Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Your Privacy Is In Danger Red Background/App [CLOSED]

Started by Ryan Aquatic , Aug 25 2008 12:42 AM

  • This topic is locked This topic is locked

#1
Ryan Aquatic
Posted 25 August 2008 - 12:42 AM

Ryan Aquatic

    New Member

  • Member
  • Pip
  • 5 posts
Hey everyone, i joined to seek some assistance on some tough malware. It's doing a few things, and Malwarebytes hadn't done the trick for me. I fear that my registries are being far screwed with. But i'll post the HijackThis log, and see if i can gain any technical assistance. Thank you very much in advance.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:31 PM, on 8/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Ryan\LOCALS~1\Temp\Rar$EX00.703\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: QXK Olive - {E350B1C6-A8DC-4EEF-90DB-61DCAE9D1B67} - C:\WINDOWS\rodqgpvlkoa.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: qalkfxor - {18C388BB-5014-4906-AE38-E62BA5AA7387} - C:\WINDOWS\qalkfxor.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\RunOnce: [AOLRebootNeeded] regsvr32.exe /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1217094820844
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1217094949172
O21 - SSODL: pdoskegl - {95EE052B-EE5C-4AA3-B542-CBD18353E224} - C:\WINDOWS\pdoskegl.dll
O21 - SSODL: rqbmvpso - {5F06A0A0-5A3F-4C90-8904-B9E24295011E} - C:\WINDOWS\rqbmvpso.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 1: Privacy Protection - (no file)

--
End of file - 9333 bytes
  • 0

Advertisements

#2
Rorschach112
Posted 25 August 2008 - 06:17 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.



Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#3
Ryan Aquatic
Posted 25 August 2008 - 09:49 AM

Ryan Aquatic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
The SD Fix Report :

SDFix: Version 1.219
Run by Ryan on Mon 08/25/2008 at 08:40 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\DOCUME~1\Ryan\LOCALS~1\Temp\sfsrv.exe.bat - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 08:44:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 25 Aug 2008 229,376 A..H. --- "C:\Documents and Settings\LocalService\NTUSER.bak"
Mon 25 Aug 2008 229,376 A..H. --- "C:\Documents and Settings\NetworkService\NTUSER.bak"
Mon 25 Aug 2008 3,670,016 A..H. --- "C:\Documents and Settings\Ryan\NTUSER.bak"
Sun 13 Apr 2008 1,695,232 ...H. --- "C:\Program Files\Messenger\msmsgs.exe"
Sun 13 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Mon 4 Aug 2008 0 A..H. --- "C:\Documents and Settings\Ryan\Application Data\.D5F9F79257A0E5FA.sys"
Sat 26 Jul 2008 20,487 ..SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Sat 26 Jul 2008 265 ..SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Sat 26 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 26 Jul 2008 262,144 A..H. --- "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.bak"
Sat 26 Jul 2008 262,144 A..H. --- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.bak"
Mon 25 Aug 2008 262,144 A..H. --- "C:\Documents and Settings\Ryan\Local Settings\Application Data\Microsoft\Windows\UsrClass.bak"

Finished!
  • 0

#4
Ryan Aquatic
Posted 25 August 2008 - 09:50 AM

Ryan Aquatic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
it still appeared on reboot though, and it continues to appear each time i reboot im going to run combofix and hijackthis again and post the results.
  • 0

#5
Ryan Aquatic
Posted 25 August 2008 - 10:57 AM

Ryan Aquatic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ComboFix 08-08-24.03 - Ryan 2008-08-25 9:35:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2454 [GMT -7:00]
Running from: C:\Documents and Settings\Ryan\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Ryan\Application Data\macromedia\Flash Player\#SharedObjects\JPZP2JYA\interclick.com
C:\Documents and Settings\Ryan\Application Data\macromedia\Flash Player\#SharedObjects\JPZP2JYA\interclick.com\ud.sol
C:\Documents and Settings\Ryan\Application Data\macromedia\Flash Player\#SharedObjects\JPZP2JYA\static.youku.com
C:\Documents and Settings\Ryan\Application Data\macromedia\Flash Player\#SharedObjects\JPZP2JYA\static.youku.com\v1.0.0305\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Ryan\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Ryan\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Ryan\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\Ryan\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\Documents and Settings\Ryan\Desktop\Error Cleaner.url
C:\Documents and Settings\Ryan\Desktop\Privacy Protector.url
C:\Documents and Settings\Ryan\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Ryan\Favorites\Error Cleaner.url
C:\Documents and Settings\Ryan\Favorites\Privacy Protector.url
C:\Documents and Settings\Ryan\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\system32\Cache

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2008-07-25 to 2008-08-25 )))))))))))))))))))))))))))))))
.

2008-08-25 09:47 . 2008-08-25 09:47 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\TmpRecentIcons
2008-08-25 08:40 . 2008-08-25 08:40 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-08-25 08:38 . 2008-08-25 08:38 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-25 08:33 . 2008-08-25 08:45 <DIR> d-------- C:\SDFix
2008-08-25 08:30 . 2008-08-25 08:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-24 23:24 . 2008-08-24 23:24 <DIR> d-------- C:\Program Files\ERUNT
2008-08-24 21:01 . 2008-08-24 21:04 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-08-24 20:13 . 2008-08-24 20:21 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-08-24 17:59 . 2008-08-24 03:45 380,928 --a------ C:\WINDOWS\rodqgpvlkoa.dll
2008-08-24 17:59 . 2008-08-24 03:45 233,472 --a------ C:\WINDOWS\pdoskegl.dll
2008-08-24 17:59 . 2008-08-24 03:45 188,416 --a------ C:\WINDOWS\rqbmvpso.dll
2008-08-24 17:59 . 2008-08-24 03:45 86,016 --a------ C:\WINDOWS\rvoelbxt.exe
2008-08-18 16:20 . 2008-08-18 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-18 16:11 . 2008-08-18 16:11 <DIR> d-------- C:\Program Files\Bonjour
2008-08-18 16:02 . 2008-08-18 16:02 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-18 15:27 . 2008-08-18 15:29 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\FrostWire
2008-08-17 20:45 . 2008-08-17 20:45 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\Talkback
2008-08-17 20:45 . 2008-08-17 20:45 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-17 20:44 . 2008-08-18 15:50 <DIR> d-------- C:\Program Files\Common Files\Real
2008-08-15 08:48 . 2008-08-25 01:10 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-15 08:48 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-15 08:48 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-15 08:27 . 2008-08-15 08:27 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\Malwarebytes
2008-08-15 08:27 . 2008-08-15 08:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-15 07:44 . 2008-08-24 18:39 <DIR> d-------- C:\Program Files\VirtualDJ
2008-08-14 21:28 . 2008-08-14 21:28 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-14 21:27 . 2008-08-14 21:27 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-14 21:27 . 2008-04-13 17:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-14 17:39 . 2008-05-01 07:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 17:38 . 2008-04-11 12:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 00:45 . 2008-08-13 00:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-08-13 00:45 . 2008-08-13 00:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-08-13 00:43 . 2008-08-13 00:45 <DIR> d-------- C:\Program Files\Logitech
2008-08-13 00:42 . 2008-08-13 00:45 <DIR> d-------- C:\Program Files\Common Files\logishrd
2008-08-11 14:06 . 2008-08-11 14:06 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\Windows Search
2008-08-10 23:51 . 2008-08-10 23:51 <DIR> d-------- C:\Program Files\Winamp
2008-08-10 23:51 . 2008-08-10 23:51 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\Winamp
2008-08-09 23:22 . 2008-08-09 23:49 <DIR> d-------- C:\Program Files\Spectrasonics
2008-08-09 23:17 . 2008-08-09 23:17 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\vlc
2008-08-09 11:52 . 2008-08-09 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-09 11:51 . 2008-08-18 16:18 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-05 14:53 . 2008-08-05 14:53 <DIR> d-------- C:\Program Files\Common Files\Digidesign
2008-08-05 14:53 . 2006-09-20 14:11 163,840 --a------ C:\WINDOWS\system32\ArtFfct.dll
2008-08-05 14:09 . 2008-08-23 22:26 <DIR> d-------- C:\Program Files\Arturia
2008-08-05 14:00 . 2008-08-05 14:00 <DIR> d-------- C:\Program Files\Timeworks
2008-08-05 13:57 . 1998-11-22 03:13 53,248 --a------ C:\WINDOWS\system32\stu.dll
2008-08-04 15:42 . 2008-08-04 15:42 0 --ah----- C:\Documents and Settings\Ryan\Application Data\.D5F9F79257A0E5FA.sys
2008-08-03 21:44 . 2008-08-03 21:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-08-03 21:28 . 2008-08-03 21:28 <DIR> d-------- C:\Program Files\VOB
2008-08-03 21:28 . 2002-08-28 11:09 611,840 --a------ C:\WINDOWS\system32\vobhw.dll
2008-08-03 21:28 . 2002-09-26 17:34 153,088 --a------ C:\WINDOWS\system32\IWUninstall.exe
2008-08-03 21:28 . 2000-04-27 12:31 19,456 --a------ C:\WINDOWS\system32\asapi.dll
2008-08-03 21:28 . 2002-04-17 20:27 11,264 --a------ C:\WINDOWS\system32\drivers\asapi.sys
2008-08-03 21:27 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-08-03 21:26 . 2008-08-03 21:26 <DIR> d-------- C:\Documents and Settings\Ryan\WINDOWS
2008-08-03 21:16 . 2008-08-03 21:28 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\FXpansion
2008-08-03 21:13 . 2008-08-03 21:13 <DIR> d-------- C:\Program Files\Nomad Factory
2008-08-03 21:13 . 2003-06-20 12:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-08-03 21:13 . 2003-03-18 18:04 765,952 --a------ C:\WINDOWS\system32\msvcp71d.dll
2008-08-03 21:13 . 2003-03-18 18:03 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-07-29 12:02 . 2008-07-29 12:02 <DIR> d-------- C:\WINDOWS\system32\INF
2008-07-29 12:02 . 2008-07-29 12:02 <DIR> d-------- C:\Program Files\M-Audio MA_CMIDI
2008-07-29 12:02 . 2005-06-14 13:44 85,504 --a------ C:\WINDOWS\system32\ma_cmidn.dll
2008-07-29 12:02 . 2005-06-14 13:44 21,888 --a------ C:\WINDOWS\system32\drivers\ma_cmidi.sys
2008-07-29 12:02 . 2005-06-14 13:44 17,920 --a------ C:\WINDOWS\system32\MA_CMIDI.DLL
2008-07-29 12:02 . 2005-06-14 13:44 14,176 --a------ C:\WINDOWS\system32\MA_CMIDI.DRV
2008-07-29 12:02 . 2005-06-14 13:44 7,282 --a------ C:\WINDOWS\system32\MA_CMIDI.VXD
2008-07-29 09:44 . 2008-07-29 09:44 <DIR> d-------- C:\Program Files\MagicDisc
2008-07-29 09:44 . 2008-07-28 17:19 116,736 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-07-26 22:13 . 2008-04-13 11:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-07-26 22:13 . 2008-04-13 11:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-07-26 22:13 . 2008-04-13 17:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-07-26 22:13 . 2008-04-13 17:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-07-26 22:13 . 2008-04-13 11:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-26 22:13 . 2008-04-13 11:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-07-26 22:12 . 2008-04-13 11:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-26 22:12 . 2008-04-13 11:45 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-26 15:48 . 2008-07-26 15:48 <DIR> d-------- C:\WINDOWS\Sun
2008-07-26 15:48 . 2008-07-26 15:48 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-07-26 15:48 . 2008-08-03 14:08 23 --a------ C:\Documents and Settings\Ryan\jagex_runescape_preferences.dat
2008-07-26 15:29 . 2008-07-26 15:29 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-26 15:22 . 2008-07-26 15:22 <DIR> d-------- C:\Program Files\Viewpoint
2008-07-26 15:22 . 2008-07-26 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-26 15:22 . 2008-07-26 15:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-07-26 15:22 . 2008-07-26 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-07-26 15:21 . 2008-08-24 22:59 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-07-26 15:21 . 2008-07-26 15:22 458 --ah----- C:\IPH.PH
2008-07-26 14:57 . 2008-07-26 14:58 <DIR> d-------- C:\Program Files\Waves
2008-07-26 14:57 . 2008-08-17 20:44 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-07-26 14:57 . 2008-08-17 20:44 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-07-26 14:45 . 2008-08-24 17:58 <DIR> d-------- C:\Program Files\VSTplugins
2008-07-26 14:45 . 2008-07-26 14:45 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\DivX
2008-07-26 14:38 . 2008-07-26 14:38 <DIR> d-------- C:\Program Files\Outsim
2008-07-26 14:38 . 2008-08-24 18:40 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-07-26 14:38 . 2002-07-07 15:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-07-26 14:37 . 2008-07-27 07:54 <DIR> d-------- C:\Program Files\Image-Line
2008-07-26 14:21 . 2008-04-13 11:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-26 14:20 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-26 14:19 . 2008-07-26 17:22 <DIR> d-------- C:\Program Files\Java
2008-07-26 14:19 . 2008-07-26 14:19 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-26 14:17 . 2008-07-26 14:17 <DIR> d-------- C:\System Update
2008-07-26 14:17 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-26 14:17 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-26 14:16 . 2008-08-23 01:56 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\SiteAdvisor
2008-07-26 14:16 . 2008-08-24 23:28 <DIR> d-------- C:\Documents and Settings\Ryan
2008-07-26 14:01 . 2008-07-26 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2008-07-26 13:25 . 2008-07-26 13:25 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-26 13:25 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2008-07-26 13:24 . 2008-07-26 13:24 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-26 13:21 . 2008-07-26 13:21 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-26 13:21 . 2008-08-14 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-26 13:20 . 2008-07-26 13:20 <DIR> dr-h----- C:\MSOCache
2008-07-26 12:43 . 2006-11-07 14:58 356,352 --a------ C:\WINDOWS\system32\nvunrm.exe
2008-07-26 12:43 . 2006-10-05 16:35 356,352 --------- C:\WINDOWS\system32\nvuide.exe
2008-07-26 12:43 . 2006-10-19 09:36 3,903 --a------ C:\WINDOWS\system32\nvnrm.nvu
2008-07-26 12:40 . 2008-07-26 12:40 <DIR> d-------- C:\Documents and Settings\Yeoman\Application Data\InstallShield
2008-07-26 12:20 . 2008-07-26 12:20 <DIR> d-------- C:\Program Files\DivX
2008-07-26 12:15 . 2008-07-27 07:52 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2008-07-26 12:13 . 2008-07-26 12:13 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-26 12:13 . 2008-07-26 12:13 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-07-26 12:13 . 2008-07-26 12:13 <DIR> d-------- C:\Documents and Settings\Yeoman\Application Data\Windows Desktop Search
2008-07-26 12:13 . 2008-03-07 10:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-07-26 12:13 . 2008-03-07 10:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-07-26 12:13 . 2008-03-07 10:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-07-26 12:12 . 2008-07-26 12:12 <DIR> d-------- C:\Temp\ext18866

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 17:49 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-07-26 14:58 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E350B1C6-A8DC-4EEF-90DB-61DCAE9D1B67}]
2008-08-24 03:45 380928 --a------ C:\WINDOWS\rodqgpvlkoa.dll

C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-07-29 09:44:47 575488]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 1 (0x1)
"DisableTaskMgr"= 0 (0x0)
"NoDispCPL"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoStartMenuMorePrograms"= 1 (0x1)
"NoSetFolders"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pdoskegl"= {95EE052B-EE5C-4AA3-B542-CBD18353E224} - C:\WINDOWS\pdoskegl.dll [2008-08-24 03:45 233472]
"rqbmvpso"= {5F06A0A0-5A3F-4C90-8904-B9E24295011E} - C:\WINDOWS\rqbmvpso.dll [2008-08-24 03:45 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= ma_cmidn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 20:27]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 14:38]
S0 nvgts;nvgts;C:\WINDOWS\system32\DRIVERS\nvgts.sys [2008-01-17 11:51]
S3 MA_CMIDI;%EVOL_USB.SvcDesc%;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2005-06-14 13:44]
.
Contents of the 'Scheduled Tasks' folder

2008-07-26 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{18C388BB-5014-4906-AE38-E62BA5AA7387} - C:\WINDOWS\qalkfxor.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\wzb1lee4.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
.
------- File Associations (Beta) -------
.
regfile=regedit.exe "%1" %*
scrfile="%1" %*
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 09:47:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]
"ImagePath"="System32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]
"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Arp1394]
"ImagePath"="System32\DRIVERS\arp1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Asapi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_1.1.4322]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="System32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]
"ImagePath"="System32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]
"ImagePath"="System32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bonjour Service]
"ImagePath"="\"C:\Program Files\Bonjour\mDNSResponder.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CamDrL]
"ImagePath"="system32\DRIVERS\Camdrl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\C:\ComboFix\catchme.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CCDECODE]
"ImagePath"="system32\DRIVERS\CCDECODE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="System32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cisvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
"ImagePath"="C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
"ImagePath"="System32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="C:\WINDOWS\System32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="System32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FLEXnet Licensing Service]
"ImagePath"="\"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
"ImagePath"="System32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="System32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="System32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"="\"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="System32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="System32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IISADMIN]
"ImagePath"="C:\WINDOWS\System32\inetsrv\inetinfo.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="System32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\InetInfo]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RtkHDAud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="System32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ip6fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="System32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="System32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="System32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="System32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="System32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="System32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="System32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LPDSVC]
"ImagePath"="%SystemRoot%\System32\tcpsvcs.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVcKap]
"ImagePath"="system32\DRIVERS\LVcKap.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVMVDrv]
"ImagePath"="system32\DRIVERS\LVMVDrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVPr2Mon]
"ImagePath"="system32\DRIVERS\LVPr2Mon.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVPrcSrv]
"ImagePath"="c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVSrvLauncher]
"ImagePath"="C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVUSBSta]
"ImagePath"="system32\DRIVERS\LVUSBSta.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MADFUUSB]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MA_CMIDI]
"ImagePath"="system32\drivers\ma_cmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MA_CMIDI_InstallerService]
"ImagePath"="C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mcdbus]
"ImagePath"="system32\DRIVERS\mcdbus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mcmscsvc]
"ImagePath"="C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McNASvc]
"ImagePath"="\"c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McODS]
"ImagePath"="C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McProxy]
"ImagePath"="c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McShield]
"ImagePath"="C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McSysmon]
"ImagePath"="C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDM]
"ImagePath"="\"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfeavfk]
"ImagePath"="system32\drivers\mfeavfk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfebopk]
"ImagePath"="system32\drivers\mfebopk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfehidk]
"ImagePath"="system32\drivers\mfehidk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mferkdk]
"ImagePath"="system32\drivers\mferkdk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfesmfk]
"ImagePath"="system32\drivers\mfesmfk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\System32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="System32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MPFP]
"ImagePath"="System32\Drivers\Mpfp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MpfService]
"ImagePath"="\"C:\Program Files\McAfee\MPF\MPFSrv.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MQAC]
"ImagePath"="\??\C:\WINDOWS\System32\drivers\mqac.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="System32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="System32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="C:\WINDOWS\System32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSFtpsvc]
"ImagePath"="%SystemRoot%\System32\inetsrv\inetinfo.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSMQ]
"ImagePath"="C:\WINDOWS\System32\mqsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSMQTriggers]
"ImagePath"="C:\WINDOWS\System32\mqtgsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSSCNTRS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="System32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="System32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="System32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="System32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="System32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="System32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIC1394]
"ImagePath"="System32\DRIVERS\nic1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTFSDRV]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\System32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvata]
"ImagePath"="system32\DRIVERS\nvata.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVENETFD]
"ImagePath"="system32\DRIVERS\NVENETFD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvgts]
"ImagePath"="System32\DRIVERS\nvgts.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvnetbus]
"ImagePath"="system32\DRIVERS\nvnetbus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="System32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="System32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\odserv]
"ImagePath"="\"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohci1394]
"ImagePath"="System32\DRIVERS\ohci1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ose]
"ImagePath"="\"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Outlook]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="System32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="System32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="System32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
"ImagePath"="System32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="System32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="System32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="System32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="System32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="System32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="System32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="System32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="C:\WINDOWS\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="System32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RMCAST]
"ImagePath"="\??\C:\WINDOWS\System32\drivers\RMCast.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\System32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\System32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="System32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="System32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="System32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SimpTcp]
"ImagePath"="%SystemRoot%\System32\tcpsvcs.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiteAdvisor Service]
"ImagePath"="\"C:\Program Files\SiteAdvisor\6261\SAService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMTPSVC]
"ImagePath"="C:\WINDOWS\System32\inetsrv\inetinfo.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNMP]
"ImagePath"="%SystemRoot%\System32\snmp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="System32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="C:\WINDOWS\System32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="System32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiase
  • 0

#6
Rorschach112
Posted 25 August 2008 - 11:12 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\rodqgpvlkoa.dll
C:\WINDOWS\pdoskegl.dll
C:\WINDOWS\rqbmvpso.dll
C:\WINDOWS\rvoelbxt.exe

Folder::

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.




  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\WINDOWS\system32\dllcache\user32.dll
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


Repeat it for this file

C:\WINDOWS\system32\stu.dll
  • 0

#7
Ryan Aquatic
Posted 25 August 2008 - 06:36 PM

Ryan Aquatic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I hope this doesnt put too big of a dent in our progress, but my network for some reason will not let me upload anything to the internet, or else my whole network will shut down and i have to unplug and replug the router every time in order to gain access to the internet again. It's strange because i can download things without a problem, and my instant messenger will even work still, but internet explorer crashes on all 4 computers in my network for some reason that i don't understand.


heres the new combofix log :

ComboFix 08-08-24.03 - Ryan 2008-08-25 16:58:08.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2585 [GMT -7:00]
Running from: C:\Documents and Settings\Ryan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ryan\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\pdoskegl.dll
C:\WINDOWS\rodqgpvlkoa.dll
C:\WINDOWS\rqbmvpso.dll
C:\WINDOWS\rvoelbxt.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Ryan\Favorites\Error Cleaner.url
C:\Documents and Settings\Ryan\Favorites\Privacy Protector.url
C:\Documents and Settings\Ryan\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\pdoskegl.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rqbmvpso.dll
C:\WINDOWS\rvoelbxt.exe
.
---- Previous Run -------
.
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm

.
((((((((((((((((((((((((( Files Created from 2008-07-25 to 2008-08-25 )))))))))))))))))))))))))))))))
.

2008-08-25 15:48 . 2008-02-15 23:39 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-08-25 15:48 . 2008-02-15 23:39 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-08-25 15:48 . 2008-02-15 23:39 52,240 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-08-25 15:47 . 2008-08-25 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-08-25 08:40 . 2008-08-25 08:40 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-08-25 08:38 . 2008-08-25 08:38 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-25 08:33 . 2008-08-25 08:45 <DIR> d-------- C:\SDFix
2008-08-25 08:30 . 2008-08-25 15:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-24 23:24 . 2008-08-24 23:24 <DIR> d-------- C:\Program Files\ERUNT
2008-08-24 21:01 . 2008-08-24 21:04 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-08-24 20:13 . 2008-08-25 15:26 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-08-18 16:20 . 2008-08-18 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-18 16:11 . 2008-08-18 16:11 <DIR> d-------- C:\Program Files\Bonjour
2008-08-18 16:02 . 2008-08-18 16:02 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-18 15:27 . 2008-08-18 15:29 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\FrostWire
2008-08-17 20:45 . 2008-08-17 20:45 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\Talkback
2008-08-17 20:45 . 2008-08-17 20:45 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-17 20:44 . 2008-08-18 15:50 <DIR> d-------- C:\Program Files\Common Files\Real
2008-08-15 08:48 . 2008-08-25 01:10 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-15 08:48 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-15 08:48 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-15 08:27 . 2008-08-15 08:27 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\Malwarebytes
2008-08-15 08:27 . 2008-08-15 08:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-15 07:44 . 2008-08-24 18:39 <DIR> d-------- C:\Program Files\VirtualDJ
2008-08-14 21:28 . 2008-08-14 21:28 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-14 21:27 . 2008-08-14 21:27 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-14 21:27 . 2008-04-13 17:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-14 17:39 . 2008-05-01 07:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 17:38 . 2008-04-11 12:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 00:45 . 2008-08-13 00:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-08-13 00:45 . 2008-08-13 00:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-08-13 00:43 . 2008-08-13 00:45 <DIR> d-------- C:\Program Files\Logitech
2008-08-13 00:42 . 2008-08-13 00:45 <DIR> d-------- C:\Program Files\Common Files\logishrd
2008-08-11 14:06 . 2008-08-11 14:06 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\Windows Search
2008-08-10 23:51 . 2008-08-10 23:51 <DIR> d-------- C:\Program Files\Winamp
2008-08-10 23:51 . 2008-08-10 23:51 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\Winamp
2008-08-09 23:22 . 2008-08-09 23:49 <DIR> d-------- C:\Program Files\Spectrasonics
2008-08-09 23:17 . 2008-08-09 23:17 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\vlc
2008-08-09 11:52 . 2008-08-09 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-09 11:51 . 2008-08-18 16:18 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-05 14:53 . 2008-08-05 14:53 <DIR> d-------- C:\Program Files\Common Files\Digidesign
2008-08-05 14:53 . 2006-09-20 14:11 163,840 --a------ C:\WINDOWS\system32\ArtFfct.dll
2008-08-05 14:09 . 2008-08-23 22:26 <DIR> d-------- C:\Program Files\Arturia
2008-08-05 14:00 . 2008-08-05 14:00 <DIR> d-------- C:\Program Files\Timeworks
2008-08-05 13:57 . 1998-11-22 03:13 53,248 --a------ C:\WINDOWS\system32\stu.dll
2008-08-04 15:42 . 2008-08-04 15:42 0 --ah----- C:\Documents and Settings\Ryan\Application Data\.D5F9F79257A0E5FA.sys
2008-08-03 21:44 . 2008-08-03 21:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-08-03 21:28 . 2008-08-03 21:28 <DIR> d-------- C:\Program Files\VOB
2008-08-03 21:28 . 2002-08-28 11:09 611,840 --a------ C:\WINDOWS\system32\vobhw.dll
2008-08-03 21:28 . 2002-09-26 17:34 153,088 --a------ C:\WINDOWS\system32\IWUninstall.exe
2008-08-03 21:28 . 2000-04-27 12:31 19,456 --a------ C:\WINDOWS\system32\asapi.dll
2008-08-03 21:28 . 2002-04-17 20:27 11,264 --a------ C:\WINDOWS\system32\drivers\asapi.sys
2008-08-03 21:27 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-08-03 21:26 . 2008-08-03 21:26 <DIR> d-------- C:\Documents and Settings\Ryan\WINDOWS
2008-08-03 21:16 . 2008-08-03 21:28 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\FXpansion
2008-08-03 21:13 . 2008-08-03 21:13 <DIR> d-------- C:\Program Files\Nomad Factory
2008-08-03 21:13 . 2003-06-20 12:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-08-03 21:13 . 2003-03-18 18:04 765,952 --a------ C:\WINDOWS\system32\msvcp71d.dll
2008-08-03 21:13 . 2003-03-18 18:03 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-07-29 12:02 . 2008-07-29 12:02 <DIR> d-------- C:\WINDOWS\system32\INF
2008-07-29 12:02 . 2008-07-29 12:02 <DIR> d-------- C:\Program Files\M-Audio MA_CMIDI
2008-07-29 12:02 . 2005-06-14 13:44 85,504 --a------ C:\WINDOWS\system32\ma_cmidn.dll
2008-07-29 12:02 . 2005-06-14 13:44 21,888 --a------ C:\WINDOWS\system32\drivers\ma_cmidi.sys
2008-07-29 12:02 . 2005-06-14 13:44 17,920 --a------ C:\WINDOWS\system32\MA_CMIDI.DLL
2008-07-29 12:02 . 2005-06-14 13:44 14,176 --a------ C:\WINDOWS\system32\MA_CMIDI.DRV
2008-07-29 12:02 . 2005-06-14 13:44 7,282 --a------ C:\WINDOWS\system32\MA_CMIDI.VXD
2008-07-29 09:44 . 2008-07-29 09:44 <DIR> d-------- C:\Program Files\MagicDisc
2008-07-29 09:44 . 2008-07-28 17:19 116,736 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-07-26 22:13 . 2008-04-13 11:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-07-26 22:13 . 2008-04-13 11:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-07-26 22:13 . 2008-04-13 17:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-07-26 22:13 . 2008-04-13 17:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-07-26 22:13 . 2008-04-13 11:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-26 22:13 . 2008-04-13 11:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-07-26 22:12 . 2008-04-13 11:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-26 22:12 . 2008-04-13 11:45 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-26 15:48 . 2008-07-26 15:48 <DIR> d-------- C:\WINDOWS\Sun
2008-07-26 15:48 . 2008-07-26 15:48 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-07-26 15:48 . 2008-08-03 14:08 23 --a------ C:\Documents and Settings\Ryan\jagex_runescape_preferences.dat
2008-07-26 15:29 . 2008-07-26 15:29 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-26 15:22 . 2008-07-26 15:22 <DIR> d-------- C:\Program Files\Viewpoint
2008-07-26 15:22 . 2008-07-26 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-26 15:22 . 2008-07-26 15:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-07-26 15:22 . 2008-07-26 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-07-26 15:21 . 2008-08-24 22:59 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-07-26 15:21 . 2008-07-26 15:22 458 --ah----- C:\IPH.PH
2008-07-26 14:57 . 2008-07-26 14:58 <DIR> d-------- C:\Program Files\Waves
2008-07-26 14:57 . 2008-08-17 20:44 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-07-26 14:57 . 2008-08-17 20:44 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-07-26 14:45 . 2008-08-24 17:58 <DIR> d-------- C:\Program Files\VSTplugins
2008-07-26 14:45 . 2008-07-26 14:45 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\DivX
2008-07-26 14:38 . 2008-07-26 14:38 <DIR> d-------- C:\Program Files\Outsim
2008-07-26 14:38 . 2008-08-24 18:40 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-07-26 14:38 . 2002-07-07 15:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-07-26 14:37 . 2008-07-27 07:54 <DIR> d-------- C:\Program Files\Image-Line
2008-07-26 14:21 . 2008-04-13 11:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-26 14:20 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-26 14:19 . 2008-07-26 17:22 <DIR> d-------- C:\Program Files\Java
2008-07-26 14:19 . 2008-07-26 14:19 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-26 14:17 . 2008-07-26 14:17 <DIR> d-------- C:\System Update
2008-07-26 14:17 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-26 14:17 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-26 14:16 . 2008-08-24 23:28 <DIR> d-------- C:\Documents and Settings\Ryan
2008-07-26 14:01 . 2008-07-26 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2008-07-26 13:25 . 2008-07-26 13:25 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-26 13:25 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2008-07-26 13:24 . 2008-07-26 13:24 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-26 13:21 . 2008-07-26 13:21 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-26 13:21 . 2008-08-14 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-26 13:20 . 2008-07-26 13:20 <DIR> dr-h----- C:\MSOCache
2008-07-26 12:43 . 2006-11-07 14:58 356,352 --a------ C:\WINDOWS\system32\nvunrm.exe
2008-07-26 12:43 . 2006-10-05 16:35 356,352 --------- C:\WINDOWS\system32\nvuide.exe
2008-07-26 12:43 . 2006-10-19 09:36 3,903 --a------ C:\WINDOWS\system32\nvnrm.nvu
2008-07-26 12:40 . 2008-07-26 12:40 <DIR> d-------- C:\Documents and Settings\Yeoman\Application Data\InstallShield
2008-07-26 12:20 . 2008-07-26 12:20 <DIR> d-------- C:\Program Files\DivX
2008-07-26 12:13 . 2008-07-26 12:13 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-26 12:13 . 2008-07-26 12:13 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-07-26 12:13 . 2008-07-26 12:13 <DIR> d-------- C:\Documents and Settings\Yeoman\Application Data\Windows Desktop Search
2008-07-26 12:13 . 2008-03-07 10:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-07-26 12:13 . 2008-03-07 10:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-07-26 12:13 . 2008-03-07 10:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-07-26 12:12 . 2008-07-26 12:12 <DIR> d-------- C:\Temp\ext18866
2008-07-26 12:12 . 2008-08-19 08:35 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-07-26 12:08 . 2008-07-26 12:08 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-26 12:08 . 2008-07-26 12:08 <DIR> d-------- C:\Program Files\Windows Media Connect 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 17:49 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-07-26 14:58 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-19 02:08 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-07-19 02:08 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-07-19 01:51 1,195,448 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 00:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-06-11 00:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-06-11 00:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-27 05:21 1,582,592 ------w C:\WINDOWS\system32\tquery.dll
2008-05-27 05:21 1,418,240 ------w C:\WINDOWS\system32\mssrch.dll
2008-05-27 05:19 97,792 ------w C:\WINDOWS\system32\UncCplExt.dll
2008-05-27 05:19 273,408 ------w C:\WINDOWS\system32\oeph.dll
2008-05-27 05:19 2,048 ------w C:\WINDOWS\system32\UncRes.dll
2008-05-27 05:19 143,872 ------w C:\WINDOWS\system32\UncDMS.dll
2008-05-27 05:19 131,072 ------w C:\WINDOWS\system32\UncPH.dll
2008-05-27 05:19 11,264 ------w C:\WINDOWS\system32\oephRes.dll
2008-05-27 05:19 108,032 ------w C:\WINDOWS\system32\UncNE.dll
2008-05-27 05:18 71,680 ------w C:\WINDOWS\system32\propdefs.dll
2008-05-27 05:18 56,320 ------w C:\WINDOWS\system32\xmlfilter.dll
2008-05-27 05:18 44,032 ------w C:\WINDOWS\system32\msstrc.dll
2008-05-27 05:18 439,808 ------w C:\WINDOWS\system32\searchindexer.exe
2008-05-27 05:18 38,400 ------w C:\WINDOWS\system32\rtffilt.dll
2008-05-27 05:18 350,208 ------w C:\WINDOWS\system32\mssph.dll
2008-05-27 05:18 231,936 ------w C:\WINDOWS\system32\msshsq.dll
2008-05-27 05:18 203,776 ------w C:\WINDOWS\system32\mssphtb.dll
2008-05-27 05:18 184,832 ------w C:\WINDOWS\system32\searchprotocolhost.exe
2008-05-27 05:17 87,552 ------w C:\WINDOWS\system32\searchfilterhost.exe
2008-05-27 05:17 87,552 ------w C:\WINDOWS\system32\mssitlb.dll
2008-05-27 05:17 754,176 ------w C:\WINDOWS\system32\propsys.dll
2008-05-27 05:17 60,416 ------w C:\WINDOWS\system32\msscntrs.dll
2008-05-27 05:17 34,816 ------w C:\WINDOWS\system32\msscb.dll
2008-05-27 05:17 32,768 ------w C:\WINDOWS\system32\mssprxy.dll
2008-05-27 05:17 301,568 ------w C:\WINDOWS\system32\srchadmin.dll
2008-05-27 05:17 11,776 ------w C:\WINDOWS\system32\msshooks.dll
2008-05-27 04:59 18,904 ------w C:\WINDOWS\system32\structuredqueryschematrivial.bin
2008-05-27 04:59 106,605 ------w C:\WINDOWS\system32\structuredqueryschema.bin
.

((((((((((((((((((((((((((((( snapshot@2008-08-25_ 9.51.42.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-09 23:13:06 212,992 ----a-w C:\WINDOWS\Downloaded Program Files\TSEasyInstallMgr.dll
+ 2008-02-16 06:39:32 96,256 ----a-w C:\WINDOWS\Installer\atl80.dll
+ 2008-02-16 06:39:32 156,936 ----a-w C:\WINDOWS\Installer\libexpat.dll
+ 2008-02-16 06:39:32 1,101,824 ----a-w C:\WINDOWS\Installer\mfc80.dll
+ 2008-02-16 06:39:32 1,093,120 ----a-w C:\WINDOWS\Installer\mfc80u.dll
+ 2008-02-16 06:39:32 69,632 ----a-w C:\WINDOWS\Installer\mfcm80.dll
+ 2008-02-16 06:39:32 57,856 ----a-w C:\WINDOWS\Installer\mfcm80u.dll
+ 2008-02-16 06:39:32 479,232 ----a-w C:\WINDOWS\Installer\msvcm80.dll
+ 2008-02-16 06:39:32 548,864 ----a-w C:\WINDOWS\Installer\msvcp80.dll
+ 2008-02-16 06:39:32 626,688 ----a-w C:\WINDOWS\Installer\msvcr80.dll
+ 2008-02-16 06:39:32 124,168 ----a-w C:\WINDOWS\Installer\TmDbg32.dll
- 2008-08-25 15:13:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-25 20:10:09 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-25 15:13:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-25 20:10:09 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-25 15:13:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-25 20:10:09 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-16 06:39:32 333,328 ----a-w C:\WINDOWS\system32\drivers\TM_CFW.sys
+ 2008-02-16 06:39:32 65,936 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
- 2008-08-25 16:40:24 225,377 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-08-25 23:57:52 225,398 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-08-25 23:56:13 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_3b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-12 21:36 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-03 16:02 36352]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984]
"LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-02-06 17:43 252704]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-16 00:56 1398024]
"MsmqIntCert"="mqrt.dll" [2008-04-13 17:11 177152 C:\WINDOWS\system32\mqrt.dll]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 15:47 16859648 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\Ryan\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-07-29 09:44:47 575488]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= ma_cmidn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 nvgts;nvgts;C:\WINDOWS\system32\DRIVERS\nvgts.sys [2008-01-17 11:51]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 20:27]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 14:38]
R3 MA_CMIDI;%EVOL_USB.SvcDesc%;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2005-06-14 13:44]
.
- - - - ORPHANS REMOVED - - - -

BHO-{E350B1C6-A8DC-4EEF-90DB-61DCAE9D1B67} - C:\WINDOWS\rodqgpvlkoa.dll
SSODL-pdoskegl-{95EE052B-EE5C-4AA3-B542-CBD18353E224} - C:\WINDOWS\pdoskegl.dll
SSODL-rqbmvpso-{5F06A0A0-5A3F-4C90-8904-B9E24295011E} - C:\WINDOWS\rqbmvpso.dll



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 17:03:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-25 17:06:27
ComboFix-quarantined-files.txt 2008-08-26 00:06:21
ComboFix2.txt 2008-08-25 16:52:39

Pre-Run: 705,306,820,608 bytes free
Post-Run: 705,561,649,152 bytes free

312 --- E O F --- 2008-08-19 15:35:44
  • 0

#8
Rorschach112
Posted 26 August 2008 - 07:18 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you try do that step in Firefox

Then do this

Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#9
Rorschach112
Posted 29 August 2008 - 04:35 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP