help with huijackthis log

[vikkam]

Hi
I am having problems with pcsecuritylabs.com having taken over my IE.
attaching hyjackthis log
It is not allowing me to restore pc to earleir point or run security softwares.

quote
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:17 PM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NCH Swift Sound\Components\mp3el\mp3enc.exe
C:\Program Files\NCH Swift Sound\Components\mp3el\mp3enc.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\RemotelyAnywhere\x86\RaMaint.exe
d:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {00EE2230-D6C9-4957-9D72-1E861935F156} - C:\WINDOWS\system32\rqrromm.dll
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {8221948E-BC3A-4947-B7C4-2C607C1751D5} - C:\WINDOWS\system32\jkklm.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\mehbrinj.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: oembios32.msdn_hlp - {D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF} - C:\WINDOWS\system32\oembios32.dll (file missing)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\qkcnbebs.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://gs.reyrey.com
O16 - DPF: CM_AdvancedCAB - https://www.gs.reyrey.com/common/Cli...dvancedCAB.CAB
O16 - DPF: PrintTemplateViewerCab - https://www.gs.reyrey.com/clientdll/...lateviewer.cab
O16 - DPF: {03D19749-C5FA-4CCC-99AB-00AB2AF45ACD} (File Transfer ActiveX Client) - https://home:2000/activex/RACtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1183834216265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1185639133265
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://www.gs.reyrey.com/clientdll/arview2.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://connect.callutheran.edu/dana...niperSetup.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...91/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{694FF3D2-94BC-4697-818E-FCBA3D5A91B4}: NameServer = 10.40.13.91,10.40.13.95
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBC69EA4-2394-47D6-B67B-DD4C4C0DFCB1}: NameServer = 192.168.0.1
O20 - Winlogon Notify: rqrromm - C:\WINDOWS\SYSTEM32\rqrromm.dll
O20 - Winlogon Notify: winhoq32 - C:\WINDOWS\SYSTEM32\winhoq32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BroadWave Service (BroadWaveService) - Unknown owner - C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - LogMeIn, Inc. - D:\Program Files\RemotelyAnywhere\x86\RaMaint.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - d:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 10318 bytes
unquote

[TheBruce1]

Hello and welcome to TSF


Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

===============================================================

Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.

---------------------------------------------------------------

Its important that you follow this through until i give you the all clear,a lack of symptoms does not mean the infection is gone,its in your best interest that you follow this through to the end.

===================================================

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: oembios32.msdn_hlp - {D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF} - C:\WINDOWS\system32\oembios32.dll (file missing)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)

Please remember to close all other windows, including browsers then click Fix checked.

===================================================

Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop




Go to → Run → paste in the single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


====================================================

Hijackthis Uninstall List

* Start HijackThis
* Click on the Config button
* Click on the Misc Tools button
* Click on the Open Uninstall Manager button.
* You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into your next reply.

When finished click on the Main Menu button and follow instructions below.

---------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

==================================
Logs Required
C:\Combofix.txt
Uninstall list from Hijackthis
Hijackthis log

Let me know how your system is behaving,thanks.

[vikkam]

Thanks much for your help.
I tried saving uninstall file from Hijacktthis but it saves and closes the program
I am unable to find the file through search.

I am attaching other 2 files.

I once again got pop ups and security bar in IE.
===========
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:12 PM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe
C:\Program Files\NCH Swift Sound\Components\mp3el\mp3enc.exe
C:\Program Files\NCH Swift Sound\Components\mp3el\mp3enc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\RemotelyAnywhere\x86\RaMaint.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\notepad.exe
D:\Program Files\Trend Micro\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\lfbuhnau.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\fuknpcgu.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://gs.reyrey.com
O16 - DPF: CM_AdvancedCAB - https://www.gs.reyrey.com/common/Cli...dvancedCAB.CAB
O16 - DPF: PrintTemplateViewerCab - https://www.gs.reyrey.com/clientdll/...lateviewer.cab
O16 - DPF: {03D19749-C5FA-4CCC-99AB-00AB2AF45ACD} (File Transfer ActiveX Client) - https://home:2000/activex/RACtrl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1183834216265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1185639133265
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://www.gs.reyrey.com/clientdll/arview2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://connect.callutheran.edu/dana...niperSetup.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...91/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{694FF3D2-94BC-4697-818E-FCBA3D5A91B4}: NameServer = 10.40.13.91,10.40.13.95
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBC69EA4-2394-47D6-B67B-DD4C4C0DFCB1}: NameServer = 192.168.0.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BroadWave Service (BroadWaveService) - Unknown owner - C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\wyfrbmfi.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - LogMeIn, Inc. - D:\Program Files\RemotelyAnywhere\x86\RaMaint.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 8447 bytes
================

ComboFix 07-10-17.8 - vkamdar 2007-10-17 18:26:41.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1750 [GMT -7:00]
Running from: C:\Documents and Settings\vkamdar\desktop\combofix.exe
Command switches used :: /killall
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\C2
C:\WINDOWS\system32\djlbmfsy.dll
C:\WINDOWS\system32\drivers\bg_bg.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\close_ico.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\icon_warning_big.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\remove_spyware_header.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\spyware_detected.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_ico.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\icsabqpx.exe
C:\WINDOWS\system32\ihgtwhot.exe
C:\WINDOWS\system32\iqstivtv.exe
C:\WINDOWS\system32\jkklm.dll
C:\WINDOWS\system32\mehbrinj.dll
C:\WINDOWS\system32\mlkkj.bak1
C:\WINDOWS\system32\mlkkj.bak1
C:\WINDOWS\system32\mlkkj.ini
C:\WINDOWS\system32\mlkkj.ini
C:\WINDOWS\system32\prutv.bak1
C:\WINDOWS\system32\prutv.bak1
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\pyvuvdbt.dll
C:\WINDOWS\system32\RAinit.dll
C:\WINDOWS\system32\tbdvuvyp.ini
C:\WINDOWS\system32\ttstv.bak1
C:\WINDOWS\system32\ttstv.ini
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\ysfmbljd.ini
C:\WINDOWS\system32\Z1
C:\WINDOWS\system32\Z2
C:\WINDOWS\system32\Z2\mon33dll.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-09-18 to 2007-10-18 )))))))))))))))))))))))))))))))
.

2007-10-17 18:26 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-17 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
2007-10-17 12:35 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-16 19:41 <DIR> d-------- C:\Documents and Settings\vkamdar\Application Data\Bitdefender
2007-10-16 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-16 18:23 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-10-16 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-10-16 18:02 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-10-16 06:16 101,376 --a------ C:\WINDOWS\system32\drvkuk.dll
2007-10-16 06:16 33,792 --a------ C:\WINDOWS\system32\hggefgh.dll
2007-10-16 06:16 15,360 --a------ C:\WINDOWS\system32\drvkukr.dll
2007-10-15 21:40 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-10-15 21:40 51,328 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
2007-10-15 21:40 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2007-10-15 21:40 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys
2007-10-15 21:40 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2007-10-15 21:40 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys
2007-10-15 18:25 14,604 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2007-10-15 06:26 8,704 --a------ C:\WINDOWS\system32\pfdnnt.exe
2007-10-15 06:17 <DIR> d-------- C:\Program Files\Panda Security
2007-10-13 13:48 34,816 --a------ C:\WINDOWS\system32\rqrromm.dll
2007-10-13 08:40 1,924 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-12 07:14 <DIR> d-------- C:\Program Files\AntispyStorm
2007-10-12 05:43 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-10-12 05:42 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-10-12 00:18 101,888 --a------ C:\WINDOWS\system32\drvboz.dll
2007-10-12 00:18 15,360 --a------ C:\WINDOWS\system32\drvbozr.dll
2007-10-11 23:59 196,096 --a------ C:\WINDOWS\system32\macd32.dll
2007-10-11 23:59 138,752 --a------ C:\WINDOWS\system32\mase32.dll
2007-10-11 23:59 136,192 --a------ C:\WINDOWS\system32\mamc32.dll
2007-10-11 23:59 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2007-10-11 23:59 57,856 --a------ C:\WINDOWS\system32\masd32.dll
2007-10-11 23:59 27,648 --a------ C:\WINDOWS\system32\ma32.dll
2007-10-11 23:58 171,520 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
2007-10-11 23:58 49,152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll
2007-10-11 23:58 41,219 --a------ C:\WINDOWS\RSETPATH.exe
2007-10-11 23:58 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2007-10-11 23:57 <DIR> d-------- C:\Program Files\Pinnacle
2007-10-11 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2007-10-10 20:59 <DIR> d-------- C:\Documents and Settings\vkamdar\Application Data\Media Player Classic
2007-10-10 20:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\NCH Swift Sound
2007-10-10 20:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\NCH Swift Sound
2007-10-10 20:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\NCH Swift Sound
2007-10-10 20:39 <DIR> d-------- C:\Program Files\NCH Software
2007-10-10 20:39 <DIR> d-------- C:\Documents and Settings\vkamdar\Application Data\Recordpad
2007-10-10 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-10-10 20:38 23,616 --a------ C:\WINDOWS\system32\drivers\nchssvad.sys
2007-10-10 20:37 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-10-10 20:37 <DIR> d-------- C:\Documents and Settings\vkamdar\Application Data\NCH Swift Sound
2007-10-10 05:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-10-09 19:52 <DIR> d-------- C:\Program Files\MagicISO
2007-10-07 16:13 <DIR> d-------- C:\Program Files\Astro Gemini Software
2007-10-07 11:01 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2007-10-07 09:48 <DIR> d-------- C:\Documents and Settings\vkamdar\Application Data\.BitTornado
2007-10-06 19:52 41,729 --a------ C:\WINDOWS\system32\drivers\Mkeusbi.sys
2007-10-06 19:52 14,308 --a------ C:\WINDOWS\system32\drivers\Mkemusb.sys
2007-10-06 13:33 <DIR> d-------- C:\WINDOWS\system32\ffdshow
2007-10-03 15:02 768 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-10-02 06:26 <DIR> d-------- C:\Program Files\WinPcap
2007-10-02 06:25 <DIR> d-------- C:\Documents and Settings\vkamdar\Application Data\Sytexis Software
2007-09-30 20:22 <DIR> d-------- C:\Documents and Settings\vkamdar\Application Data\Grisoft
2007-09-30 20:22 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-09-30 20:21 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-30 14:17 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-09-30 13:19 <DIR> d-------- C:\WINDOWS\system32\GB9
2007-09-30 13:19 <DIR> d-------- C:\WINDOWS\system32\DL1
2007-09-30 13:19 <DIR> d-------- C:\Temp
2007-09-30 09:37 <DIR> d-------- C:\Program Files\iPod
2007-09-24 20:22 <DIR> d-------- C:\RegBackup
2007-09-21 18:38 <DIR> d-------- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-16 01:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-15 13:35 --------- d-----w C:\Program Files\Google
2007-10-15 02:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-07 16:48 --------- d-----w C:\Documents and Settings\vkamdar\Application Data\.BitTornado
2007-10-07 02:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-05 13:28 --------- d-----w C:\Documents and Settings\vkamdar\Application Data\AdobeUM
2007-09-30 13:58 --------- d-----w C:\Program Files\QuickTime
2007-09-30 13:58 --------- d-----w C:\Program Files\FileZilla Server
2007-09-15 20:02 --------- d-----w C:\Program Files\MSN Messenger
2007-09-15 12:30 --------- d-----w C:\Documents and Settings\vkamdar\Application Data\Easy Macro Recorder
2007-09-15 12:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Easy Macro Recorder
2007-09-06 01:07 --------- d-----w C:\Documents and Settings\vkamdar\Application Data\dvdcss
2007-09-03 19:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2007-09-03 16:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-01 14:44 --------- d-----w C:\Documents and Settings\vkamdar\Application Data\gtk-2.0
2007-08-26 19:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-08-25 16:05 --------- d-----w C:\Documents and Settings\vkamdar\Application Data\vlc
2007-08-21 13:09 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Juniper Networks
2007-08-21 13:09 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Juniper Networks
2007-08-21 13:09 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Juniper Networks
2007-08-21 04:40 --------- d-----w C:\Program Files\Juniper Networks
2007-08-21 04:40 --------- d-----w C:\Documents and Settings\vkamdar\Application Data\Juniper Networks
2007-08-21 04:40 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Juniper Networks
2007-08-21 02:48 --------- d-----w C:\Program Files\MSECache
2007-08-19 17:03 --------- d-----w C:\Documents and Settings\vkamdar\Application Data\Ahead
2007-08-16 02:28 81 ----a-w C:\CTX.DAT
2007-06-29 22:58 948 ----a-w C:\Documents and Settings\vkamdar\notepad.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00EE2230-D6C9-4957-9D72-1E861935F156}]
2007-10-13 13:48 34816 --a------ C:\WINDOWS\system32\rqrromm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-21 11:12]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-04-02 16:48]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00]

C:\Documents and Settings\vkamdar\Start Menu\Programs\Startup\
Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe [2007-07-07 10:43:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{00EE2230-D6C9-4957-9D72-1E861935F156}"= C:\WINDOWS\system32\rqrromm.dll [2007-10-13 13:48 34816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrromm]
rqrromm.dll 2007-10-13 13:48 34816 C:\WINDOWS\system32\rqrromm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhoq32]
winhoq32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CARD Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CARD Monitor.lnk
backup=C:\WINDOWS\pss\CARD Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
backup=C:\WINDOWS\pss\officejet 6100.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BroadWaveRun]
"C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe" -logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
rundll32.exe C:\WINDOWS\system32\drvboz.dll,startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
"C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISMModule4]
"C:\Program Files\ISM\ISMModule4.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"D:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service]
d:\Program Files\Essentials Codec Pack\update.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
d:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
"C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemotelyAnywhere GUI]
"D:\Program Files\RemotelyAnywhere\x86\RAGui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"FileZilla Server"=2 (0x2)
"ERSvc"=2 (0x2)
"dsNcService"=2 (0x2)

R2 BroadWaveService;BroadWave Service;"C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe" -service
R2 RAInfo;RemotelyAnywhere Kernel Information Provider;\??\D:\Program Files\RemotelyAnywhere\x86\RaInfo.sys
R2 RARfsDriver;RemotelyAnywhere Remote File System Driver;\??\C:\WINDOWS\system32\drivers\RARfsDriver.sys
R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys
R3 ramirr;ramirr;C:\WINDOWS\system32\DRIVERS\ramirr.sys
S2 MKEMUSB;Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkemusb.sys
S3 DCamUSBMke;USB Video Camera for Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkeusbi.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-16 23:43:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-15 00:30:33 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1184454664.job"
- D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 18:52:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-17 18:52:55 - machine was rebooted
.
--- E O F ---

[TheBruce1]

Hello again

Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.

========================================================

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

http://www.techsupportforum.com/newreply.php?do=postreply&t=188157

Collect::
C:\WINDOWS\system32\lfbuhnau.dll
C:\WINDOWS\system32\drvkukr.dll
C:\WINDOWS\system32\drvkuk.dll
C:\WINDOWS\system32\rqrromm.dll
C:\WINDOWS\system32\drvboz.dll
C:\WINDOWS\system32\drvbozr.dll

File::
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\fuknpcgu.dll
C:\WINDOWS\retadpu1000106.exe

Folder::
C:\Program Files\AntispyStorm
C:\WINDOWS\system32\acespy
C:\Program Files\WinAble

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00EE2230-D6C9-4957-9D72-1E861935F156}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{00EE2230-D6C9-4957-9D72-1E861935F156}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrromm]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhoq32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

Save this as CFscript




Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file(s).

=====================================================

Quote:

Originally Posted by vikkam

I tried saving uninstall file from Hijacktthis but it saves and closes the program

Yes it most likely is in your Documents folder>click start>My Documents>look for uninstall_list.txt>if not there try again.

When you click on save list>save to Desktop.

----------------------------------------------------

Also please rename hijackthis.exe to vikkam.exe:

Right click on Hijackthis>scroll to rename>vikkam.exe.

====================================================

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

=======================================================
Logs Required
C:\Combofix.txt
Uninstall list
Hijackthis log

[vikkam]

Thanks so much for helping me out.

I tried running Trendmicro and Kaspersky online scan whole of last night.
The security bar seems to be embedded very deep.

This is on my home machine so do it tonight and post.

Thanks once again fo rall your help without which I may have to format and
loose most of important data.

vikkam

[TheBruce1]

Do not run online scans at this time,it its not needed.The Toolbar should be removed this time around as Combofix will target the file for removal.
Format is a last resort and we have not reached that point.

[vikkam]

C:\Combofix.txt
=======================
ComboFix 07-10-19.1 - vkamdar 2007-10-18 18:45:43.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1725 [GMT -7:00]
Running from: C:\Documents and Settings\vkamdar\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\vkamdar\Desktop\cfscript.txt

FILE::
C:\WINDOWS\retadpu1000106.exe
C:\WINDOWS\system32\fuknpcgu.dll
C:\WINDOWS\system32\stfv.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\vkamdar\Application Data\BestsellerAntivirus
C:\Documents and Settings\vkamdar\Application Data\BestsellerAntivirus\avtasks.dat
C:\Documents and Settings\vkamdar\Application Data\BestsellerAntivirus\avtasks.dat
C:\Documents and Settings\vkamdar\Application Data\BestsellerAntivirus\Logs\av.log
C:\Documents and Settings\vkamdar\Application Data\BestsellerAntivirus\Logs\av.log
C:\Documents and Settings\vkamdar\Application Data\BestsellerAntivirus\Logs\ga6Support.log
C:\Documents and Settings\vkamdar\Application Data\BestsellerAntivirus\Logs\ga6Support.log
C:\Documents and Settings\vkamdar\Application Data\BestsellerAntivirus\Logs\update.log
C:\Documents and Settings\vkamdar\Application Data\BestsellerAntivirus\Logs\update.log
C:\Documents and Settings\vkamdar\Application Data\BestsellerAntivirus\PGE.dat
C:\Documents and Settings\vkamdar\Application Data\BestsellerAntivirus\PGE.dat
C:\Program Files\AntispyStorm
C:\Program Files\AntispyStorm\as_ie_monitor.dll
C:\Program Files\AntispyStorm\config.dat
C:\Program Files\AntispyStorm\stat.bin
C:\Program Files\AntispyStorm\uninstall.exe
C:\Program Files\AntispyStorm\uninstall.log
C:\UGA6P
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\drvboz.dll
C:\WINDOWS\system32\drvbozr.dll
C:\WINDOWS\system32\drvkuk.dll
C:\WINDOWS\system32\drvkukr.dll
C:\WINDOWS\system32\fuknpcgu.dll
C:\WINDOWS\system32\fuknpcgu.dll
C:\WINDOWS\system32\hjllm.bak1
C:\WINDOWS\system32\hjllm.bak1
C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\lfbuhnau.dll
C:\WINDOWS\system32\lfbuhnau.dll
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\qtyvsbei.dll
C:\WINDOWS\system32\rqrromm.dll
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\ugcpnkuf.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-09-19 to 2007-10-19 )))))))))))))))))))))))))))))))
.

2007-10-18 18:47 <DIR> d-------- C:\WINDOWS\system32\tmp00005764
2007-10-18 06:39 <DIR> d--hs---- C:\found.000
2007-10-17 20:34 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-17 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-17 20:20 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-17 19:47 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-17 19:47 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-17 19:47 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-17 19:47 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-17 19:47 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-17 19:40 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-10-17 18:26 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-17 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
2007-10-17 12:35 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-16 19:41 <DIR> d-------- C:\Documents and Settings\vkamdar\Application Data\Bitdefender
2007-10-16 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-16 18:23 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-10-16 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-10-16 18:02 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-10-16 06:16 33,792 --a------ C:\WINDOWS\system32\hggefgh.dll
2007-10-15 21:40 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-10-15 21:40 51,328 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
2007-10-15 21:40 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2007-10-15 21:40 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys
2007-10-15 21:40 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2007-10-15 21:40 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys
2007-10-15 18:25 14,604 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2007-10-15 06:26 8,704 --a------ C:\WINDOWS\system32\pfdnnt.exe
2007-10-15 06:17 <DIR> d-------- C:\Program Files\Panda Security
2007-10-13 08:40 2,182 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-12 00:01 1,712,128 --a------ C:\WINDOWS\system32\GDIPLUS.DLL
2007-10-12 00:01 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll
2007-10-12 00:01 233,472 --------- C:\WINDOWS\system32\DiskIO.dll
2007-10-12 00:01 184,320 --------- C:\WINDOWS\system32\RALMain.dll
2007-10-12 00:01 126,976 --------- C:\WINDOWS\system32\AVIPrAx.dll
2007-10-12 00:01 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll
2007-10-12 00:01 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-10-12 00:01 41,984 --a------ C:\WINDOWS\system32\cacheX.dll
2007-10-12 00:01 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll
2007-10-11 23:59 196,096 --a------ C:\WINDOWS\system32\macd32.dll
2007-10-11 23:59 138,752 --a------ C:\WINDOWS\system32\mase32.dll
2007-10-11 23:59 136,192 --a------ C:\WINDOWS\system32\mamc32.dll
2007-10-11 23:59 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2007-10-11 23:59 57,856 --a------ C:\WINDOWS\system32\masd32.dll
2007-10-11 23:59 27,648 --a------ C:\WINDOWS\system32\ma32.dll
2007-10-11 23:58 171,520 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
2007-10-11 23:58 49,152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll
2007-10-11 23:58 41,219 --a------ C:\WINDOWS\RSETPATH.exe
2007-10-11 23:58 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2007-10-11 23:57 <DIR> d-------- C:\Program Files\Pinnacle
2007-10-11 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2007-10-10 20:59 <DIR> d-------- C:\Documents and Settings\vkamdar\Application Data\Media Player Classic
2007-10-10 20:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\NCH Swift Sound
2007-10-10 20:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\NCH Swift Sound
2007-10-10 20:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\NCH Swift Sound
2007-10-10 20:39 <DIR> d-------- C:\Program Files\NCH Software
2007-10-10 20:39 <DIR> d-------- C:\Documents and Settings\vkamdar\Application Data\Recordpad
2007-10-10 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-10-10 20:38 23,616 --a------ C:\WINDOWS\system32\drivers\nchssvad.sys
2007-10-10 20:37 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-10-10 20:37 <DIR> d-------- C:\Documents and Settings\vkamdar\Application Data\NCH Swift Sound
2007-10-10 05:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-10-09 19:52 <DIR> d-------- C:\Program Files\MagicISO
2007-10-07 16:13 <DIR> d-------- C:\Program Files\Astro Gemini Software
2007-10-07 11:01 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2007-10-07 09:48 <DIR> d-------- C:\Documents and Settings\vkamdar\Application Data\.BitTornado
2007-10-06 19:52 41,729 --a------ C:\WINDOWS\system32\drivers\Mkeusbi.sys
2007-10-06 19:52 14,308 --a------ C:\WINDOWS\system32\drivers\Mkemusb.sys
2007-10-03 15:02 768 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-10-02 06:26 <DIR> d-------- C:\Program Files\WinPcap
2007-10-02 06:25 <DIR> d-------- C:\Documents and Settings\vkamdar\Application Data\Sytexis Software
2007-09-30 20:22 <DIR> d-------- C:\Documents and Settings\vkamdar\Application Data\Grisoft
2007-09-30 20:22 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-09-30 20:21 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-30 14:17 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-09-30 13:19 <DIR> d-------- C:\WINDOWS\system32\GB9
2007-09-30 13:19 <DIR> d-------- C:\WINDOWS\system32\DL1
2007-09-30 13:19 <DIR> d-------- C:\Temp
2007-09-30 09:37 <DIR> d-------- C:\Program Files\iPod
2007-09-24 20:22 <DIR> d-------- C:\RegBackup
2007-09-21 18:38 <DIR> d-------- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-18 03:08 --------- d-----w C:\Documents and Settings\vkamdar\Application Data\Easy Macro Recorder
2007-10-17 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-16 01:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-15 13:35 --------- d-----w C:\Program Files\Google
2007-10-15 02:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-07 16:48 --------- d-----w C:\Documents and Settings\vkamdar\Application Data\.BitTornado
2007-10-07 02:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-05 13:28 --------- d-----w C:\Documents and Settings\vkamdar\Application Data\AdobeUM
2007-09-30 13:58 --------- d-----w C:\Program Files\QuickTime
2007-09-15 20:02 --------- d-----w C:\Program Files\MSN Messenger
2007-09-15 12:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Easy Macro Recorder
2007-09-06 01:07 --------- d-----w C:\Documents and Settings\vkamdar\Application Data\dvdcss
2007-09-03 19:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2007-09-03 16:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-01 14:44 --------- d-----w C:\Documents and Settings\vkamdar\Application Data\gtk-2.0
2007-08-26 19:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-08-25 16:05 --------- d-----w C:\Documents and Settings\vkamdar\Application Data\vlc
2007-08-21 13:09 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Juniper Networks
2007-08-21 13:09 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Juniper Networks
2007-08-21 13:09 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Juniper Networks
2007-08-21 04:40 --------- d-----w C:\Program Files\Juniper Networks
2007-08-21 04:40 --------- d-----w C:\Documents and Settings\vkamdar\Application Data\Juniper Networks
2007-08-21 04:40 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Juniper Networks
2007-08-21 02:48 --------- d-----w C:\Program Files\MSECache
2007-08-19 17:03 --------- d-----w C:\Documents and Settings\vkamdar\Application Data\Ahead
2007-08-16 02:28 81 ----a-w C:\CTX.DAT
2007-06-29 22:58 948 ----a-w C:\Documents and Settings\vkamdar\notepad.exe
.

((((((((((((((((((((((((((((( snapshot@2007-10-17_18.52.30.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-11-02 21:41:52 516,832 ----a-w C:\WINDOWS\system32\capicom.dll
- 2007-10-12 07:04:30 390,384 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-10-18 13:41:24 370,488 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2005-05-24 19:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 22:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 22:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2007-10-18 01:52:29 70,852 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-10-19 01:51:37 70,968 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-18 01:52:29 438,956 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-10-19 01:51:37 439,264 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-03-15 19:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
+ 2007-03-15 19:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-21 11:12]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-04-02 16:48]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lfbuhnau]
lfbuhnau.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt