Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Microsoft Support > Windows XP Support
Moved Moved
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Windows XP Support Find support for Windows XP here.

Reply
 
Thread Tools
Old 05-06-2008, 03:38 PM   #1 (permalink)
Registered User
 
Join Date: May 2008
Posts: 8
OS: XP SP2


Moved
One of our users just moved out of state and we had him take the desktop he was using here with him. Earlier today he got virus warnings and was unable to use the internet. I've done everything I can to help him. I walked him through some registry deletions, removed all unnecessary programs, ran adaware, ran spybot, ran cleanup, ran Panda. The HJT log shows there are still issues I can't seem to get rid of. Please help!


;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-06 16:47:20
PROTECTIONS: 1
MALWARE: 3
SUSPECTS: 4
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Symantec AntiVirus Corporate Edition 10.0.0.359 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00046166 adware/premiumsearch Adware No 0 Yes No c:\windows\system32\apisvc.exe
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\cvassil\Cookies\cvassil@tribalfusion[1].txt
01735029 Application/RCService HackTools Yes 0 Yes No C:\WINDOWS\SVCH0ST.EXE
;===================================================================================================================================================================================
SUSPECTS
Sent Location 
;===================================================================================================================================================================================
No C:\DOCUMENTS AND SETTINGS\CVASSIL\LOCAL SETTINGS\TEMP\E_4\EAPI.FNE 
No C:\PROGRAM FILES\WINRAR\WINRARSYS.EXE 
No C:\WINDOWS\SYSTEM32\CCPROXY.EXE 
No C:\Program Files\Common Files\Microsoft Shared\MSInfo\IEINFOS.ini 
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 
;===================================================================================================================================================================================
182048 HIGH MS07-069 
176382 HIGH MS07-057 
;===================================================================================================================================================================================


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:54:50 PM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\inf\svchowb.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\SVCH0S.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\program files\internet explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\program files\internet explorer\IEXPLORE.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TSSchBkpService.exe
C:\WINDOWS\SVCH0ST.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\calc.exe
C:\WINDOWS\system32\calc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Winstos] C:\WINDOWS\\SVCH0S.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [initwbdh] C:\WINDOWS\system32\inf\svchowb.exe C:\WINDOWS\system32\fdwbdhd16_080504.dll wbdhdlllsm
O4 - Global Startup: wbdh.lnk = C:\WINDOWS\system\ewbdhe080504.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1190313106721
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = susandavis.com
O17 - HKLM\Software\..\Telephony: DomainName = susandavis.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = susandavis.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Jack Jones installed (Jack Jones) - Unknown owner - C:\WINDOWS\system\1sass.exe
O23 - Service: Remote Access Auto Connection Managers (Logical Disk Manager Administrativs) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ms help (Microsoft Windows help) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\Upseyup.exe
O23 - Service: pms (Portable Media Serial) - Unknown owner - C:\WINDOWS\UPsutup.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TimeslipsBackup (TSScheduleBackup) - Unknown owner - C:\WINDOWS\system32\TSSchBkpService.exe
O23 - Service: WinRAR Archiver - Unknown owner - C:\Program Files\WinRAR\WinRARSyS.exe

--
End of file - 7792 bytes
Attached Files
File Type: txt ActiveScan.txt (6.7 KB, 0 views)
File Type: txt hijackthis4.txt (7.6 KB, 1 views)
techfem is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 05-08-2008, 08:23 PM   #2 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,405
OS: XP Pro SP3


Re: Simultaneous Viruses
There is some malware thats causing it.Ok.Lets fix it.This should do the initial fix then we will do the cleanup.



Please download SDFix from here and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.

=================================


Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.

Please visit this webpage for download links, and instructions for running ComboFix


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
__________________
An Australian Member of



Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 05-09-2008, 07:32 AM   #3 (permalink)
Registered User
 
Join Date: May 2008
Posts: 8
OS: XP SP2


Re: Simultaneous Viruses
Unfortunately, I was accessing the user's computer remotely. When ComboFix shut off the internet connection, I lost the connection. Can I expect the internet connection to be restored when ComboFix completes? Or do I have a problem now, since the user is out of town and cannot manually reboot or restore the connection?
techfem is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 05-09-2008, 09:25 AM   #4 (permalink)
Registered User
 
Join Date: May 2008
Posts: 8
OS: XP SP2


Re: Simultaneous Viruses
Disregard the last post; I was able to get someone at the user's home to restore the internet connection.

I will post the logs below.

While I was waiting for a response the last few days I successfully deleted much of the virus problems. But there is only one issue that remains. When this user logs on through VPN, it connects, and it connects to the Exchange server through Outlook. However, when trying to connect to the network drive, windows explorer only shows a blank right panel. You can successfully ping the server, but cannot map the drive under any name or IP address. When trying to browse the local host you also get a blank explorer pane. Windows Explorer is completely functional in all other aspects except computer and network browsing. Any thoughts on that?

Thanks!!!



SDFix: Version 1.181
Run by Administrator on Fri 05/09/2008 at 08:47 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\lass.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 08:57:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 11 Aug 2004 10,912 A.SH. --- "C:\WINDOWS\system32\Proxy.Dll"
Sun 13 Mar 2005 8,432 A.SH. --- "C:\WINDOWS\system32\drivers\lass.sys"
Sat 3 May 2008 397,824 ..SH. --- "C:\Program Files\Common Files\Microsoft Shared\MSInfo\Upseyup.exe"

Finished!

ComboFix 08-05-08.1 - Administrator 2008-05-09 10:19:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.587 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\x64

----- BITS: Possible infected sites -----

hxxp://server2
.
((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.

2008-05-09 08:44 . 2008-05-09 08:44 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-09 08:40 . 2008-05-09 08:59 <DIR> d-------- C:\SDFix
2008-05-08 21:36 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-08 21:36 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-08 14:34 . 2008-04-13 19:12 116,224 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-05-08 14:34 . 2008-04-13 19:12 18,944 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-05-08 14:33 . 2008-04-13 13:45 31,744 --a------ C:\WINDOWS\system32\dllcache\wceusbsh.sys
2008-05-08 14:33 . 2008-04-13 13:46 19,200 --a------ C:\WINDOWS\system32\dllcache\wstcodec.sys
2008-05-08 14:33 . 2008-04-13 13:36 8,832 --a------ C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-05-08 14:33 . 2008-04-13 19:12 8,192 --a------ C:\WINDOWS\system32\dllcache\wshirda.dll
2008-05-08 14:32 . 2008-04-13 19:12 53,760 --a------ C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-05-08 14:31 . 2008-04-13 13:45 60,032 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-05-08 14:31 . 2008-04-13 13:45 26,112 --a------ C:\WINDOWS\system32\dllcache\usbser.sys
2008-05-08 14:31 . 2008-04-13 13:45 17,152 --a------ C:\WINDOWS\system32\dllcache\usbohci.sys
2008-05-08 14:31 . 2008-04-13 13:45 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-08 14:30 . 2008-04-13 19:12 82,944 --a------ C:\WINDOWS\system32\dllcache\tp4mon.exe
2008-05-08 14:29 . 2008-04-13 13:40 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys
2008-05-08 14:29 . 2008-04-13 13:46 15,232 --a------ C:\WINDOWS\system32\dllcache\streamip.sys
2008-05-08 14:28 . 2008-04-13 13:40 7,552 --a------ C:\WINDOWS\system32\dllcache\sonyait.sys
2008-05-08 14:27 . 2008-04-13 13:36 16,000 --a------ C:\WINDOWS\system32\dllcache\smbbatt.sys
2008-05-08 14:27 . 2008-04-13 13:46 11,136 --a------ C:\WINDOWS\system32\dllcache\slip.sys
2008-05-08 14:27 . 2008-04-13 13:36 6,912 --a------ C:\WINDOWS\system32\dllcache\smbclass.sys
2008-05-08 14:26 . 2008-04-13 13:45 11,520 --a------ C:\WINDOWS\system32\dllcache\scsiscan.sys
2008-05-08 14:25 . 2008-04-13 13:40 43,904 --a------ C:\WINDOWS\system32\dllcache\sbp2port.sys
2008-05-08 14:25 . 2008-04-13 19:12 29,696 --a------ C:\WINDOWS\system32\dllcache\rw450ext.dll
2008-05-08 14:25 . 2008-04-13 19:12 27,648 --a------ C:\WINDOWS\system32\dllcache\rw430ext.dll
2008-05-08 14:24 . 2008-04-13 19:12 159,232 --a------ C:\WINDOWS\system32\dllcache\ptpusd.dll
2008-05-08 14:24 . 2008-04-13 13:40 79,104 --a------ C:\WINDOWS\system32\dllcache\rocket.sys
2008-05-08 14:24 . 2008-04-13 13:40 6,016 --a------ C:\WINDOWS\system32\dllcache\qic157.sys
2008-05-08 14:23 . 2008-04-13 19:12 363,520 --a------ C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-05-08 14:23 . 2008-04-13 19:10 259,328 --a------ C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-05-08 14:23 . 2008-04-13 19:10 211,584 --a------ C:\WINDOWS\system32\dllcache\perm2dll.dll
2008-05-08 14:23 . 2008-04-13 19:12 33,280 --a------ C:\WINDOWS\system32\dllcache\psisrndr.ax
2008-05-08 14:23 . 2008-04-13 13:44 28,032 --a------ C:\WINDOWS\system32\dllcache\perm3.sys
2008-05-08 14:23 . 2008-04-13 13:44 27,904 --a------ C:\WINDOWS\system32\dllcache\perm2.sys
2008-05-08 14:23 . 2008-04-13 13:41 17,664 --a------ C:\WINDOWS\system32\dllcache\ppa3.sys
2008-05-08 14:23 . 2008-04-13 13:40 8,832 --a------ C:\WINDOWS\system32\dllcache\powerfil.sys
2008-05-08 14:21 . 2008-04-13 13:31 2,065,792 --a------ C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-05-08 14:21 . 2008-04-13 13:46 61,696 --a------ C:\WINDOWS\system32\dllcache\ohci1394.sys
2008-05-08 14:21 . 2008-04-13 13:54 28,672 --a------ C:\WINDOWS\system32\dllcache\nscirda.sys
2008-05-08 14:21 . 2008-04-13 13:46 10,880 --a------ C:\WINDOWS\system32\dllcache\ndisip.sys
2008-05-08 14:20 . 2008-04-13 13:46 85,248 --a------ C:\WINDOWS\system32\dllcache\nabtsfec.sys
2008-05-08 14:20 . 2008-04-13 13:46 49,024 --a------ C:\WINDOWS\system32\dllcache\mstape.sys
2008-05-08 14:20 . 2008-04-13 13:54 22,016 --a------ C:\WINDOWS\system32\dllcache\msircomm.sys
2008-05-08 14:20 . 2008-04-13 13:39 5,504 --a------ C:\WINDOWS\system32\dllcache\mstee.sys
2008-05-08 14:19 . 2008-04-13 19:12 56,832 --a------ C:\WINDOWS\system32\dllcache\msdvbnp.ax
2008-05-08 14:19 . 2008-04-13 13:46 51,200 --a------ C:\WINDOWS\system32\dllcache\msdv.sys
2008-05-08 14:19 . 2008-04-13 13:41 26,112 --a------ C:\WINDOWS\system32\dllcache\memstpci.sys
2008-05-08 14:19 . 2008-04-13 13:46 15,232 --a------ C:\WINDOWS\system32\dllcache\mpe.sys
2008-05-08 14:18 . 2008-04-13 19:11 253,952 --a------ C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-05-08 14:18 . 2008-04-13 19:12 91,136 --a------ C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-05-08 14:18 . 2008-04-13 19:12 61,952 --a------ C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-05-08 14:18 . 2008-04-13 19:11 48,640 --a------ C:\WINDOWS\system32\dllcache\kdsui.dll
2008-05-08 14:18 . 2008-04-13 19:12 43,008 --a------ C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-05-08 14:18 . 2008-04-13 13:40 34,688 --a------ C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2008-05-08 14:18 . 2008-04-13 13:40 7,040 --a------ C:\WINDOWS\system32\dllcache\ltotape.sys
2008-05-08 14:17 . 2008-04-13 19:12 151,552 --a------ C:\WINDOWS\system32\dllcache\irftp.exe
2008-05-08 14:17 . 2008-04-13 13:54 88,192 --a------ C:\WINDOWS\system32\dllcache\irda.sys
2008-05-08 14:17 . 2008-04-13 19:11 28,160 --a------ C:\WINDOWS\system32\dllcache\irmon.dll
2008-05-08 14:17 . 2008-04-13 19:12 16,384 --a------ C:\WINDOWS\system32\dllcache\ipsink.ax
2008-05-08 14:17 . 2008-04-13 19:09 6,144 --a------ C:\WINDOWS\system32\dllcache\kbd106.dll
2008-05-08 14:16 . 2008-04-13 19:11 702,845 --a------ C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-05-08 14:14 . 2008-04-13 13:45 59,136 --a------ C:\WINDOWS\system32\dllcache\gckernel.sys
2008-05-08 14:14 . 2008-04-13 13:40 28,288 --a------ C:\WINDOWS\system32\dllcache\grserial.sys
2008-05-08 14:14 . 2008-04-13 13:36 20,352 --a------ C:\WINDOWS\system32\dllcache\hidbatt.sys
2008-05-08 14:14 . 2008-04-13 13:45 10,624 --a------ C:\WINDOWS\system32\dllcache\gameenum.sys
2008-05-08 14:12 . 2008-04-13 13:39 206,976 --a------ C:\WINDOWS\system32\dllcache\dot4.sys
2008-05-08 14:12 . 2008-04-13 19:12 20,992 --a------ C:\WINDOWS\system32\dllcache\dshowext.ax
2008-05-08 14:12 . 2008-04-13 13:40 8,320 --a------ C:\WINDOWS\system32\dllcache\dlttape.sys
2008-05-08 14:10 . 2008-04-13 19:11 249,856 --a------ C:\WINDOWS\system32\dllcache\ctmasetp.dll
2008-05-08 14:10 . 2008-04-13 19:11 121,856 --a------ C:\WINDOWS\system32\dllcache\camext30.dll
2008-05-08 14:10 . 2008-04-13 13:46 17,024 --a------ C:\WINDOWS\system32\dllcache\ccdecode.sys
2008-05-08 14:10 . 2008-04-13 13:36 13,952 --a------ C:\WINDOWS\system32\dllcache\cmbatt.sys
2008-05-08 14:10 . 2008-04-13 13:36 10,240 --a------ C:\WINDOWS\system32\dllcache\compbatt.sys
2008-05-08 14:10 . 2008-04-13 13:40 8,192 --a------ C:\WINDOWS\system32\dllcache\changer.sys
2008-05-08 14:09 . 2008-04-13 13:46 38,912 --a------ C:\WINDOWS\system32\dllcache\avc.sys
2008-05-08 14:09 . 2008-04-13 19:12 18,432 --a------ C:\WINDOWS\system32\dllcache\bdaplgin.ax
2008-05-08 14:09 . 2008-04-13 13:36 14,208 --a------ C:\WINDOWS\system32\dllcache\battc.sys
2008-05-08 14:09 . 2008-04-13 13:46 13,696 --a------ C:\WINDOWS\system32\dllcache\avcstrm.sys
2008-05-08 14:09 . 2008-04-13 13:46 11,776 --a------ C:\WINDOWS\system32\dllcache\bdasup.sys
2008-05-08 14:08 . 2008-04-13 14:27 2,188,928 --a------ C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-05-08 14:08 . 2008-04-13 13:46 53,376 --a------ C:\WINDOWS\system32\dllcache\1394bus.sys
2008-05-08 14:08 . 2008-04-13 13:46 48,128 --a------ C:\WINDOWS\system32\dllcache\61883.sys
2008-05-08 14:08 . 2008-04-13 13:40 12,288 --a------ C:\WINDOWS\system32\dllcache\4mmdat.sys
2008-05-08 13:59 . 2007-09-27 15:49 101,528 --a------ C:\WINDOWS\system32\drivers\RCFOX.SYS
2008-05-08 13:58 . 2008-05-08 13:58 <DIR> d-------- C:\Program Files\Common Files\Deterministic Networks
2008-05-08 13:58 . 2008-05-08 13:58 <DIR> d-------- C:\Documents and Settings\cvassil\Application Data\InstallShield
2008-05-08 13:58 . 2007-09-27 12:10 95,504 --a------ C:\WINDOWS\system32\RCIPHlp.dll
2008-05-08 13:58 . 2005-11-08 09:58 24,876 --a------ C:\WINDOWS\system32\drivers\rcvpn.sys
2008-05-08 12:16 . 2008-05-08 12:16 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-08 12:16 . 2008-05-08 12:16 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-08 12:16 . 2008-05-08 12:16 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-08 12:16 . 2008-05-08 12:16 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-08 11:57 . 2004-08-03 22:29 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-08 10:43 . 2008-05-08 12:14 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-08 10:13 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-05-08 10:13 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-05-08 10:11 . 2001-08-17 13:28 765,884 --a------ C:\WINDOWS\system32\dllcache\usrti.sys
2008-05-08 10:10 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-05-08 10:09 . 2008-04-13 19:11 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-05-08 10:08 . 2001-08-17 12:18 285,760 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys
2008-05-08 10:07 . 2001-08-17 14:56 147,200 --a------ C:\WINDOWS\system32\dllcache\smidispb.dll
2008-05-08 10:06 . 2001-08-17 14:56 252,032 --a------ C:\WINDOWS\system32\dllcache\sis300iv.dll
2008-05-08 10:05 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-05-08 10:04 . 2001-08-17 14:56 210,496 --a------ C:\WINDOWS\system32\dllcache\s3mvirge.dll
2008-05-08 10:03 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-08 05:40 . 2008-05-09 05:43 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-07 18:20 . 2008-05-08 23:46 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-07 18:20 . 2008-05-07 18:20 <DIR> d-------- C:\Program Files\AVG
2008-05-07 18:20 . 2008-05-07 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-07 18:20 . 2008-05-07 18:20 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-07 18:20 . 2008-05-07 18:20 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-07 18:19 . 2008-05-07 18:20 8,192 --a------ C:\Documents and Settings\Mark
2008-05-07 18:19 . 2008-05-07 18:20 8,192 --a------ C:\Documents and Settings\LSCHUL~1
2008-05-07 18:15 . 2004-08-04 05:00 131,584 --a------ C:\WINDOWS\system32\dllcache\pmxviceo.dll
2008-05-07 18:15 . 2004-08-04 05:00 83,748 --a------ C:\WINDOWS\system32\dllcache\prcp.nls
2008-05-07 18:15 . 2004-08-04 05:00 83,748 --a------ C:\WINDOWS\system32\dllcache\prc.nls
2008-05-07 18:15 . 2008-04-13 19:10 67,584 --a------ C:\WINDOWS\system32\dllcache\pmigrate.dll
2008-05-07 18:15 . 2001-08-17 13:53 17,792 --a------ C:\WINDOWS\system32\dllcache\ppa.sys
2008-05-07 18:15 . 2001-08-17 13:51 16,128 --a------ C:\WINDOWS\system32\dllcache\pscr.sys
2008-05-07 18:15 . 2004-08-04 05:00 11,264 --a------ C:\WINDOWS\system32\dllcache\pmxmcro.dll
2008-05-07 18:15 . 2001-08-17 13:53 7,168 --a------ C:\WINDOWS\system32\dllcache\pnrmc.sys
2008-05-07 18:15 . 2004-08-04 05:00 6,144 --a------ C:\WINDOWS\system32\dllcache\pmxgl.dll
2008-05-07 18:14 . 2008-04-13 19:11 482,304 --a------ C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-05-07 18:14 . 2008-04-13 19:10 175,104 --a------ C:\WINDOWS\system32\dllcache\pintlcsa.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 18:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-08 10:40 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-07 22:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-07 18:55 --------- d-----w C:\Program Files\Google
2008-05-07 14:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-07 02:43 --------- d-----w C:\Program Files\Java
2008-05-06 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-06 14:39 --------- d-----w C:\Program Files\Dell
2008-05-06 14:37 --------- d--h--w C:\Documents and Settings\cvassil\Application Data\Gtek
2008-05-06 14:37 --------- d--h--w C:\Documents and Settings\Administrator\Application Data\GTek
2008-05-06 14:37 --------- d--h--w C:\Documents and Settings\administrator.SUSANDAVIS\Application Data\Gtek
2008-05-06 14:35 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-04-14 10:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 10:42 985,088 ----a-w C:\WINDOWS\system32\dllcache\setupapi.dll
2008-04-14 10:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 10:42 11,264 ----a-w C:\WINDOWS\system32\dllcache\spnpinst.exe
2008-04-14 10:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 10:41 423,936 ----a-w C:\WINDOWS\system32\dllcache\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\dllcache\netsetup.exe
2008-04-14 00:12 990,208 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\dllcache\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\dllcache\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\dllcache\msafd.dll
2008-04-14 00:10 15,872 ----a-w C:\WINDOWS\system32\dllcache\padrs404.dll
2008-04-14 00:10 15,360 ----a-w C:\WINDOWS\system32\dllcache\padrs804.dll
2008-04-14 00:10 10,240 ----a-w C:\WINDOWS\system32\dllcache\tmigrate.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\dllcache\rdbss.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\dllcache\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\dllcache\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\dllcache\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\dllcache\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\dllcache\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\dllcache\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\dllcache\portcls.sys
2008-04-13 19:19 146,048 ------w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\dllcache\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\dllcache\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\dllcache\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\dllcache\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\dllcache\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\dllcache\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\dllcache\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\dllcache\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\dllcache\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\dllcache\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\dllcache\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\dllcache\tdi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\dllcache\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\dllcache\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\dllcache\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\dllcache\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\dllcache\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2005-03-13 11:45 8,432 --sha-w C:\WINDOWS\system32\drivers\lass.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 19:12 1695232]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-21 16:48 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-21 16:50 86016]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 10:20 282624 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15 151552]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12 94208]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-07 18:20 1177368]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2008-04-30 18:08 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-30043500-4002488749-863938596-1268\Scripts\Logon\0\0]
"Script"=mapdrive.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-30043500-4002488749-863938596-1268\Scripts\Logon\0\1]
"Script"=map2printers.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-30043500-4002488749-863938596-1268\Scripts\Logon\0\2]
"Script"=Rdrive.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-30043500-4002488749-863938596-1344\Scripts\Logon\0\0]
"Script"=mapdrive.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-30043500-4002488749-863938596-1344\Scripts\Logon\0\1]
"Script"=map2printers.vbs

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^wbdh.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wbdh.lnk
backup=C:\WINDOWS\pss\wbdh.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\apisvc]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]
C:\Program Files\Brownie\BrstsWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2006-07-21 16:47 81920 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-01-18 08:37 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-07 18:20]
R1 RCFOX;SonicWALL IPsec Driver;C:\WINDOWS\system32\Drivers\RCFOX.sys [2007-09-27 15:49]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-07 18:20]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 TSScheduleBackup;TimeslipsBackup;C:\WINDOWS\system32\TSSchBkpService.exe [2006-06-15 18:17]
R3 rcvpn;SonicWALL VPN Adapter;C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2005-11-08 09:58]
S2 WinRAR Archiver;WinRAR Archiver;C:\Program Files\WinRAR\WinRARSyS.exe [2008-05-05 15:32]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-08-16 12:02]
S4 ccwiz;ccwiz;C:\WINDOWS\system32\ccproxy.exe []
S4 Jack Jones;Jack Jones installed;C:\WINDOWS\system\1sass.exe []
S4 Microsoft Windows help;ms help;C:\Program Files\Common Files\Microsoft Shared\MSINFO\Upseyup.exe [2008-05-03 11:59]
S4 Portable Media Serial;pms;C:\WINDOWS\UPsutup.exe []
S4 RCPP;RCPP;C:\Program Files\Messenger\MessengerSys [2008-05-05 09:26]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-08 19:21:31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 10:20:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RCPP]
"ImagePath"="C:\Program Files\Messenger\MessengerSys"
.
Completion time: 2008-05-09 10:20:49
ComboFix-quarantined-files.txt 2008-05-09 15:20:46

Pre-Run: 223,293,870,080 bytes free
Post-Run: 223,290,163,200 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

357 --- E O F --- 2008-05-09 08:04:15
techfem is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 05-09-2008, 03:53 PM   #5 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,405
OS: XP Pro SP3


Re: Simultaneous Viruses
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Quote:

Killall::

File::
C:\WINDOWS\system32\inf\svchowb.exe
C:\WINDOWS\SVCH0S.EXE
C:\WINDOWS\system\ewbdhe080504.exe
C:\WINDOWS\system32\fdwbdhd16_080504.dll
C:\WINDOWS\system32\drivers\lass.sys
Driver:
lass
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*
__________________
An Australian Member of



Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 05-12-2008, 07:21 AM   #6 (permalink)
Registered User
 
Join Date: May 2008
Posts: 8
OS: XP SP2


Re: Simultaneous Viruses
Thank you so much for all of your help. I really appreciate it. We are still having the problem with browsing computers. Logs are below.

ComboFix 08-05-08.1 - Administrator 2008-05-12 8:34:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.613 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\SVCH0S.EXE
C:\WINDOWS\system\ewbdhe080504.exe
C:\WINDOWS\system32\drivers\lass.sys
C:\WINDOWS\system32\fdwbdhd16_080504.dll
C:\WINDOWS\system32\inf\svchowb.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\lass.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.

2008-05-09 12:51 . 2008-05-09 12:51 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-09 11:55 . 2008-05-09 11:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-05-09 08:44 . 2008-05-09 08:44 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-09 08:40 . 2008-05-09 08:59 <DIR> d-------- C:\SDFix
2008-05-08 21:36 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-08 21:36 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-08 14:34 . 2008-04-13 19:12 116,224 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-05-08 14:34 . 2008-04-13 19:12 18,944 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-05-08 14:33 . 2008-04-13 13:45 31,744 --a------ C:\WINDOWS\system32\dllcache\wceusbsh.sys
2008-05-08 14:33 . 2008-04-13 13:46 19,200 --a------ C:\WINDOWS\system32\dllcache\wstcodec.sys
2008-05-08 14:33 . 2008-04-13 13:36 8,832 --a------ C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-05-08 14:33 . 2008-04-13 19:12 8,192 --a------ C:\WINDOWS\system32\dllcache\wshirda.dll
2008-05-08 14:32 . 2008-04-13 19:12 53,760 --a------ C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-05-08 14:31 . 2008-04-13 13:45 60,032 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-05-08 14:31 . 2008-04-13 13:45 26,112 --a------ C:\WINDOWS\system32\dllcache\usbser.sys
2008-05-08 14:31 . 2008-04-13 13:45 17,152 --a------ C:\WINDOWS\system32\dllcache\usbohci.sys
2008-05-08 14:31 . 2008-04-13 13:45 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-08 14:30 . 2008-04-13 19:12 82,944 --a------ C:\WINDOWS\system32\dllcache\tp4mon.exe
2008-05-08 14:29 . 2008-04-13 13:40 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys
2008-05-08 14:29 . 2008-04-13 13:46 15,232 --a------ C:\WINDOWS\system32\dllcache\streamip.sys
2008-05-08 14:28 . 2008-04-13 13:40 7,552 --a------ C:\WINDOWS\system32\dllcache\sonyait.sys
2008-05-08 14:27 . 2008-04-13 13:36 16,000 --a------ C:\WINDOWS\system32\dllcache\smbbatt.sys
2008-05-08 14:27 . 2008-04-13 13:46 11,136 --a------ C:\WINDOWS\system32\dllcache\slip.sys
2008-05-08 14:27 . 2008-04-13 13:36 6,912 --a------ C:\WINDOWS\system32\dllcache\smbclass.sys
2008-05-08 14:26 . 2008-04-13 13:45 11,520 --a------ C:\WINDOWS\system32\dllcache\scsiscan.sys
2008-05-08 14:25 . 2008-04-13 13:40 43,904 --a------ C:\WINDOWS\system32\dllcache\sbp2port.sys
2008-05-08 14:25 . 2008-04-13 19:12 29,696 --a------ C:\WINDOWS\system32\dllcache\rw450ext.dll
2008-05-08 14:25 . 2008-04-13 19:12 27,648 --a------ C:\WINDOWS\system32\dllcache\rw430ext.dll
2008-05-08 14:24 . 2008-04-13 19:12 159,232 --a------ C:\WINDOWS\system32\dllcache\ptpusd.dll
2008-05-08 14:24 . 2008-04-13 13:40 79,104 --a------ C:\WINDOWS\system32\dllcache\rocket.sys
2008-05-08 14:24 . 2008-04-13 13:40 6,016 --a------ C:\WINDOWS\system32\dllcache\qic157.sys
2008-05-08 14:23 . 2008-04-13 19:12 363,520 --a------ C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-05-08 14:23 . 2008-04-13 19:10 259,328 --a------ C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-05-08 14:23 . 2008-04-13 19:10 211,584 --a------ C:\WINDOWS\system32\dllcache\perm2dll.dll
2008-05-08 14:23 . 2008-04-13 19:12 33,280 --a------ C:\WINDOWS\system32\dllcache\psisrndr.ax
2008-05-08 14:23 . 2008-04-13 13:44 28,032 --a------ C:\WINDOWS\system32\dllcache\perm3.sys
2008-05-08 14:23 . 2008-04-13 13:44 27,904 --a------ C:\WINDOWS\system32\dllcache\perm2.sys
2008-05-08 14:23 . 2008-04-13 13:41 17,664 --a------ C:\WINDOWS\system32\dllcache\ppa3.sys
2008-05-08 14:23 . 2008-04-13 13:40 8,832 --a------ C:\WINDOWS\system32\dllcache\powerfil.sys
2008-05-08 14:21 . 2008-04-13 13:31 2,065,792 --a------ C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-05-08 14:21 . 2008-04-13 13:46 61,696 --a------ C:\WINDOWS\system32\dllcache\ohci1394.sys
2008-05-08 14:21 . 2008-04-13 13:54 28,672 --a------ C:\WINDOWS\system32\dllcache\nscirda.sys
2008-05-08 14:21 . 2008-04-13 13:46 10,880 --a------ C:\WINDOWS\system32\dllcache\ndisip.sys
2008-05-08 14:20 . 2008-04-13 13:46 85,248 --a------ C:\WINDOWS\system32\dllcache\nabtsfec.sys
2008-05-08 14:20 . 2008-04-13 13:46 49,024 --a------ C:\WINDOWS\system32\dllcache\mstape.sys
2008-05-08 14:20 . 2008-04-13 13:54 22,016 --a------ C:\WINDOWS\system32\dllcache\msircomm.sys
2008-05-08 14:20 . 2008-04-13 13:39 5,504 --a------ C:\WINDOWS\system32\dllcache\mstee.sys
2008-05-08 14:19 . 2008-04-13 19:12 56,832 --a------ C:\WINDOWS\system32\dllcache\msdvbnp.ax
2008-05-08 14:19 . 2008-04-13 13:46 51,200 --a------ C:\WINDOWS\system32\dllcache\msdv.sys
2008-05-08 14:19 . 2008-04-13 13:41 26,112 --a------ C:\WINDOWS\system32\dllcache\memstpci.sys
2008-05-08 14:19 . 2008-04-13 13:46 15,232 --a------ C:\WINDOWS\system32\dllcache\mpe.sys
2008-05-08 14:18 . 2008-04-13 19:11 253,952 --a------ C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-05-08 14:18 . 2008-04-13 19:12 91,136 --a------ C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-05-08 14:18 . 2008-04-13 19:12 61,952 --a------ C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-05-08 14:18 . 2008-04-13 19:11 48,640 --a------ C:\WINDOWS\system32\dllcache\kdsui.dll
2008-05-08 14:18 . 2008-04-13 19:12 43,008 --a------ C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-05-08 14:18 . 2008-04-13 13:40 34,688 --a------ C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2008-05-08 14:18 . 2008-04-13 13:40 7,040 --a------ C:\WINDOWS\system32\dllcache\ltotape.sys
2008-05-08 14:17 . 2008-04-13 19:12 151,552 --a------ C:\WINDOWS\system32\dllcache\irftp.exe
2008-05-08 14:17 . 2008-04-13 13:54 88,192 --a------ C:\WINDOWS\system32\dllcache\irda.sys
2008-05-08 14:17 . 2008-04-13 19:11 28,160 --a------ C:\WINDOWS\system32\dllcache\irmon.dll
2008-05-08 14:17 . 2008-04-13 19:12 16,384 --a------ C:\WINDOWS\system32\dllcache\ipsink.ax
2008-05-08 14:17 . 2008-04-13 19:09 6,144 --a------ C:\WINDOWS\system32\dllcache\kbd106.dll
2008-05-08 14:16 . 2008-04-13 19:11 702,845 --a------ C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-05-08 14:14 . 2008-04-13 13:45 59,136 --a------ C:\WINDOWS\system32\dllcache\gckernel.sys
2008-05-08 14:14 . 2008-04-13 13:40 28,288 --a------ C:\WINDOWS\system32\dllcache\grserial.sys
2008-05-08 14:14 . 2008-04-13 13:36 20,352 --a------ C:\WINDOWS\system32\dllcache\hidbatt.sys
2008-05-08 14:14 . 2008-04-13 13:45 10,624 --a------ C:\WINDOWS\system32\dllcache\gameenum.sys
2008-05-08 14:12 . 2008-04-13 13:39 206,976 --a------ C:\WINDOWS\system32\dllcache\dot4.sys
2008-05-08 14:12 . 2008-04-13 19:12 20,992 --a------ C:\WINDOWS\system32\dllcache\dshowext.ax
2008-05-08 14:12 . 2008-04-13 13:40 8,320 --a------ C:\WINDOWS\system32\dllcache\dlttape.sys
2008-05-08 14:10 . 2008-04-13 19:11 249,856 --a------ C:\WINDOWS\system32\dllcache\ctmasetp.dll
2008-05-08 14:10 . 2008-04-13 19:11 121,856 --a------ C:\WINDOWS\system32\dllcache\camext30.dll
2008-05-08 14:10 . 2008-04-13 13:46 17,024 --a------ C:\WINDOWS\system32\dllcache\ccdecode.sys
2008-05-08 14:10 . 2008-04-13 13:36 13,952 --a------ C:\WINDOWS\system32\dllcache\cmbatt.sys
2008-05-08 14:10 . 2008-04-13 13:36 10,240 --a------ C:\WINDOWS\system32\dllcache\compbatt.sys
2008-05-08 14:10 . 2008-04-13 13:40 8,192 --a------ C:\WINDOWS\system32\dllcache\changer.sys
2008-05-08 14:09 . 2008-04-13 13:46 38,912 --a------ C:\WINDOWS\system32\dllcache\avc.sys
2008-05-08 14:09 . 2008-04-13 19:12 18,432 --a------ C:\WINDOWS\system32\dllcache\bdaplgin.ax
2008-05-08 14:09 . 2008-04-13 13:36 14,208 --a------ C:\WINDOWS\system32\dllcache\battc.sys
2008-05-08 14:09 . 2008-04-13 13:46 13,696 --a------ C:\WINDOWS\system32\dllcache\avcstrm.sys
2008-05-08 14:09 . 2008-04-13 13:46 11,776 --a------ C:\WINDOWS\system32\dllcache\bdasup.sys
2008-05-08 14:08 . 2008-04-13 14:27 2,188,928 --a------ C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-05-08 14:08 . 2008-04-13 13:46 53,376 --a------ C:\WINDOWS\system32\dllcache\1394bus.sys
2008-05-08 14:08 . 2008-04-13 13:46 48,128 --a------ C:\WINDOWS\system32\dllcache\61883.sys
2008-05-08 14:08 . 2008-04-13 13:40 12,288 --a------ C:\WINDOWS\system32\dllcache\4mmdat.sys
2008-05-08 13:59 . 2007-09-27 15:49 101,528 --a------ C:\WINDOWS\system32\drivers\RCFOX.SYS
2008-05-08 13:58 . 2008-05-08 13:58 <DIR> d-------- C:\Program Files\Common Files\Deterministic Networks
2008-05-08 13:58 . 2008-05-08 13:58 <DIR> d-------- C:\Documents and Settings\cvassil\Application Data\InstallShield
2008-05-08 13:58 . 2007-09-27 12:10 95,504 --a------ C:\WINDOWS\system32\RCIPHlp.dll
2008-05-08 13:58 . 2005-11-08 09:58 24,876 --a------ C:\WINDOWS\system32\drivers\rcvpn.sys
2008-05-08 12:16 . 2008-05-08 12:16 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-08 12:16 . 2008-05-08 12:16 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-08 12:16 . 2008-05-08 12:16 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-08 12:16 . 2008-05-08 12:16 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-08 11:57 . 2004-08-03 22:29 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-08 10:43 . 2008-05-08 12:14 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-08 10:13 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-05-08 10:13 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-05-08 10:11 . 2001-08-17 13:28 765,884 --a------ C:\WINDOWS\system32\dllcache\usrti.sys
2008-05-08 10:10 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-05-08 10:09 . 2008-04-13 19:11 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-05-08 10:08 . 2001-08-17 12:18 285,760 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys
2008-05-08 10:07 . 2001-08-17 14:56 147,200 --a------ C:\WINDOWS\system32\dllcache\smidispb.dll
2008-05-08 10:06 . 2001-08-17 14:56 252,032 --a------ C:\WINDOWS\system32\dllcache\sis300iv.dll
2008-05-08 10:05 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-05-08 10:04 . 2001-08-17 14:56 210,496 --a------ C:\WINDOWS\system32\dllcache\s3mvirge.dll
2008-05-08 10:03 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-08 05:40 . 2008-05-11 05:55 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-07 18:20 . 2008-05-11 23:53 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-07 18:20 . 2008-05-07 18:20 <DIR> d-------- C:\Program Files\AVG
2008-05-07 18:20 . 2008-05-07 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-07 18:20 . 2008-05-07 18:20 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-07 18:20 . 2008-05-07 18:20 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-07 18:19 . 2008-05-07 18:20 8,192 --a------ C:\Documents and Settings\Mark
2008-05-07 18:19 . 2008-05-07 18:20 8,192 --a------ C:\Documents and Settings\LSCHUL~1
2008-05-07 18:15 . 2004-08-04 05:00 131,584 --a------ C:\WINDOWS\system32\dllcache\pmxviceo.dll
2008-05-07 18:15 . 2004-08-04 05:00 83,748 --a------ C:\WINDOWS\system32\dllcache\prcp.nls
2008-05-07 18:15 . 2004-08-04 05:00 83,748 --a------ C:\WINDOWS\system32\dllcache\prc.nls
2008-05-07 18:15 . 2008-04-13 19:10 67,584 --a------ C:\WINDOWS\system32\dllcache\pmigrate.dll
2008-05-07 18:15 . 2001-08-17 13:53 17,792 --a------ C:\WINDOWS\system32\dllcache\ppa.sys
2008-05-07 18:15 . 2001-08-17 13:51 16,128 --a------ C:\WINDOWS\system32\dllcache\pscr.sys
2008-05-07 18:15 . 2004-08-04 05:00 11,264 --a------ C:\WINDOWS\system32\dllcache\pmxmcro.dll
2008-05-07 18:15 . 2001-08-17 13:53 7,168 --a------ C:\WINDOWS\system32\dllcache\pnrmc.sys
2008-05-07 18:15 . 2004-08-04 05:00 6,144 --a------ C:\WINDOWS\system32\dllcache\pmxgl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 19:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-10 17:04 --------- d-----w C:\Program Files\Google
2008-05-08 19:05 --------- d-----w C:\Documents and Settings\cvassil\Application Data\SonicWALL
2008-05-08 18:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-08 10:40 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-07 23:33 --------- d-----w C:\Program Files\SonicWALL
2008-05-07 22:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-07 02:43 --------- d-----w C:\Program Files\Java
2008-05-06 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-06 14:39 --------- d-----w C:\Program Files\Dell
2008-05-06 14:37 --------- d--h--w C:\Documents and Settings\cvassil\Application Data\Gtek
2008-05-06 14:37 --------- d--h--w C:\Documents and Settings\Administrator\Application Data\GTek
2008-05-06 14:37 --------- d--h--w C:\Documents and Settings\administrator.SUSANDAVIS\Application Data\Gtek
2008-05-06 14:35 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-04-23 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 3,901 ------w C:\WINDOWS\system32\drivers\siint5.dll
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ------w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 18:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-13 18:46 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-13 18:46 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 18:46 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-13 18:46 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-13 18:46 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-13 18:46 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 18:44 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 18:41 8,576 ----a-w C:\WINDOWS\system32\drivers\i2omgmt.sys
2008-04-13 18:41 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 18:41 18,560 ----a-w C:\WINDOWS\system32\drivers\i2omp.sys
2008-04-13 18:39 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
2008-04-13 18:39 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys
2008-04-13 18:39 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys
2008-04-13 18:39 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys
2008-04-13 18:39 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-09_10.20.40.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-09 13:51:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-12 13:37:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2008-05-08 17:24:26 71,640 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-09 18:51:15 71,640 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-08 17:24:26 440,606 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-09 18:51:15 440,606 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-10 12:04 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 19:12 1695232]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-21 16:48 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-21 16:50 86016]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 10:20 282624 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15 151552]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12 94208]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-07 18:20 1177368]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2008-04-30 18:08 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-30043500-4002488749-863938596-1268\Scripts\Logon\0\0]
"Script"=mapdrive.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-30043500-4002488749-863938596-1268\Scripts\Logon\0\1]
"Script"=map2printers.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-30043500-4002488749-863938596-1268\Scripts\Logon\0\2]
"Script"=Rdrive.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-30043500-4002488749-863938596-1344\Scripts\Logon\0\0]
"Script"=mapdrive.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-30043500-4002488749-863938596-1344\Scripts\Logon\0\1]
"Script"=map2printers.vbs

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\apisvc]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]
C:\Program Files\Brownie\BrstsWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2006-07-21 16:47 81920 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-01-18 08:37 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-07 18:20]
R1 RCFOX;SonicWALL IPsec Driver;C:\WINDOWS\system32\Drivers\RCFOX.sys [2007-09-27 15:49]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-07 18:20]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 TSScheduleBackup;TimeslipsBackup;C:\WINDOWS\system32\TSSchBkpService.exe [2006-06-15 18:17]
R3 rcvpn;SonicWALL VPN Adapter;C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2005-11-08 09:58]
S2 WinRAR Archiver;WinRAR Archiver;C:\Program Files\WinRAR\WinRARSyS.exe [2008-05-05 15:32]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-08-16 12:02]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-08 19:21:31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 08:39:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
.
**************************************************************************
.
Completion time: 2008-05-12 8:40:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-12 13:40:51
ComboFix2.txt 2008-05-09 15:20:49

Pre-Run: 223,178,416,128 bytes free
Post-Run: 223,093,923,840 bytes free

373 --- E O F --- 2008-05-09 08:04:15



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 944 AM, on 5/12/2008
Platform: Windo