Thread: Pop ups on I.E. Backdoor Trojan, help please deckards included
View Single Post
Old 08-04-2008, 08:12 PM   #6 (permalink)
summit15
Registered User
 
Join Date: Jul 2008
Posts: 7
OS: Windows XP home


Re: Pop ups on I.E. Backdoor Trojan, help please deckards included
Hi,

I ran the combo fix with the CFscript and sent the report to Bleeping computer and attached it to this thread.

I performed the ATF Cleaner and deleted what you indicated.

I ran the Kaspersky scan and attached it to this post along with the lastest highjack this scan.

I have used the computer, surfed the internet with IE7, used my outlook 2007 (both accounts) and have not had any problems yet.

The computer seems to be faster also.

I keep having windows update notify me of new downloads, but I am hesitant that it might be a trick. So I am not going to install unless you can tell me how to verify it is authentic.

For some reason, my HP 7700 printer keeps changing settings to "photo paper", "mirror printing on", and best printing. I have to manually change these back or it prints backward, (right to left)

If all the scans look back to normal, I can't thank you enough. This has been a nightmare trying to fix the computer before I found this forum.

Why doesn't McAfee stop these virus's? I am thinking of getting Karpesky Anti-virus. What do find to be the best one out there now?

ComboFix 08-08-03.05 - Scott 2008-08-04 16:47:51.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.381 [GMT -4:00]
Running from: C:\Documents and Settings\Scott\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Scott\Desktop\cfscript.txt
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\aefyhhdx.dll
C:\WINDOWS\SYSTEM32\ahljsrbk.dll
C:\WINDOWS\SYSTEM32\eglntsuv.dll
C:\WINDOWS\SYSTEM32\htcgsogy.dll
C:\WINDOWS\SYSTEM32\phqvkjwj.dll
C:\WINDOWS\SYSTEM32\sqwrpw.dll
C:\WINDOWS\SYSTEM32\vhthho.dll
C:\WINDOWS\SYSTEM32\xfogrels.dll
C:\WINDOWS\SYSTEM32\ygosgcth.ini

.
((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))
.

2008-08-04 13:33 . 2008-08-04 13:33 <DIR> d--hs---- C:\FOUND.029
2008-08-04 11:25 . 2008-08-04 11:26 578,560 --a------ C:\WINDOWS\SYSTEM32\dllcache\user32.dll
2008-08-04 11:18 . 2008-08-04 11:18 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-04 11:12 . 2008-08-04 11:12 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-04 10:50 . 2008-08-03 04:12 <DIR> d-------- C:\SDFix
2008-07-31 17:01 . 2008-07-31 17:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-31 16:57 . 2008-07-31 16:57 <DIR> d-------- C:\Deckard
2008-07-31 14:13 . 2008-07-31 14:13 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-07-31 14:12 . 2008-07-31 14:13 2,869,536 --a------ C:\Program Files\spywareblastersetup41.exe
2008-07-31 09:24 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pavboot.sys
2008-07-31 09:23 . 2008-07-31 09:23 <DIR> d-------- C:\Program Files\Panda Security
2008-07-30 22:47 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2008-07-30 22:47 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2008-07-30 22:47 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2008-07-30 22:47 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2008-07-30 22:46 . 2008-07-30 22:46 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-30 22:46 . 2008-07-30 22:46 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\PC Tools
2008-07-30 20:00 . 2008-07-30 20:00 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-30 20:00 . 2008-07-30 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-29 16:14 . 2008-07-29 16:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\scripting
2008-07-29 16:14 . 2008-07-29 16:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\en
2008-07-29 16:14 . 2008-07-29 16:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\bits
2008-07-29 16:14 . 2008-07-29 16:14 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-29 16:11 . 2008-07-29 16:11 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-29 16:00 . 2008-07-29 16:00 <DIR> d-------- C:\WINDOWS\EHome
2008-07-29 15:55 . 2008-04-13 20:12 1,306,624 --------- C:\WINDOWS\SYSTEM32\dllcache\msxml6.dll
2008-07-29 15:55 . 2008-04-13 20:12 712,704 --------- C:\WINDOWS\SYSTEM32\windowscodecs.dll
2008-07-29 15:55 . 2008-04-13 20:11 650,752 --------- C:\WINDOWS\SYSTEM32\dot3ui.dll
2008-07-29 15:55 . 2008-04-13 20:11 397,312 --------- C:\WINDOWS\SYSTEM32\mmcex.dll
2008-07-29 15:55 . 2008-04-13 20:12 346,112 --------- C:\WINDOWS\SYSTEM32\windowscodecsext.dll
2008-07-29 15:55 . 2008-04-13 20:12 291,328 --------- C:\WINDOWS\SYSTEM32\qagentrt.dll
2008-07-29 15:55 . 2008-04-13 20:12 290,304 --------- C:\WINDOWS\SYSTEM32\rhttpaa.dll
2008-07-29 15:55 . 2008-04-13 20:12 276,992 --------- C:\WINDOWS\SYSTEM32\wmphoto.dll
2008-07-29 15:53 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\SYSTEM32\ati3duag.dll
2008-07-29 15:52 . 2004-08-03 22:41 1,309,184 --------- C:\WINDOWS\SYSTEM32\DRIVERS\mtlstrm.sys
2008-07-29 15:11 . 2008-07-29 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-07-29 15:08 . 2008-07-29 15:08 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\Citrix
2008-07-29 14:57 . 2008-07-29 14:57 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\McAfee
2008-07-28 08:17 . 2008-07-28 08:17 <DIR> d-------- C:\Program Files\RegCure
2008-07-27 23:05 . 2008-07-27 23:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-07-27 23:05 . 2008-08-04 16:54 2,677 --a------ C:\WINDOWS\SYSTEM32\Config.MPF
2008-07-27 23:04 . 2008-07-27 23:04 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-07-27 23:04 . 2008-07-27 23:04 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\SiteAdvisor
2008-07-27 23:04 . 2008-07-27 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-27 23:04 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2008-07-27 23:02 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2008-07-27 23:02 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2008-07-27 23:02 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2008-07-27 23:02 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2008-07-27 23:02 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2008-07-27 23:01 . 2008-07-27 23:01 <DIR> d-------- C:\Program Files\McAfee.com
2008-07-27 23:01 . 2008-07-27 23:01 <DIR> d-------- C:\Program Files\McAfee
2008-07-27 23:01 . 2008-07-27 23:01 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-07-27 23:01 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2008-07-27 22:54 . 2008-07-27 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-24 20:39 . 2008-07-24 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-24 19:27 . 2008-07-24 19:27 860,840 --a------ C:\Program Files\Support-LogMeInRescue.exe
2008-07-24 19:11 . 2008-07-24 19:11 <DIR> d-------- C:\WINDOWS\SYSTEM32\N360_BACKUP
2008-07-20 13:00 . 2008-07-20 13:00 <DIR> d--hs---- C:\FOUND.028
2008-07-18 10:00 . 2008-07-18 10:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-18 09:28 . 2008-07-18 09:28 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-07-16 09:24 . 2008-07-16 09:24 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\Windows Desktop Search
2008-07-16 09:23 . 2008-07-16 09:23 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-07-16 08:55 . 2008-07-16 08:55 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-16 08:54 . 2008-07-16 08:54 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-16 08:50 . 2008-07-16 08:50 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\Microsoft Help
2008-07-16 08:49 . 2008-07-16 08:49 <DIR> dr-h----- C:\MSOCache
2008-07-16 08:49 . 2008-07-16 08:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-16 08:24 . 2008-07-16 08:24 214,297,118 --a------ C:\Program Files\Outlook_2007_EN.zip
2008-07-09 03:00 . 2008-07-09 03:00 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-07-08 20:30 . 2008-07-08 20:30 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\Roxio
2008-07-08 20:30 . 2008-07-08 20:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-07-08 20:25 . 2008-07-08 20:25 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\Blackberry Desktop
2008-07-08 20:20 . 2008-07-08 20:20 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\Research In Motion
2008-07-08 20:20 . 2008-07-21 17:34 256 --a------ C:\WINDOWS\SYSTEM32\pool.bin
2008-07-08 20:14 . 2008-07-08 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-07-08 20:14 . 2008-07-08 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-08 20:09 . 2008-07-08 20:09 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-07-08 20:09 . 2008-07-08 20:09 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-07-08 20:09 . 2008-07-08 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-07-08 19:54 . 2007-01-18 10:24 26,496 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\RimSerial.sys
2008-07-08 19:52 . 2008-07-08 19:52 <DIR> d-------- C:\Program Files\Research In Motion
2008-07-08 19:52 . 2008-07-08 19:52 <DIR> d-------- C:\Program Files\Common Files\Research In Motion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-29 20:40 48,248 ----a-w C:\Documents and Settings\Scott\Application Data\GDIPFONTCACHEV1.DAT
2008-07-29 19:08 61,224 ----a-w C:\WINDOWS\JAVA\GoToAssistDownloadHelper.exe
2008-07-16 22:32 10,946,560 ----a-w C:\Program Files\XPSEP XP and Server 2003 64 bit.msi
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\SYSTEM32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\SYSTEM32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:51 361,600 ------w C:\WINDOWS\SYSTEM32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\SYSTEM32\dllcache\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\SYSTEM32\dllcache\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\SYSTEM32\dllcache\bthport.sys
2008-05-09 10:53 90,112 ------w C:\WINDOWS\SYSTEM32\wshext.dll
2008-05-09 10:53 90,112 ------w C:\WINDOWS\SYSTEM32\dllcache\wshext.dll
2008-05-09 10:53 512,000 ------w C:\WINDOWS\SYSTEM32\dllcache\jscript.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\SYSTEM32\vbscript.dll
2008-05-09 10:53 430,080 ------w C:\WINDOWS\SYSTEM32\dllcache\vbscript.dll
2008-05-09 10:53 180,224 ------w C:\WINDOWS\SYSTEM32\scrobj.dll
2008-05-09 10:53 180,224 ------w C:\WINDOWS\SYSTEM32\dllcache\scrobj.dll
2008-05-09 10:53 172,032 ------w C:\WINDOWS\SYSTEM32\scrrun.dll
2008-05-09 10:53 172,032 ------w C:\WINDOWS\SYSTEM32\dllcache\scrrun.dll
2008-05-08 14:02 203,136 ------w C:\WINDOWS\SYSTEM32\dllcache\rmcast.sys
2008-05-08 11:24 155,648 ------w C:\WINDOWS\SYSTEM32\wscript.exe
2008-05-08 11:24 155,648 ------w C:\WINDOWS\SYSTEM32\dllcache\wscript.exe
2008-05-07 09:07 135,168 ------w C:\WINDOWS\SYSTEM32\dllcache\cscript.exe
2008-05-07 09:07 135,168 ------w C:\WINDOWS\SYSTEM32\cscript.exe
2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\SYSTEM32\dllcache\quartz.dll
2008-02-27 01:55 5,910,715 ----a-w C:\Program Files\Audit_Support_Center.exe
2007-08-05 17:09 18,568,192 ----a-w C:\Program Files\yie7setup_tb7_news.exe
2007-07-06 16:18 138,197 ----a-w C:\Program Files\ConfirmationLetter.pdf
2007-02-27 21:27 22,976,688 ----a-w C:\Program Files\stamps.exe
2006-04-08 16:32 1,515,898 ----a-w C:\Program Files\LOM.exe
2005-04-03 16:27 271 --sh--w C:\Program Files\desktop.ini
2005-04-03 16:27 23,357 ---h--w C:\Program Files\folder.htt
2003-08-20 22:40 289 ----a-w C:\Program Files\readme.html
2003-07-30 19:06 8,944 ----a-w C:\Program Files\Oj71WinXP.cat
2003-07-30 19:06 36,926 ----a-w C:\Program Files\oj71inst.cat
2003-06-25 06:43 16,384 ----a-w C:\Program Files\hpo9xmig.exe
2003-06-25 04:41 9,078 ----a-w C:\Program Files\Oj71WinXP.inf
2002-09-09 19:11 6,130 ----a-w C:\Program Files\Oj71Inst.inf
2001-02-17 08:12 22,048 ----a-w C:\Program Files\cocpyinf.dll
2004-08-04 16:00 94,784 --sh--w C:\WINDOWS\twain.dll
2008-04-14 00:12 50,688 --sh--w C:\WINDOWS\twain_32.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-04_12.44.26.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-08 01:01:06 66,048 ----a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2007-08-13 22:52:06 66,048 ----a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-10-26 23:49:48 1,011,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2006-10-26 23:49:46 970,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2006-10-27 19:00:12 1,751,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-27 19:00:10 576,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 19:00:06 47,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 19:00:08 191,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-27 00:13:34 338,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-27 00:13:44 629,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-27 00:13:28 207,736 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-27 00:13:32 279,352 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-27 00:13:08 15,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-27 00:13:08 15,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-27 00:13:08 15,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-27 00:13:12 15,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 19:00:06 387,960 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-27 00:13:38 392,048 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-27 00:13:30 260,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-27 00:13:32 289,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-27 00:13:20 56,120 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-27 00:13:38 551,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-27 00:13:30 224,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 00:13:34 371,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 19:41:04 399,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-26 23:59:24 205,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-27 01:30:42 65,312 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\COLLIMP.DLL
+ 2006-10-26 23:48:14 439,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-26 23:48:14 434,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-26 18:10:08 1,190,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2006-10-26 23:21:24 1,682,232 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-27 19:09:36 983,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-27 00:12:52 173,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-26 23:55:10 828,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-26 17:58:14 117,552 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-27 19:26:40 16,870,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 18:59:06 161,080 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 23:48:12 14,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-27 00:12:58 428,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-27 01:13:36 26,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-27 00:00:08 6,635,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-26 17:56:36 436,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-26 17:56:40 505,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-26 23:55:12 832,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 23:55:06 538,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-27 00:12:30 65,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-27 19:14:34 14,151,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-27 0054 232,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-27 00:14:06 7,033,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-27 19:18:36 1,658,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-27 00:00:08 274,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-27 00:00:12 998,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-27 00:00:10 285,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-27 00:07:04 6,536,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-07-26 22:53:56 459,080 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 01:30:44 482,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 01:13:38 38,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-27 00:13:00 503,624 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-27 0058 439,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-07-28 19:21:58 277,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\SSGEN.DLL
+ 2006-09-30 04:42:56 2,583,344 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090E0000000000000000F01FEC\12.0.4518\VBE6.DLL
- 2008-07-16 13:01:20 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-08-04 17:57:52 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2008-07-23 07:01:02 20,240 ----a-r C:\WINDOWS\Installer\{90120000-00E0-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-08-04 17:56:38 20,240 ----a-r C:\WINDOWS\Installer\{90120000-00E0-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-07-23 07:01:02 217,864 ----a-r C:\WINDOWS\Installer\{90120000-00E0-0000-0000-0000000FF1CE}\misc.exe
+ 2008-08-04 17:56:38 217,864 ----a-r C:\WINDOWS\Installer\{90120000-00E0-0000-0000-0000000FF1CE}\misc.exe
- 2008-07-23 07:01:02 18,704 ----a-r C:\WINDOWS\Installer\{90120000-00E0-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-08-04 17:56:38 18,704 ----a-r C:\WINDOWS\Installer\{90120000-00E0-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-07-23 07:01:02 35,088 ----a-r C:\WINDOWS\Installer\{90120000-00E0-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-08-04 17:56:38 35,088 ----a-r C:\WINDOWS\Installer\{90120000-00E0-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-07-23 07:01:02 845,584 ----a-r C:\WINDOWS\Installer\{90120000-00E0-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-08-04 17:56:38 845,584 ----a-r C:\WINDOWS\Installer\{90120000-00E0-0000-0000-0000000FF1CE}\outicon.exe
- 2006-11-07 07:26:44 71,680 ----a-w C:\WINDOWS\SYSTEM32\admparse.dll
+ 2007-08-13 22:39:20 71,680 ----a-w C:\WINDOWS\SYSTEM32\admparse.dll
- 2008-08-04 12:04:42 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\index.dat
+ 2008-08-04 17:03:56 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\index.dat
- 2008-08-04 12:04:42 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-04 17:03:56 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-04 12:04:42 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-04 17:03:56 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-07 07:26:44 71,680 ----a-w C:\WINDOWS\SYSTEM32\dllcache\admparse.dll
+ 2007-08-13 22:39:20 71,680 ----a-w C:\WINDOWS\SYSTEM32\dllcache\admparse.dll
+ 2006-09-23 17:12:50 1,022,976 ------w C:\WINDOWS\SYSTEM32\dllcache\browseui.dll
+ 2007-08-13 22:42:54 17,408 ------w C:\WINDOWS\SYSTEM32\dllcache\corpol.dll
- 2006-11-08 01:03:36 33,792 ----a-w C:\WINDOWS\SYSTEM32\dllcache\custsat.dll
+ 2007-08-13 22:54:10 33,792 ----a-w C:\WINDOWS\SYSTEM32\dllcache\custsat.dll
- 2006-10-17 15:44:36 60,416 ----a-w C:\WINDOWS\SYSTEM32\dllcache\hmmapi.dll
+ 2007-08-13 22:18:02 60,416 ----a-w C:\WINDOWS\SYSTEM32\dllcache\hmmapi.dll
- 2006-10-17 16:04:50 69,120 ----a-w C:\WINDOWS\SYSTEM32\dllcache\iedw.exe
+ 2007-08-13 22:44:02 69,120 ----a-w C:\WINDOWS\SYSTEM32\dllcache\iedw.exe
+ 2007-08-13 22:45:18 78,336 ------w C:\WINDOWS\SYSTEM32\dllcache\ieencode.dll
- 2006-11-08 01:03:36 191,488 ----a-w C:\WINDOWS\SYSTEM32\dllcache\iepeers.dll
+ 2007-08-13 22:54:10 191,488 ----a-w C:\WINDOWS\SYSTEM32\dllcache\iepeers.dll
- 2006-11-07 07:26:42 55,296 ----a-w C:\WINDOWS\SYSTEM32\dllcache\iesetup.dll
+ 2007-08-13 22:39:12 55,296 ----a-w C:\WINDOWS\SYSTEM32\dllcache\iesetup.dll
- 2006-10-17 15:57:58 36,352 ----a-w C:\WINDOWS\SYSTEM32\dllcache\imgutil.dll
+ 2007-08-13 22:36:06 36,352 ----a-w C:\WINDOWS\SYSTEM32\dllcache\imgutil.dll
- 2006-11-07 07:26:24 92,672 ----a-w C:\WINDOWS\SYSTEM32\dllcache\inseng.dll
+ 2007-08-13 22:39:02 92,672 ----a-w C:\WINDOWS\SYSTEM32\dllcache\inseng.dll
- 2006-10-17 16:05:10 40,960 ----a-w C:\WINDOWS\SYSTEM32\dllcache\licmgr10.dll
+ 2007-08-13 22:44:18 40,960 ----a-w C:\WINDOWS\SYSTEM32\dllcache\licmgr10.dll
- 2006-10-17 15:56:10 45,568 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshta.exe
+ 2007-08-13 22:32:30 45,568 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshta.exe
- 2006-10-17 15:28:56 48,128 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtmler.dll
+ 2007-08-13 22:01:12 48,128 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtmler.dll
- 2006-11-08 01:03:36 156,160 ----a-w C:\WINDOWS\SYSTEM32\dllcache\msls31.dll
+ 2007-08-13 22:54:10 156,160 ----a-w C:\WINDOWS\SYSTEM32\dllcache\msls31.dll
+ 2006-09-23 17:12:50 1,497,088 ------w C:\WINDOWS\SYSTEM32\dllcache\shdocvw.dll
+ 2006-09-23 17:12:50 474,112 ------w C:\WINDOWS\SYSTEM32\dllcache\shlwapi.dll
- 2006-10-26 18:10:08 1,190,688 ----a-w C:\WINDOWS\SYSTEM32\FM20.DLL
+ 2007-08-23 05:03:38 1,195,888 ----a-w C:\WINDOWS\SYSTEM32\FM20.DLL
- 2006-11-08 01:03:36 191,488 ----a-w C:\WINDOWS\SYSTEM32\iepeers.dll
+ 2007-08-13 22:54:10 191,488 ----a-w C:\WINDOWS\SYSTEM32\iepeers.dll
- 2006-11-07 07:26:42 55,296 ----a-w C:\WINDOWS\SYSTEM32\iesetup.dll
+ 2007-08-13 22:39:12 55,296 ----a-w C:\WINDOWS\SYSTEM32\iesetup.dll
- 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
+ 2007-08-13 22:39:10 13,312 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
- 2006-11-08 01:03:36 180,736 ------w C:\WINDOWS\SYSTEM32\ieui.dll
+ 2007-08-13 22:54:10 180,736 ----a-w C:\WINDOWS\SYSTEM32\ieui.dll
- 2006-10-17 15:57:58 36,352 ----a-w C:\WINDOWS\SYSTEM32\imgutil.dll
+ 2007-08-13 22:36:06 36,352 ----a-w C:\WINDOWS\SYSTEM32\imgutil.dll
- 2006-11-07 07:26:24 92,672 ----a-w C:\WINDOWS\SYSTEM32\inseng.dll
+ 2007-08-13 22:39:02 92,672 ----a-w C:\WINDOWS\SYSTEM32\inseng.dll
- 2006-10-17 16:05:10 40,960 ----a-w C:\WINDOWS\SYSTEM32\licmgr10.dll
+ 2007-08-13 22:44:18 40,960 ----a-w C:\WINDOWS\SYSTEM32\licmgr10.dll
- 2006-10-17 15:58:32 12,288 ------w C:\WINDOWS\SYSTEM32\msfeedssync.exe
+ 2007-08-13 22:36:40 12,288 ----a-w C:\WINDOWS\SYSTEM32\msfeedssync.exe
- 2006-10-17 15:56:10 45,568 ----a-w C:\WINDOWS\SYSTEM32\mshta.exe
+ 2007-08-13 22:32:30 45,568 ----a-w C:\WINDOWS\SYSTEM32\mshta.exe
- 2006-10-17 15:28:56 48,128 ----a-w C:\WINDOWS\SYSTEM32\mshtmler.dll
+ 2007-08-13 22:01:12 48,128 ----a-w C:\WINDOWS\SYSTEM32\mshtmler.dll
- 2006-11-08 01:03:36 156,160 ----a-w C:\WINDOWS\SYSTEM32\msls31.dll
+ 2007-08-13 22:54:10 156,160 ----a-w C:\WINDOWS\SYSTEM32\msls31.dll
- 2006-10-17 16:05:58 206,336 ------w C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
+ 2007-08-13 22:45:16 206,336 ----a-w C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

C:\Documents and Settings\Scott\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2005-04-21 08:40:28 256000]
PowerReg Scheduler V3.exe [2005-07-21 07:20:00 225280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL sqwrpw.dll vhthho.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"aux"= ctwdm32.dll
"VIDC.VDOM"= vdowave.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winms30.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 2.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet 7100 series) - 1.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet 7100 series) - 1.lnk
backup=C:\WINDOWS\pss\HPAiODevice(hp officejet 7100 series) - 1.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-12-17 12:28 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 21:52 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 19:12 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]
--a------ 2007-11-30 05:42 1164576 C:\PROGRA~1\McAfee\MHN\McENUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2005-03-29 18:28 6815744 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-08-16 08:56 236016 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2001-07-03 09:11 57344 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
--a------ 2007-08-24 17:57 36640 C:\Program Files\SiteAdvisor\6261\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
--------- 2004-08-04 12:00 3072 C:\WINDOWS\SYSTEM32\systray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
S0 Winms30;Winms30;C:\WINDOWS\system32\Drivers\Winms30.sys []
S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2003-12-15 18:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-07-28 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-07-28 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-07-31 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2008-04-21 17:21]

2008-08-04 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2008-04-21 17:21]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-375113a0 - C:\WINDOWS\system32\htcgsogy.dll
MSConfigStartUp-lanmanwrk - C:\WINDOWS\System32\lanmanwrk.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 16:53:31
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\MCAFEE\MSC\MCMSCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\MCAFEE\MNA\MCNASVC.EXE
C:\PROGRAM FILES\COMMON FILES\MCAFEE\MCPROXY\MCPROXY.EXE
C:\PROGRAM FILES\MCAFEE\VIRUSSCAN\MCSHIELD.EXE
C:\PROGRAM FILES\MCAFEE\MPF\MPFSRV.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\PROGRAM FILES\SITEADVISOR\6261\SASERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-08-04 16:57:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-04 20:56:50
ComboFix2.txt 2008-08-04 16:45:40

Pre-Run: 16,234,905,600 bytes free
Post-Run: 16,280,944,640 bytes free

439 --- E O F --- 2008-08-04 17:58:07

========


Monday, August 4, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 04, 2008 16:07:43
Records in database: 1053458


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\

Scan statistics
Files scanned 70885
Threat name 11
Infected objects 79
Suspicious objects 0
Duration of the scan 03:21:18

File name Threat name Threats count
C:\WINDOWS\CouponBarIE.dll Infected: not-a-virus:AdWare.Win32.Mostofate.cg 1

C:\Documents and Settings\Scott\Desktop\SDFix.exe Infected: Backdoor.Win32.Hupigon.dckd 1

C:\Documents and Settings\Scott\Desktop\[4]-Submit_2008-08-04@16.47.zip Infected: not-a-virus:AdWare.Win32.SuperJuan.cas 4

C:\Documents and Settings\Scott\Desktop\[4]-Submit_2008-08-04@16.47.zip Infected: Trojan.Win32.Monder.cet 1

C:\Documents and Settings\Scott\Desktop\[4]-Submit_2008-08-04@16.47.zip Infected: Trojan.Win32.Monder.bvp 2

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1075\A0279546.dll Infected: Trojan-Downloader.Win32.Mutant.atb 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1075\A0279560.dll Infected: Trojan-Downloader.Win32.Mutant.atb 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1075\A0279614.dll Infected: Trojan-Downloader.Win32.Mutant.atb 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1075\A0279649.dll Infected: Trojan-Downloader.Win32.Mutant.atb 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1075\A0279663.dll Infected: Trojan-Downloader.Win32.Mutant.atb 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1075\A0279674.dll Infected: Trojan-Downloader.Win32.Mutant.atb 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1075\A0280674.dll Infected: Trojan-Downloader.Win32.Mutant.atb 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1075\A0280688.dll Infected: Trojan-Downloader.Win32.Mutant.atb 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1075\A0280709.dll Infected: Trojan-Downloader.Win32.Mutant.atb 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1075\A0280720.dll Infected: Trojan-Downloader.Win32.Mutant.atb 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1076\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.Mutant.atb 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1076\A0280780.dll Infected: Trojan-Downloader.Win32.Mutant.atb 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1076\A0280792.dll Infected: Trojan-Downloader.Win32.Mutant.atb 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1076\A0280817.dll Infected: Trojan-Downloader.Win32.Mutant.atb 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1076\A0280835.dll Infected: Trojan-Downloader.Win32.Mutant.atb 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1076\A0280861.dll Infected: Trojan-Downloader.Win32.Mutant.atb 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1076\A0280865.sys Infected: Trojan-Downloader.Win32.Mutant.aim 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1077\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.Mutant.atp 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1077\A0280881.dll Infected: Trojan-Downloader.Win32.Mutant.atp 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1077\A0280885.sys Infected: Trojan-Downloader.Win32.Mutant.aim 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1077\A0280902.dll Infected: Trojan-Downloader.Win32.Mutant.atp 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1077\A0280903.DLL Infected: Trojan.Win32.Monder.bvn 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1077\A0280907.sys Infected: Trojan-Downloader.Win32.Mutant.aim 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1077\A0280922.dll Infected: Trojan-Downloader.Win32.Mutant.atp 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1077\A0280926.sys Infected: Trojan-Downloader.Win32.Mutant.aim 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1077\A0280936.dll Infected: Trojan-Downloader.Win32.Mutant.atp 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1077\A0280940.sys Infected: Trojan-Downloader.Win32.Mutant.aim 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1077\A0280951.dll Infected: Trojan-Downloader.Win32.Mutant.atp 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1077\A0280952.DLL Infected: Trojan.Win32.Monder.cet 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1077\A0280956.sys Infected: Trojan-Downloader.Win32.Mutant.aim 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1078\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.Mutant.atp 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1078\A0280971.dll Infected: Trojan-Downloader.Win32.Mutant.atp 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1078\A0280975.sys Infected: Trojan-Downloader.Win32.Mutant.aim 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1078\A0280989.dll Infected: Trojan-Downloader.Win32.Mutant.atp 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1078\A0280993.sys Infected: Trojan-Downloader.Win32.Mutant.aim 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1078\A0281029.exe Infected: Backdoor.Win32.Hupigon.dckd 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1078\A0281074.sys Infected: Trojan-Downloader.Win32.Mutant.aim 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1078\A0281101.exe Infected: Backdoor.Win32.Hupigon.dckd 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1079\A0281217.sys Infected: Trojan-Downloader.Win32.Mutant.aim 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1079\A0281218.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cca 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1079\A0281219.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cca 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1079\A0281220.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bwj 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1079\A0281221.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bwj 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1079\A0281223.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bwj 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1079\A0281225.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bwj 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1079\A0281251.exe Infected: Backdoor.Win32.Hupigon.dckd 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1079\A0281252.exe Infected: Backdoor.Win32.Hupigon.dckd 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1079\A0281253.exe Infected: Backdoor.Win32.Hupigon.dckd 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1085\A0282555.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cas 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1085\A0282556.dll Infected: Trojan.Win32.Monder.cet 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1085\A0282557.dll Infected: Trojan.Win32.Monder.bvp 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1085\A0282559.dll Infected: Trojan.Win32.Monder.bvp 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1085\A0282560.DLL Infected: not-a-virus:AdWare.Win32.SuperJuan.cas 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1085\A0282561.DLL Infected: not-a-virus:AdWare.Win32.SuperJuan.cas 1

C:\System Volume Information\_restore{8B02837B-B342-4930-A922-F2D4E8388B90}\RP1085\A0282562.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cas 1

C:\SDFix\apps\swsc.exe Infected: Backdoor.Win32.Hupigon.dckd 1

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\Winvc30.sys.vir Infected: Trojan-Downloader.Win32.Mutant.aim 1

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cejxqx.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cca 1

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\eauwwlpr.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cca 1

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kbsozf.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bwj 1

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kjhvgw.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bwj 1

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qvovknxx.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bwj 1

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uaaoimxb.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bwj 1

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\aefyhhdx.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cas 1

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ahljsrbk.dll.vir Infected: Trojan.Win32.Monder.cet 1

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\eglntsuv.dll.vir Infected: Trojan.Win32.Monder.bvp 1

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\phqvkjwj.dll.vir Infected: Trojan.Win32.Monder.bvp 1

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\sqwrpw.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cas 1

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vhthho.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cas 1

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xfogrels.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cas 1

The selected area was scanned.

=======

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:45 PM, on 8/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg Scheduler V3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1186328631921
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JS...ws-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O20 - AppInit_DLLs: NVDESK32.DLL sqwrpw.dll vhthho.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9370 bytes
Attached Files
File Type: txt Combofix 2 .txt (35.4 KB, 1 views)
File Type: txt hijackthis 2.txt (9.2 KB, 1 views)
File Type: doc Karpesky scan.doc (118.0 KB, 1 views)
Last edited by TheBruce1; 08-05-2008 at 04:49 AM.
summit15 is offline