loose map.zip
C:\Documents and Settings\Angela\Application Data\m\shared\WAV To WMA Converter 1.00.zip
C:\Documents and Settings\Angela\Application Data\m\shared\WebSnitch 3.0 (KeyGen).zip
C:\Documents and Settings\Angela\Application Data\m\shared\WinRazor SDK 5.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\WOLFF TV Player 1.0.0.1 (Cracked).zip
C:\Documents and Settings\Angela\Application Data\m\shared\wSHDCOM 0.99.05.zip
C:\Documents and Settings\Angela\Application Data\m\shared\WW2D 0.99.87.zip
C:\Documents and Settings\Angela\Application Data\m\shared\XML Gateway .NET 2005 1.zip
C:\Documents and Settings\Angela\Application Data\m\shared\xSolver 1.0.zip
C:\Documents and Settings\Angela\Application Data\m\shared\Zip-I-Mage 2.0 (Key+Serial).zip
C:\Documents and Settings\Angela\Application Data\m\srvlist.oct
C:\Documents and Settings\Angela\Cookies\[email protected][1].txt
C:\Documents and Settings\Angela\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Application Data\m
C:\Documents and Settings\Owner\Application Data\m\data.oct
C:\Documents and Settings\Owner\Application Data\m\flec006.exe
C:\Documents and Settings\Owner\Application Data\m\list.oct
C:\Documents and Settings\Owner\Application Data\m\shared
C:\Documents and Settings\Owner\Application Data\m\shared\AD_Bulk_Users_3.0.1.1.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Adsense_Ready_Web_Site_#10_1.zip
C:\Documents and Settings\Owner\Application Data\m\shared\AliveMon_2.0_Key.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Audio_Art_1.02_(Key).zip
C:\Documents and Settings\Owner\Application Data\m\shared\Avast.Cleaner.Tool.zip
C:\Documents and Settings\Owner\Application Data\m\shared\BackgroundCMD_1.0.0.1.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Bitdefender.7.2.Keygen.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Cambridge_Advanced_Learner's_Dictionary_(Symbian_Series_60)_2.7.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Command_&_Conquer_Generals_-_Oil_Crisis_map.czip
C:\Documents and Settings\Owner\Application Data\m\shared\Command_&_Conquer_Generals_-_Oil_Crisis_map.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Concepts_3D_2.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\ConnectOrb_1.2.zip
C:\Documents and Settings\Owner\Application Data\m\shared\DiskDriver_4.2.2_(Cracked).zip
C:\Documents and Settings\Owner\Application Data\m\shared\EdgeDesk_4.03.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Flexsite_2.8e_With_Crack.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Infinite_Spades_1.5.zip
C:\Documents and Settings\Owner\Application Data\m\shared\KASPERSKY_.6.0.0.303_esp.zip
C:\Documents and Settings\Owner\Application Data\m\shared\LingvoSoft_Suite_2007_English_-_Portuguese_2.0.23.zip
C:\Documents and Settings\Owner\Application Data\m\shared\OE_Quick_Tools_4.8.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Panda.Platinum.2005.Internet.Security.v9.01.02.Retail-DVT.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Serial_Port_Redirector_1.5_Beta_(Cracked).zip
C:\Documents and Settings\Owner\Application Data\m\shared\Sticky_Password_3.0.1.27.zip
C:\Documents and Settings\Owner\Application Data\m\shared\The_Best_Cars_Show_Screensaver_1.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Vcard_Studio_Express_1.0.0.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Windows_Password_Recovery_Bootdisk_1.0.zip
C:\Documents and Settings\Owner\Application Data\m\srvlist.oct
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\7L6BMA3L\interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\7L6BMA3L\interclick.com\ud.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\7L6BMA3L\www.inter-focus.cn
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\7L6BMA3L\www.inter-focus.cn\IFFLASHAD_PLAYER.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn\settings.sol
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][4].txt
C:\Documents and Settings\Owner\Cookies\[email protected][5].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][7].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\WINNT\didduid.ini
C:\WINNT\Downloaded Program Files\setup.inf
C:\WINNT\system32\ban_list.txt
C:\WINNT\system32\drivers\downld
C:\WINNT\system32\drivers\downld\102281.exe
C:\WINNT\system32\drivers\downld\106140.exe
C:\WINNT\system32\drivers\downld\108093.exe
C:\WINNT\system32\drivers\downld\116703.exe
C:\WINNT\system32\drivers\downld\117781.exe
C:\WINNT\system32\drivers\downld\126312.exe
C:\WINNT\system32\drivers\downld\129406.exe
C:\WINNT\system32\drivers\downld\129859.exe
C:\WINNT\system32\drivers\downld\130140.exe
C:\WINNT\system32\drivers\downld\132453.exe
C:\WINNT\system32\drivers\downld\137046.exe
C:\WINNT\system32\drivers\downld\142890.exe
C:\WINNT\system32\drivers\downld\14683937.exe
C:\WINNT\system32\drivers\downld\14685609.exe
C:\WINNT\system32\drivers\downld\14700984.exe
C:\WINNT\system32\drivers\downld\14714859.exe
C:\WINNT\system32\drivers\downld\14724703.exe
C:\WINNT\system32\drivers\downld\14732390.exe
C:\WINNT\system32\drivers\downld\14735875.exe
C:\WINNT\system32\drivers\downld\14823843.exe
C:\WINNT\system32\drivers\downld\150140.exe
C:\WINNT\system32\drivers\downld\158765.exe
C:\WINNT\system32\drivers\downld\160046.exe
C:\WINNT\system32\drivers\downld\160078.exe
C:\WINNT\system32\drivers\downld\160765.exe
C:\WINNT\system32\drivers\downld\161718.exe
C:\WINNT\system32\drivers\downld\161921.exe
C:\WINNT\system32\drivers\downld\162359.exe
C:\WINNT\system32\drivers\downld\163312.exe
C:\WINNT\system32\drivers\downld\16483593.exe
C:\WINNT\system32\drivers\downld\16495406.exe
C:\WINNT\system32\drivers\downld\16519484.exe
C:\WINNT\system32\drivers\downld\16521484.exe
C:\WINNT\system32\drivers\downld\165328.exe
C:\WINNT\system32\drivers\downld\165468.exe
C:\WINNT\system32\drivers\downld\165859.exe
C:\WINNT\system32\drivers\downld\168296.exe
C:\WINNT\system32\drivers\downld\168515.exe
C:\WINNT\system32\drivers\downld\170671.exe
C:\WINNT\system32\drivers\downld\173515.exe
C:\WINNT\system32\drivers\downld\175296.exe
C:\WINNT\system32\drivers\downld\176578.exe
C:\WINNT\system32\drivers\downld\181656.exe
C:\WINNT\system32\drivers\downld\183671.exe
C:\WINNT\system32\drivers\downld\187078.exe
C:\WINNT\system32\drivers\downld\187218.exe
C:\WINNT\system32\drivers\downld\188140.exe
C:\WINNT\system32\drivers\downld\192187.exe
C:\WINNT\system32\drivers\downld\193281.exe
C:\WINNT\system32\drivers\downld\210921.exe
C:\WINNT\system32\drivers\downld\212484.exe
C:\WINNT\system32\drivers\downld\215015.exe
C:\WINNT\system32\drivers\downld\216484.exe
C:\WINNT\system32\drivers\downld\217703.exe
C:\WINNT\system32\drivers\downld\218843.exe
C:\WINNT\system32\drivers\downld\220671.exe
C:\WINNT\system32\drivers\downld\223468.exe
C:\WINNT\system32\drivers\downld\228468.exe
C:\WINNT\system32\drivers\downld\231703.exe
C:\WINNT\system32\drivers\downld\237921.exe
C:\WINNT\system32\drivers\downld\238562.exe
C:\WINNT\system32\drivers\downld\240515.exe
C:\WINNT\system32\drivers\downld\245765.exe
C:\WINNT\system32\drivers\downld\251062.exe
C:\WINNT\system32\drivers\downld\251750.exe
C:\WINNT\system32\drivers\downld\253859.exe
C:\WINNT\system32\drivers\downld\260187.exe
C:\WINNT\system32\drivers\downld\261921.exe
C:\WINNT\system32\drivers\downld\264500.exe
C:\WINNT\system32\drivers\downld\265500.exe
C:\WINNT\system32\drivers\downld\272765.exe
C:\WINNT\system32\drivers\downld\276640.exe
C:\WINNT\system32\drivers\downld\277078.exe
C:\WINNT\system32\drivers\downld\278328.exe
C:\WINNT\system32\drivers\downld\281250.exe
C:\WINNT\system32\drivers\downld\288406.exe
C:\WINNT\system32\drivers\downld\292453.exe
C:\WINNT\system32\drivers\downld\295093.exe
C:\WINNT\system32\drivers\downld\305640.exe
C:\WINNT\system32\drivers\downld\307343.exe
C:\WINNT\system32\drivers\downld\314078.exe
C:\WINNT\system32\drivers\downld\315765.exe
C:\WINNT\system32\drivers\downld\318843.exe
C:\WINNT\system32\drivers\downld\327453.exe
C:\WINNT\system32\drivers\downld\328718.exe
C:\WINNT\system32\drivers\downld\332609.exe
C:\WINNT\system32\drivers\downld\333984.exe
C:\WINNT\system32\drivers\downld\339156.exe
C:\WINNT\system32\drivers\downld\342593.exe
C:\WINNT\system32\drivers\downld\3537328.exe
C:\WINNT\system32\drivers\downld\3563203.exe
C:\WINNT\system32\drivers\downld\371562.exe
C:\WINNT\system32\drivers\downld\374218.exe
C:\WINNT\system32\drivers\downld\393906.exe
C:\WINNT\system32\drivers\downld\3967171.exe
C:\WINNT\system32\drivers\downld\3981421.exe
C:\WINNT\system32\drivers\downld\3990015.exe
C:\WINNT\system32\drivers\downld\4000000.exe
C:\WINNT\system32\drivers\downld\4026046.exe
C:\WINNT\system32\drivers\downld\4029062.exe
C:\WINNT\system32\drivers\downld\406921.exe
C:\WINNT\system32\drivers\downld\411781.exe
C:\WINNT\system32\drivers\downld\4121093.exe
C:\WINNT\system32\drivers\downld\425781.exe
C:\WINNT\system32\drivers\downld\427750.exe
C:\WINNT\system32\drivers\downld\431968.exe
C:\WINNT\system32\drivers\downld\434265.exe
C:\WINNT\system32\drivers\downld\436468.exe
C:\WINNT\system32\drivers\downld\529250.exe
C:\WINNT\system32\drivers\downld\644031.exe
C:\WINNT\system32\drivers\downld\734046.exe
C:\WINNT\system32\drivers\downld\749281.exe
C:\WINNT\system32\drivers\downld\773343.exe
C:\WINNT\system32\drivers\downld\776343.exe
C:\WINNT\system32\drivers\downld\810015.exe
C:\WINNT\system32\drivers\downld\872859.exe
C:\WINNT\system32\drivers\downld\98640.exe
C:\WINNT\system32\drivers\hldrrr.exe
C:\WINNT\system32\drivers\mdelk.exe
C:\WINNT\system32\drivers\srosa.sys
C:\WINNT\system32\mdelk.exe
C:\WINNT\system32\wintems.exe
C:\WINNT\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))
.

2008-08-13 18:06 . 2008-08-13 18:06 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-08-13 15:41 . 2008-08-13 15:41 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-06 14:08 . 2008-08-06 14:08 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-08-06 14:08 . 2008-08-06 14:08 1,409 --a------ C:\WINNT\QTFont.for
2008-08-01 19:01 . 2007-04-09 13:23 28,040 --a------ C:\WINNT\system32\mdimon.dll
2008-07-30 19:27 . 2008-07-30 19:28 <DIR> d-------- C:\Documents and Settings\Angela\Contacts
2008-07-30 19:25 . 2008-07-30 19:25 <DIR> d-------- C:\Documents and Settings\Angela\Application Data\Canon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-13 22:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-13 19:58 --------- d-----w C:\Program Files\QuickMediaConverter
2008-08-13 19:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-07 23:48 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-08-06 22:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-06 22:34 14,848 ----a-w C:\WINNT\system32\dllcache\register.exe
2008-08-06 22:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-06 21:19 --------- d-----w C:\Program Files\Bitmap to Icon 3.5
2008-08-06 19:40 --------- d-----w C:\Program Files\Logitech
2008-08-06 19:40 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-08-06 19:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-08-02 00:24 --------- d-----w C:\Program Files\epson
2008-08-01 22:42 --------- d-----w C:\Program Files\BookSmart
2008-08-01 22:39 --------- d-----w C:\Program Files\SmartRecovery
2008-08-01 22:38 --------- d-----w C:\Program Files\Macromedia
2008-08-01 22:34 --------- d-----w C:\Program Files\eMule
2008-07-31 01:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\GlobalSCAPE
2008-07-21 14:59 --------- d-----w C:\Documents and Settings\Owner\Application Data\Roxio
2008-07-17 15:57 --------- d-----w C:\Program Files\LGGSM
2008-06-20 17:41 245,248 ----a-w C:\WINNT\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINNT\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINNT\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINNT\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINNT\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINNT\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINNT\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINNT\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINNT\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINNT\system32\dllcache\bthport.sys
2008-05-30 05:24 737,280 ----a-w C:\WINNT\iun6002.exe
2007-08-25 23:28 173,840 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2005-03-23 05:16 148 ----a-w C:\Program Files\INSTALL.LOG
1999-03-07 22:10 1,472 ----a-w C:\Program Files\guitarcase.icl
2006-09-08 19:56 60,960 --sha-w C:\WINNT\fidbox.dat
2005-08-13 03:13 1,890 --sha-w C:\WINNT\system32\KGyGaAvL.sys
.

<pre>
----a-w		 2,288,508 2004-09-19 01:33:21  C:\Documents and Settings\Owner\My Documents\My Received Files\CloneCD v3.0.9.1 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CEIIcon Icon Overlay Identifier]
@="{90264A4E-C4B9-4D83-9827-A69630961C45}"
[HKEY_CLASSES_ROOT\CLSID\{90264A4E-C4B9-4D83-9827-A69630961C45}]
2003-06-27 21:31 53248 --a------ C:\WINNT\system32\ceiicon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SafeLAN Icon Overlay Identifier]
@="{6E03277D-7B81-43A2-A2B9-FE3CD33BF37E}"
[HKEY_CLASSES_ROOT\CLSID\{6E03277D-7B81-43A2-A2B9-FE3CD33BF37E}]
2002-02-22 16:11 53248 --a------ C:\WINNT\system32\safelan.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-08-15 18:42 78008]
"MSConfig"="C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 03:56 158208]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [2006-10-22 13:22 7700480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 21:17 443968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"vidc.MP43"= msmpeg4.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.PIMJ"= pvljpg20.dll
"VIDC.MJPX"= pvmjpg21.dll
"VIDC.PVW2"= pvwv220.dll
"VIDC.MSZH"= avimszh.dll
"VIDC.ZLIB"= avizlib.dll
"VIDC.vcr1"= ativcr1.dll
"VIDC.vcr2"= ativcr2.dll
"VIDC.ASV1"= asusasv1.dll
"VIDC.ASV2"= asusasv2.dll
"VIDC.I263"= i263_32.drv
"msacm.WRPR"= aviwrap.dll
"vidc.WRPR"= aviwrap.dll
"VIDC.RUD0"= rududu.dll
"MSACM.IMC"= IMC32.ACM
"VIDC.DCMJ"= MCMJPG32.DLL
"VIDC.MWV1"= icmw_32.dll
"vidc.aflc"= flccodec32.dll
"vidc.afli"= flccodec32.dll
"msacm.qmpeg"= qmpeg.acm
"VIDC.BT20"= btvvc32.drv
"VIDC.Y41P"= btvvc32.drv
"MSACM.PCDV"= pcdv.acm
"VIDC.CDVC"= CSCCDVC.DLL
"VIDC.DDVC"= CSCdvsd.DLL
"VIDC.PDVC"= pdvcodec.dll
"VIDC.DVX4"= divx4.dll
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"IMC32.ACM"= IMC32.ACM
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINNT\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootLocker]
--a------ 2003-12-28 21:44 24576 C:\Program Files\BootLocker\BootLockerStartup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 C:\WINNT\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDBitSet]
--------- 2003-12-18 17:37 184320 C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
--------- 2004-09-03 13:14 57344 C:\Program Files\HP DVD\Umbrella\DVDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2005-01-12 14:54 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--ah----- 2006-10-11 03:05 712712 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICONFIG.EXE]
C:\PROGRA~1\COMMON~1\SHUTTL~1\ICONFIG.EXE [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
--a------ 2001-10-04 02:00 28672 C:\Program Files\Creative\SBAudigy\Program\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Keyboard Preload Check]
C:\OEMDRVRS\KEYB\Preload.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\Money Express.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2004-05-19 11:24 385024 C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINNT\system32\NeroCheck.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 13:22 7700480 C:\WINNT\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 13:22 86016 C:\WINNT\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
--a------ 2003-01-13 14:05 69632 C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2006-01-07 02:36 81920 C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]

[Advertisements]

So I ran the Malware Removal tool as well and it removed a few minibugs but hasn't solved the problem yet! Still can't run any antivirus apps (not a recognized Win32 app... bla bla!)

Here is the log from that scan:

Malwarebytes' Anti-Malware 1.24
Database version: 1056
Windows 5.1.2600 Service Pack 2

8:50:07 PM 8/15/2008
mbam-log-8-15-2008 (20-50-07).txt

Scan type: Quick Scan
Objects scanned: 47672
Time elapsed: 5 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

[tanja17]

So I ran the Malware Removal tool as well and it removed a few minibugs but hasn't solved the problem yet! Still can't run any antivirus apps (not a recognized Win32 app... bla bla!)

Here is the log from that scan:

Malwarebytes' Anti-Malware 1.24
Database version: 1056
Windows 5.1.2600 Service Pack 2

8:50:07 PM 8/15/2008
mbam-log-8-15-2008 (20-50-07).txt

Scan type: Quick Scan
Objects scanned: 47672
Time elapsed: 5 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

[tanja17]

After reading more posts abotu the Bagle worm, etc, I ran all the cleaning apps again, which found more and I removed them.
I then re-installed Avast, SpyBot, and other anti-virus applications that the virus had disabled.

After re-installation, it appears things are working now -- is there any way for me to confirm that the computer is clean? Besides running the malware removal scan again?

Hoping I managed to do this with all the bits and pieces from other posts!