Issue with Explorer - Page 2

rpmccaffrey · 12-29-2007, 09:36 AM

Double-Post and i can't seem to figure out how to delete a post.

rpmccaffrey · 12-29-2007, 09:49 AM

Okay, sorry about all the confusion. Hopefully we're on the same page now.

ComboFix 07-12-25.2 - Patrick 2007-12-30 11:05:32.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.396 [GMT -5:00]
Running from: C:\Documents and Settings\Patrick\Desktop\TSF\ComboFix.exe
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))
.

2007-12-29 19:56 . 2007-12-29 19:56 <DIR> d-------- C:\Program Files\AskPBar
2007-12-29 18:23 . 2007-12-29 18:23 139,008 --a------ C:\WINDOWS\SYSTEM32\guard32.dll.vir
2007-12-29 18:23 . 2007-12-29 18:23 81,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cmdGuard.sys
2007-12-29 18:23 . 2007-12-29 18:23 23,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cmdhlp.sys
2007-12-29 18:21 . 2007-12-29 18:21 <DIR> d-------- C:\Program Files\New Folder
2007-12-24 14:29 . 2007-12-30 10:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-24 14:29 . 2007-12-24 14:29 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-24 10:50 . 2007-12-24 10:50 354,816 --a------ C:\WINDOWS\SYSTEM32\OLD68.tmp
2007-12-23 18:15 . 2007-12-23 18:15 <DIR> d----c--- C:\VundoFix Backups
2007-12-23 18:09 . 2007-12-23 18:09 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-12-23 18:09 . 2007-12-23 18:09 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-23 16:53 . 2007-12-24 10:48 169,984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msconfig.exe
2007-12-23 13:57 . 2007-12-23 17:58 18,944 --a------ C:\WINDOWS\SYSTEM32\CTXFIHLP.EXE
2007-12-23 09:25 . 2007-12-30 00:37 4,958,588 --a------ C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.BAK
2007-12-22 21:53 . 2007-12-22 21:53 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-22 21:05 . 2007-12-23 19:40 15,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ctfmon.exe
2007-12-22 21:05 . 2007-12-23 19:40 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon.exe
2007-12-22 20:03 . 2007-12-22 20:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-22 20:02 . 2007-12-22 20:02 <DIR> d-------- C:\Documents and Settings\Patrick\Application Data\SUPERAntiSpyware.com
2007-12-22 19:32 . 2007-12-23 18:15 <DIR> d-------- C:\Documents and Settings\Patrick\.housecall6.6
2007-12-22 14:56 . 2007-12-22 14:56 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-21 23:23 . 2007-12-21 23:23 <DIR> d-------- C:\Documents and Settings\Patrick\Application Data\Armagetron
2007-12-21 23:23 . 2007-12-21 23:23 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Armagetron
2007-12-21 18:43 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\SYSTEM32\spmsg2.dll
2007-12-21 18:29 . 2007-12-21 18:29 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-21 18:25 . 2007-12-21 18:26 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2007-12-08 19:24 . 2007-12-08 19:24 <DIR> d-------- C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP
2007-12-02 09:39 . 2007-12-02 13:45 <DIR> d-------- C:\Documents and Settings\Patrick\Application Data\Ufasoft
2007-11-24 11:44 . 2007-12-22 16:37 <DIR> d-------- C:\Program Files\QuickTime
2007-11-21 11:38 . 2007-11-21 11:38 <DIR> d-------- C:\Documents and Settings\Patrick\Application Data\Nero
2007-11-18 12:54 . 2007-11-18 12:54 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2007-11-16 20:32 . 2007-11-16 20:32 <DIR> d-------- C:\Program Files\Ventrilo
2007-11-16 16:13 . 2007-11-16 16:58 <DIR> d-------- C:\WINDOWS\NV27882364.TMP
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts
2007-11-13 22:06 . 2007-10-11 20:57 195,096 --a------ C:\WINDOWS\SYSTEM32\lvci1150.dll
2007-11-13 22:05 . 2007-12-30 10:45 0 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\logiflt.iad
2007-11-13 22:03 . 2007-07-18 19:40 195,096 --a------ C:\WINDOWS\SYSTEM32\lvci1110.dll
2007-11-13 22:01 . 2007-11-13 22:11 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Logishrd
2007-11-11 00:11 . 2007-11-21 11:31 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-11-07 17:33 . 2007-11-07 17:33 <DIR> d-------- C:\Documents and Settings\Patrick\My Games
2007-11-07 17:33 . 2007-11-07 17:33 <DIR> d----c--- C:\Documents and Settings\All Users\Microsoft
2007-11-04 21:11 . 2007-11-04 21:11 <DIR> d-------- C:\Program Files\Nero
2007-11-04 21:11 . 2007-11-04 21:16 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-04 21:11 . 2007-11-04 21:11 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 15:45 0 -c--a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2007-12-30 05:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-30 05:12 --------- d-----w C:\Program Files\Common Files\aol
2007-12-30 01:29 --------- d-----w C:\Program Files\MSN Apps
2007-12-30 00:48 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Aim
2007-12-29 23:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\Comodo
2007-12-29 23:49 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Comodo
2007-12-24 15:48 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
2007-12-24 03:05 --------- d-----w C:\Program Files\Intel
2007-12-23 19:03 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-23 00:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-22 23:50 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-22 19:56 --------- d-----w C:\Program Files\Lavasoft
2007-12-22 01:43 --------- d-----w C:\Documents and Settings\Patrick\Application Data\My Battle for Middle-earth(tm) II Files
2007-12-16 19:29 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Canon
2007-12-16 18:32 --------- d-----w C:\Program Files\MSECACHE
2007-12-09 00:23 --------- d-----w C:\Documents and Settings\Grace\Application Data\Comodo
2007-12-08 00:25 --------- d-----w C:\Program Files\CPP-AIO-FD
2007-12-04 20:57 --------- d-----w C:\Documents and Settings\Marcia\Application Data\Skype
2007-12-04 20:57 --------- d-----w C:\Documents and Settings\Marcia\Application Data\Comodo
2007-11-24 19:38 --------- d-----w C:\Program Files\Apple Software Update
2007-11-24 19:04 --------- d-----w C:\Program Files\iPod
2007-11-21 17:37 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-11-21 17:37 --------- d-----w C:\Program Files\Google
2007-11-21 16:44 --------- d-----w C:\Program Files\Viewpoint
2007-11-21 16:44 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Viewpoint
2007-11-21 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-21 16:24 --------- d-----w C:\Program Files\Common Files\Real
2007-11-21 16:22 --------- d-----w C:\Program Files\DHzer0point ForceWare Drivers
2007-11-18 17:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-14 03:07 --------- d-----w C:\Program Files\Common Files\LogiShrd
2007-11-14 03:03 --------- d-----w C:\Program Files\Common Files\Logitech
2007-11-14 03:01 --------- d-----w C:\Program Files\Logitech
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-02 00:54 21,840 -c--atw C:\WINDOWS\SYSTEM32\SIntfNT.dll
2007-11-02 00:54 17,212 -c--atw C:\WINDOWS\SYSTEM32\SIntf32.dll
2007-11-02 00:54 12,067 -c--atw C:\WINDOWS\SYSTEM32\SIntf16.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\shell32(2).dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-24 06:47 96,760 ----a-w C:\WINDOWS\SYSTEM32\dfshim.dll
2007-10-24 06:47 84,480 ----a-w C:\WINDOWS\SYSTEM32\mscories.dll
2007-10-24 06:47 282,112 ----a-w C:\WINDOWS\SYSTEM32\mscoree.dll
2007-10-24 06:47 158,720 ----a-w C:\WINDOWS\SYSTEM32\mscorier.dll
2007-10-21 15:37 82,960 -c--a-w C:\Documents and Settings\Patrick\Application Data\GDIPFONTCACHEV1.DAT
2007-10-12 02:00 490,008 ----a-w C:\WINDOWS\SYSTEM32\LVUI2.dll
2007-10-12 02:00 465,432 ----a-w C:\WINDOWS\SYSTEM32\LVUI2RC.dll
2007-10-12 01:57 416,280 ----a-w C:\WINDOWS\SYSTEM32\lvcodec2.dll
2007-10-12 01:18 21,138 ----a-w C:\WINDOWS\SYSTEM32\Repository.reg
2007-10-04 22:14 81,920 ----a-w C:\WINDOWS\SYSTEM32\nvwddi.dll
2007-10-04 22:14 81,920 ----a-w C:\WINDOWS\SYSTEM32\nvmctray.dll
2007-10-04 22:14 8,491,008 ----a-w C:\WINDOWS\SYSTEM32\nvcpl.dll
2007-10-04 22:14 753,664 ----a-w C:\WINDOWS\SYSTEM32\nvcplui.exe
2007-10-04 22:14 6,854,464 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\nv4_mini.sys
2007-10-04 22:14 6,750,208 ----a-w C:\WINDOWS\SYSTEM32\nvoglnt.dll
2007-10-04 22:14 6,344,704 ----a-w C:\WINDOWS\SYSTEM32\nvdisps.dll
2007-10-04 22:14 5,783,424 ----a-w C:\WINDOWS\SYSTEM32\nv4_disp.dll
2007-10-04 22:14 466,944 ----a-w C:\WINDOWS\SYSTEM32\nvshell.dll
2007-10-04 22:14 45,056 ----a-w C:\WINDOWS\SYSTEM32\nvmccsrs.dll
2007-10-04 22:14 442,368 ----a-w C:\WINDOWS\SYSTEM32\nvappbar.exe
2007-10-04 22:14 425,984 ----a-w C:\WINDOWS\SYSTEM32\keystone.exe
2007-10-04 22:14 364,544 ----a-w C:\WINDOWS\SYSTEM32\nvapi.dll
2007-10-04 22:14 36,864 ----a-w C:\WINDOWS\SYSTEM32\nvcodins.dll
2007-10-04 22:14 36,864 ----a-w C:\WINDOWS\SYSTEM32\nvcod.dll
2007-10-04 22:14 307,200 ----a-w C:\WINDOWS\SYSTEM32\nvexpbar.dll
2007-10-04 22:14 3,551,232 ----a-w C:\WINDOWS\SYSTEM32\nvvitvs.dll
2007-10-04 22:14 3,334,144 ----a-w C:\WINDOWS\SYSTEM32\nvgames.dll
2007-10-04 22:14 286,720 ----a-w C:\WINDOWS\SYSTEM32\nvnt4cpl.dll
2007-10-04 22:14 229,376 ----a-w C:\WINDOWS\SYSTEM32\nvmccs.dll
2007-10-04 22:14 2,371,584 ----a-w C:\WINDOWS\SYSTEM32\nvwss.dll
2007-10-04 22:14 188,416 ----a-w C:\WINDOWS\SYSTEM32\nvmccss.dll
2007-10-04 22:14 155,716 ----a-w C:\WINDOWS\SYSTEM32\nvsvc32.exe
2007-10-04 22:14 147,456 ----a-w C:\WINDOWS\SYSTEM32\nvcolor.exe
2007-10-04 22:14 1,703,936 ----a-w C:\WINDOWS\SYSTEM32\nvwdmcpl.dll
2007-10-04 22:14 1,626,112 ----a-w C:\WINDOWS\SYSTEM32\nwiz.exe
2007-10-04 22:14 1,478,656 ----a-w C:\WINDOWS\SYSTEM32\nview.dll
2007-10-04 22:14 1,339,392 ----a-w C:\WINDOWS\SYSTEM32\nvdspsch.exe
2007-10-04 22:14 1,150,976 ----a-w C:\WINDOWS\SYSTEM32\nvmobls.dll
2007-10-04 22:14 1,019,904 ----a-w C:\WINDOWS\SYSTEM32\nvwimg.dll
2007-09-20 21:21 43,520 -c--a-w C:\WINDOWS\SYSTEM32\CmdLineExt03.dll
2007-09-20 14:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 14:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 14:55 95,600 ----a-w C:\WINDOWS\SYSTEM32\NeroCo.dll
2007-09-17 06:10 356,352 -c--a-w C:\WINDOWS\SYSTEM32\NVUNINST.EXE
2007-09-17 06:10 356,352 -c--a-w C:\WINDOWS\SYSTEM32\nvudisp.exe
2007-09-11 09:17 81,920 -c--a-w C:\WINDOWS\SYSTEM32\frapsvid.dll
2007-09-05 00:03 73,728 ----a-w C:\WINDOWS\SYSTEM32\CavEmLSP.dll
2007-09-05 00:03 499,712 ----a-w C:\WINDOWS\SYSTEM32\msvcp71.dll
2007-09-05 00:03 434,252 -c--a-w C:\WINDOWS\SYSTEM32\MSVCRTD.DLL
2007-09-05 00:03 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll
2007-09-05 00:03 216,576 ----a-w C:\WINDOWS\SYSTEM32\monln.dll
2007-09-05 00:03 1,060,864 -c--a-w C:\WINDOWS\SYSTEM32\MFC71.dll
2007-06-27 23:57 77,160 -c--a-w C:\Documents and Settings\Marcia\Application Data\GDIPFONTCACHEV1.DAT
2007-06-22 14:27 1,112 -c--a-w C:\Documents and Settings\Patrick\Application Data\ViewerApp.dat
2007-04-08 23:48 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
2006-06-01 21:24 71,248 -c--a-w C:\Documents and Settings\Grace\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2007-12-23_12.42.27.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-09-21 20:53:44 385,536 ----a-w C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
- 2007-12-23 15:03:01 15,086 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ARPPRODUCTICON.exe
+ 2007-12-26 03:46:46 15,086 -c--a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ARPPRODUCTICON.exe
- 2007-12-23 15:03:01 15,086 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\DesktopShortcut_10110FE91EE84A3DADFD1294F86BE5FC.exe
+ 2007-12-26 03:46:47 15,086 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\DesktopShortcut_10110FE91EE84A3DADFD1294F86BE5FC.exe
- 2007-12-23 15:03:01 53,248 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ProgramGroupShortcut_EFA2BBEBCF93493B904B1B970B8DFAB6.exe
+ 2007-12-26 03:46:47 53,248 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ProgramGroupShortcut_EFA2BBEBCF93493B904B1B970B8DFAB6.exe
- 2007-11-24 01:12:08 74,616 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\inspect.sys
+ 2007-12-29 23:23:07 75,384 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\inspect.sys
- 2007-04-24 00:56:40 217,586 -c--a-w C:\WINDOWS\SYSTEM32\INETSRV\MetaBase.bin
+ 2007-12-30 15:48:26 217,037 ----a-w C:\WINDOWS\SYSTEM32\INETSRV\MetaBase.bin
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2007-12-30 15:46:40 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_40c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SB Audigy 2 Startup Menu"="/L:ENG" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-23 19:40]
"DAEMON Tools"="G:\Patrick's Stuff\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 17:29]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-12-29 19:24]
"SUPERAntiSpyware"="G:\Patrick's Stuff\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 13:46 C:\WINDOWS\KHALMNPR.Exe]
"CTHelper"="CTHELPER.EXE" [2006-08-11 13:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-12-23 17:58 C:\WINDOWS\SYSTEM32\CTXFIHLP.EXE]
"cnfgCav"="G:\Patrick's Stuff\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [2007-09-04 19:03]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 02:56 C:\WINDOWS\SYSTEM32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 02:56 C:\WINDOWS\SYSTEM32\rundll32.exe]
"iTunesHelper"="G:\Patrick's Stuff\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"COMODO Firewall Pro"="G:\Patrick's Stuff\Program Files\Comodo\cfp.exe" [2007-12-29 18:23]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-10-11 21:03]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-08-11 10:46:15]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= G:\Patrick's Stuff\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
G:\Patrick's Stuff\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 G:\Patrick's Stuff\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
monln.dll 2007-09-04 19:03 216576 C:\WINDOWS\SYSTEM32\monln.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet k series) - 1.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet k series) - 1.lnk
backup=C:\WINDOWS\pss\HPAiODevice(hp officejet k series) - 1.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Patrick^Start Menu^Programs^Startup^Event Reminder.lnk]
backup=C:\WINDOWS\pss\Event Reminder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 12:28 684032 --a--c--- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
G:\Patrick's Stuff\Program Files\BitTorrent\bittorrent.exe --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
2002-09-30 01:00 45056 --a--c--- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2007-12-23 19:40 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2002-10-29 09:18 49152 --a--c--- C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
2001-07-25 10:00 241714 --a--c--- C:\Program Files\Microsoft Money\System\Activation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe]
C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 15:57 153136 --a------ C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 11:00 49152 --a--c--- G:\Patrick's Stuff\Program Files\OmniPage SE\OpwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 02:43 83608 --a--c--- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_7 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 01:00 90112 --a--c--- C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP Tools]
C:\Program Files\XP Tools\xptools.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"NwSapAgent"=2 (0x2)
"McTskshd.exe"=2 (0x2)
"McRedirector"=2 (0x2)
"McODS"=2 (0x2)
"McNASvc"=2 (0x2)
"McLogManagerService"=2 (0x2)
"NMap"=2 (0x2)
"DNADownloader"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"McAfee HackerWatch Service"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"WZCSVC"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"TapiSrv"=3 (0x3)
"Spooler"=2 (0x2)
"SCardSvr"=3 (0x3)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"RPCSEO"=2 (0x2)
"NetSvc"=3 (0x3)
"MSFtpsvc"=2 (0x2)
"mcpromgr"=2 (0x2)
"mcmispupdmgr"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"KodakCCS"=3 (0x3)
"IDriverT"=3 (0x3)
"Crypkey License"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"aawservice"=2 (0x2)

R0 Cavasm;Cavasm;C:\WINDOWS\system32\DRIVERS\cavasm.sys [2007-09-04 19:03]
R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sonypvl3.sys [2007-09-08 10:46]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-12-29 18:23]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-12-29 18:23]
R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sonypvf3.sys [2004-11-15 13:55]
R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sonypvt3.sys [2004-12-06 14:26]
R1 vcdrom;Virtual CD-ROM Device Driver;C:\Documents and Settings\Patrick\Desktop\Mods\VCdRom.sys [2001-12-19 10:45]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys [2002-06-20 20:45]
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys [2002-06-20 20:45]
S1 sonypvd3;Sony DVD Handycam;C:\WINDOWS\system32\DRIVERS\sonypvd3.sys [2004-12-07 15:00]
S2 Comodo Anti-Virus and Anti-Spyware Service;Comodo Anti-Virus and Anti-Spyware Service;"C:\Program Files\Comodo\common\CAVASpy\cavasm.exe" []
S2 RPCT;Remote Procedure Call (TPM);C:\Program Files\Common Files\Microsoft Shared\Speech\mstinit.exe [2004-12-02 22:03]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 12:11]
S3 BOCDRIVE;BOClean Kernel Monitor.;G:\Patrick's Stuff\Program Files\BOCDRIVE.sys []
S3 hdnuxsirnc;hdnuxsirnc;G:\Patrick's Stuff\G_Lide\hdnuxsirnc.sys []
S3 kix;kix;G:\Patrick's Stuff\Firefox\kix.sys []
S3 lc3pkt_2.1;LC3 Packet Driver;C:\Program Files\@stake\LC4\lc3pkt.sys []
S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys [2004-02-04 10:27]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;G:\Patrick's Stuff\Program Files\Sniffer\usft_sn4.sys [2007-11-12 23:10]
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys [2002-06-20 20:45]
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys [2002-06-20 20:45]
S3 XSHARK;XSHARK Driver (xshark.sys);C:\WINDOWS\system32\Drivers\xshark.sys [2003-01-31 06:41]
S4 RPCSEO;Remote Procedure Call (RPC) Se;C:\Program Files\Intel\service [2007-09-23 13:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49ed17f4-bda8-11da-8497-0007e9560613}]
\Shell\AutoRun\command - H:\JDSecure\Windows\JDSecure20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57fe71cf-0d87-11d8-8032-0048542290d5}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{874ef91e-1e0d-11d8-8057-0048542290d5}]
\Shell\AutoRun\command - H:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-26 12:26:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-07-25 04:40:38 C:\WINDOWS\Tasks\Backup_2.job"
- C:\WINDOWS\system32\ntbackup.exegbackup
"2005-08-01 04:09:45 C:\WINDOWS\Tasks\Backup_3.job"
- C:\WINDOWS\system32\ntbackup.exegbackup
"2005-07-23 19:24:40 C:\WINDOWS\Tasks\Backup_4.job"
- C:\WINDOWS\system32\ntbackup.exegbackup
"2007-12-23 23:00:06 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (D8RG9L31-Grace).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2006-07-28 21:00:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (D8RG9L31-Patrick).job"
- c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
"2007-12-26 06:48:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2007-12-30 11:14:02
C:\ComboFix2.txt ... 2007-12-30 00:18
C:\ComboFix3.txt ... 2007-12-29 19:30
.
2007-12-22 14:51:00 --- E O F ---

Ried · 12-29-2007, 09:59 PM

Please run a new scan at Kaspersky and save the results to post in your next reply.

Also, delete your existing Log.txt and run RenV.exe again. Post that new Log.txt here as well.

rpmccaffrey · 12-30-2007, 09:26 PM

**trimmed Kaspersky report**

"C:\Program Files\QuickTime\QTTask.exe"
"C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\xkfsnuzm.dll.vir"
"C:\qoobox\Quarantine\C\Documents and Settings\Patrick\Local Settings\Temp\TMP959.tmp.vir"
"C:\qoobox\Quarantine\C\Documents and Settings\Patrick\Local Settings\Temp\TMPCF.tmp.vir"
"C:\qoobox\Quarantine\C\Program Files\Canqzrac\dodahxga.dll.vir"
"C:\qoobox\Quarantine\C\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe.vir"
"C:\qoobox\Quarantine\C\Program Files\Logitech\QuickCam\Quickcam.exe.vir"
"C:\qoobox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir"
"C:\qoobox\Quarantine\C\Program Files\Outerinfo\OuterinfoUpdate.exe.vir"
"C:\qoobox\Quarantine\C\Program Files\vqlitsfe\dorwjgtw.dll.vir"
"C:\qoobox\Quarantine\C\WINDOWS\Intel.DLL.vir"
"C:\qoobox\Quarantine\C\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe.tmp.vir"
"C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\ctfmon(2).exe.vir"
"C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\ctfmon.exe.tmp.vir"
"C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\hggfged.dll.vir"
"C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\njprckha\njprckha1.exe.vir"
"C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\njprckha\njprckha2.exe.vir"
"C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\njprckha\njprckha3.exe.vir"
"C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\OLD103.tmp.vir"
"C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\ssqrp(2).dll.vir"
"C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\ssqrp.dll.vir"
"C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\ssqrp.exe.vir"
"C:\qoobox\Quarantine\catchme2007-12-23_123955.57.zip"
"C:\qoobox\Quarantine\catchme2007-12-23_175737.42.zip"
"C:\qoobox\Quarantine\D\Program Files\World of Warcraft\Interface\AddOns\WOWEcon.exe.vir"
"C:\qoobox\Quarantine\G\Patrick's Stuff\Hack1\ophcrack\win32_tools\LsaExt.dll.vir"
"C:\qoobox\Quarantine\G\Patrick's Stuff\Hack1\ophcrack\win32_tools\pwservice.exe.vir"
"C:\qoobox\Quarantine\G\Patrick's Stuff\Torrent\Warcraft III Reign of Chaos and The Frozen Throne + Crack +Patch War3TFT_121a_English\Files\Warcraft3keygen.exe.exe.vir"
"C:\RECYCLER\S-1-5-21-2243144081-4092077250-658685947-1007\Dc1\bar\2.bin\ASKPBAR.DLL"
"C:\WINDOWS\SYSTEM32\OLD68.tmp"
"C:\WINDOWS\SYSTEM32\ssqrp.dll"
"C:\WINDOWS\SYSTEM32\ssqrp.exe"

===== Details =====

Number of items = 379
C:\Program Files\QuickTime\QTTask.exe ------> AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\xkfsnuzm.dll.vir ------> Trojan.Win32.Obfuscated.mi skipped
C:\qoobox\Quarantine\C\Documents and Settings\Patrick\Local Settings\Temp\TMP959.tmp.vir

---more entries in backups--

C:\WINDOWS\SYSTEM32\OLD68.tmp ------> AdWare.Win32.Virtumonde.cli skipped
C:\WINDOWS\SYSTEM32\ssqrp.dll ------> AdWare.Win32.Virtumonde.dgy skipped
C:\WINDOWS\SYSTEM32\ssqrp.exe ------> AdWare.Win32.Virtumonde.cli skipped

RenV Log:

Code:

Ran on Mon 12/31/2007 - 23:22:33.14

----a-w         1,694,208 2008-01-01 00:53:40  C:\Program Files\Messenger\msmsgs .exe

 Entries:                1  (1)
 Directories:            0  Files:             1
 Bytes:          1,694,208  Blocks:        3,309

-----------------------------------------------------------------------
I am still not sure what is totally safe to trim off the Kasper Sky log myself, so as much as I would like to help, i think it is best if i leave that in your hands.
Here it is: KS_12-30.txt

Ried · 12-30-2007, 09:47 PM

I'd like to hit this hard and fast, if you can stick around.

We've got Quicktime being reported as infected by Kaspersky, but not Messenger--yet Messenger is in the log produced by RenV.

Delete your existing ComboFix.exe as the tool has once again been updated.

Download it again from any of these locations:

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Disconnect from the internet.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Code:

File::
C:\WINDOWS\SYSTEM32\OLD68.tmp
C:\WINDOWS\SYSTEM32\ssqrp.dll
C:\WINDOWS\SYSTEM32\ssqrp.exe

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please post the C:\ComboFix.txt

rpmccaffrey · 12-31-2007, 11:28 AM

I apologize; i went to bed shortly after posting last. Unfortunately, I have also spent my morning snowblowing (New Hampshire weather...ten inches of snow), so I did not spend much time on the computer. Regardless, here is the log:

ComboFix 07-12-31.4 - Patrick 2008-01-01 10:05:01.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.437 [GMT -5:00]
Running from: C:\Documents and Settings\Patrick\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Patrick\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\SYSTEM32\OLD68.tmp
C:\WINDOWS\SYSTEM32\ssqrp.dll
C:\WINDOWS\SYSTEM32\ssqrp.exe
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\OLD68.tmp
C:\WINDOWS\SYSTEM32\prqss.ini
C:\WINDOWS\SYSTEM32\prqss.ini2
C:\WINDOWS\SYSTEM32\ssqrp.dll
C:\WINDOWS\system32\ssqrp.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-01 to 2008-01-01 )))))))))))))))))))))))))))))))
.

2008-01-01 10:01 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 09:41 . 2008-01-01 09:41 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon .exe
2007-12-29 18:23 . 2007-12-29 18:23 139,008 --a------ C:\WINDOWS\SYSTEM32\guard32.dll.vir
2007-12-29 18:23 . 2007-12-29 18:23 81,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cmdGuard.sys
2007-12-29 18:23 . 2007-12-29 18:23 23,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cmdhlp.sys
2007-12-29 18:21 . 2007-12-29 18:21 <DIR> d-------- C:\Program Files\New Folder
2007-12-24 14:29 . 2008-01-01 10:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-24 14:29 . 2007-12-24 14:29 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-23 18:15 . 2007-12-23 18:15 <DIR> d----c--- C:\VundoFix Backups
2007-12-23 18:09 . 2007-12-23 18:09 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-12-23 18:09 . 2007-12-23 18:09 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-23 16:53 . 2007-12-24 10:48 169,984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msconfig.exe
2007-12-23 13:57 . 2007-12-23 17:58 18,944 --a------ C:\WINDOWS\SYSTEM32\CTXFIHLP.EXE
2007-12-23 09:25 . 2008-01-01 10:12 4,958,588 --------- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.BAK
2007-12-22 21:53 . 2007-12-22 21:53 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-22 21:05 . 2007-12-23 19:40 15,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ctfmon.exe
2007-12-22 21:05 . 2007-12-23 19:40 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon.exe
2007-12-22 20:03 . 2007-12-22 20:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-22 20:02 . 2007-12-22 20:02 <DIR> d-------- C:\Documents and Settings\Patrick\Application Data\SUPERAntiSpyware.com
2007-12-22 19:32 . 2007-12-23 18:15 <DIR> d-------- C:\Documents and Settings\Patrick\.housecall6.6
2007-12-22 14:56 . 2007-12-22 14:56 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-21 23:23 . 2007-12-21 23:23 <DIR> d-------- C:\Documents and Settings\Patrick\Application Data\Armagetron
2007-12-21 23:23 . 2007-12-21 23:23 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Armagetron
2007-12-21 18:43 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\SYSTEM32\spmsg2.dll
2007-12-21 18:29 . 2007-12-21 18:29 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-21 18:25 . 2007-12-21 18:26 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2007-12-08 19:24 . 2007-12-08 19:24 <DIR> d-------- C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP
2007-12-02 09:39 . 2007-12-02 13:45 <DIR> d-------- C:\Documents and Settings\Patrick\Application Data\Ufasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 15:14 0 -c--a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-01-01 15:14 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
2007-12-30 05:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-30 05:12 --------- d-----w C:\Program Files\Common Files\aol
2007-12-30 01:29 --------- d-----w C:\Program Files\MSN Apps
2007-12-30 00:48 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Aim
2007-12-29 23:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\Comodo
2007-12-29 23:49 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Comodo
2007-12-24 03:05 --------- d-----w C:\Program Files\Intel
2007-12-23 19:03 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-23 00:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-22 23:50 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-22 21:37 --------- d-----w C:\Program Files\QuickTime
2007-12-22 19:56 --------- d-----w C:\Program Files\Lavasoft
2007-12-22 01:43 --------- d-----w C:\Documents and Settings\Patrick\Application Data\My Battle for Middle-earth(tm) II Files
2007-12-16 19:29 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Canon
2007-12-16 18:32 --------- d-----w C:\Program Files\MSECACHE
2007-12-09 00:23 --------- d-----w C:\Documents and Settings\Grace\Application Data\Comodo
2007-12-08 00:25 --------- d-----w C:\Program Files\CPP-AIO-FD
2007-12-04 20:57 --------- d-----w C:\Documents and Settings\Marcia\Application Data\Skype
2007-12-04 20:57 --------- d-----w C:\Documents and Settings\Marcia\Application Data\Comodo
2007-11-24 19:38 --------- d-----w C:\Program Files\Apple Software Update
2007-11-24 19:04 --------- d-----w C:\Program Files\iPod
2007-11-21 17:37 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-11-21 17:37 --------- d-----w C:\Program Files\Google
2007-11-21 16:44 --------- d-----w C:\Program Files\Viewpoint
2007-11-21 16:44 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Viewpoint
2007-11-21 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-21 16:38 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Nero
2007-11-21 16:24 --------- d-----w C:\Program Files\Common Files\Real
2007-11-21 16:22 --------- d-----w C:\Program Files\DHzer0point ForceWare Drivers
2007-11-18 17:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-18 17:54 --------- d-----w C:\Program Files\NVIDIA Corporation
2007-11-17 01:32 --------- d-----w C:\Program Files\Ventrilo
2007-11-14 03:11 --------- dc----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-11-14 03:07 --------- d-----w C:\Program Files\Common Files\LogiShrd
2007-11-14 03:03 --------- d-----w C:\Program Files\Common Files\Logitech
2007-11-14 03:01 --------- d-----w C:\Program Files\Logitech
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-05 02:16 --------- d-----w C:\Program Files\Common Files\Nero
2007-11-05 02:11 --------- dc----w C:\Documents and Settings\All Users\Application Data\Nero
2007-11-05 02:11 --------- d-----w C:\Program Files\Nero
2007-10-21 15:37 82,960 -c--a-w C:\Documents and Settings\Patrick\Application Data\GDIPFONTCACHEV1.DAT
2007-06-27 23:57 77,160 -c--a-w C:\Documents and Settings\Marcia\Application Data\GDIPFONTCACHEV1.DAT
2007-06-22 14:27 1,112 -c--a-w C:\Documents and Settings\Patrick\Application Data\ViewerApp.dat
2007-04-08 23:48 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
2006-06-01 21:24 71,248 -c--a-w C:\Documents and Settings\Grace\Application Data\GDIPFONTCACHEV1.DAT
2006-03-08 19:05 3,577 -c--a-w C:\Program Files\readme.txt
2006-02-24 20:15 592,172,917 -c--a-w C:\Program Files\SF2-SW_USDemo.exe
2005-01-24 00:30 208 -c--a-w C:\Documents and Settings\Patrick\Application Data\tvmdmns.dll
2005-01-23 19:28 206 -c----w C:\Documents and Settings\Grace\Application Data\tvmdmns.dll
2005-01-23 05:11 204 -c--a-w C:\Documents and Settings\Richard McCaffrey\Application Data\tvmdmns.dll
2004-11-28 17:49 77,048 -c--a-w C:\Documents and Settings\Richard McCaffrey\Application Data\GDIPFONTCACHEV1.DAT
.

Code:

----a-w         1,694,208 2008-01-01 00:53:40  C:\Program Files\Messenger\msmsgs .exe
----a-w            81,920 2008-01-01 14:41:52  C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd .exe
----a-w            15,360 2008-01-01 14:41:52  C:\WINDOWS\SYSTEM32\ctfmon .exe

((((((((((((((((((((((((((((( snapshot@2007-12-23_12.42.27.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-09-21 20:53:44 385,536 ----a-w C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
- 2007-12-23 15:03:01 15,086 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ARPPRODUCTICON.exe
+ 2007-12-26 03:46:46 15,086 -c--a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ARPPRODUCTICON.exe
- 2007-12-23 15:03:01 15,086 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\DesktopShortcut_10110FE91EE84A3DADFD1294F86BE5FC.exe
+ 2007-12-26 03:46:47 15,086 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\DesktopShortcut_10110FE91EE84A3DADFD1294F86BE5FC.exe
- 2007-12-23 15:03:01 53,248 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ProgramGroupShortcut_EFA2BBEBCF93493B904B1B970B8DFAB6.exe
+ 2007-12-26 03:46:47 53,248 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ProgramGroupShortcut_EFA2BBEBCF93493B904B1B970B8DFAB6.exe
- 2005-09-27 00:34:26 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe
+ 2007-12-24 15:48:23 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
- 2007-11-24 01:12:08 74,616 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\inspect.sys
+ 2007-12-29 23:23:07 75,384 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\inspect.sys
- 2007-04-24 00:56:40 217,586 -c--a-w C:\WINDOWS\SYSTEM32\INETSRV\MetaBase.bin
+ 2008-01-01 15:18:25 217,036 ----a-w C:\WINDOWS\SYSTEM32\INETSRV\MetaBase.bin
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-01-01 15:16:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_434.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SB Audigy 2 Startup Menu"="/L:ENG" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-23 19:40 15360]
"DAEMON Tools"="G:\Patrick's Stuff\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 17:29 165784]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [ ]
"SUPERAntiSpyware"="G:\Patrick's Stuff\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 13:46 28160 C:\WINDOWS\KHALMNPR.Exe]
"CTHelper"="CTHELPER.EXE" [2006-08-11 13:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-12-23 17:58 18944 C:\WINDOWS\SYSTEM32\CTXFIHLP.EXE]
"cnfgCav"="G:\Patrick's Stuff\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [2007-09-04 19:03 110592]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"iTunesHelper"="G:\Patrick's Stuff\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"COMODO Firewall Pro"="G:\Patrick's Stuff\Program Files\Comodo\cfp.exe" [2007-12-29 18:23 1481472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-10-11 21:03 439568]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-08-11 10:46:15]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= G:\Patrick's Stuff\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
G:\Patrick's Stuff\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 G:\Patrick's Stuff\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
monln.dll 2007-09-04 19:03 216576 C:\WINDOWS\SYSTEM32\monln.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet k series) - 1.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet k series) - 1.lnk
backup=C:\WINDOWS\pss\HPAiODevice(hp officejet k series) - 1.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Patrick^Start Menu^Programs^Startup^Event Reminder.lnk]
backup=C:\WINDOWS\pss\Event Reminder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 12:28 684032 --a--c--- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
G:\Patrick's Stuff\Program Files\BitTorrent\bittorrent.exe --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
2002-09-30 01:00 45056 --a--c--- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2007-12-23 19:40 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2002-10-29 09:18 49152 --a--c--- C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
2001-07-25 10:00 241714 --a--c--- C:\Program Files\Microsoft Money\System\Activation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe]
C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 15:57 153136 --a------ C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 11:00 49152 --a--c--- G:\Patrick's Stuff\Program Files\OmniPage SE\OpwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 02:43 83608 --a--c--- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_7 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 01:00 90112 --a--c--- C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP Tools]
C:\Program Files\XP Tools\xptools.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"NwSapAgent"=2 (0x2)
"McTskshd.exe"=2 (0x2)
"McRedirector"=2 (0x2)
"McODS"=2 (0x2)
"McNASvc"=2 (0x2)
"McLogManagerService"=2 (0x2)
"NMap"=2 (0x2)
"DNADownloader"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"McAfee HackerWatch Service"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"WZCSVC"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"TapiSrv"=3 (0x3)
"Spooler"=2 (0x2)
"SCardSvr"=3 (0x3)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"RPCSEO"=2 (0x2)
"NetSvc"=3 (0x3)
"MSFtpsvc"=2 (0x2)
"mcpromgr"=2 (0x2)
"mcmispupdmgr"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"KodakCCS"=3 (0x3)
"IDriverT"=3 (0x3)
"Crypkey License"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"aawservice"=2 (0x2)

R0 Cavasm;Cavasm;C:\WINDOWS\system32\DRIVERS\cavasm.sys [2007-09-04 19:03]
R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sonypvl3.sys [2007-09-08 10:46]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-12-29 18:23]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-12-29 18:23]
R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sonypvf3.sys [2004-11-15 13:55]
R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sonypvt3.sys [2004-12-06 14:26]
R1 vcdrom;Virtual CD-ROM Device Driver;C:\Documents and Settings\Patrick\Desktop\Mods\VCdRom.sys [2001-12-19 10:45]
S1 sonypvd3;Sony DVD Handycam;C:\WINDOWS\system32\DRIVERS\sonypvd3.sys [2004-12-07 15:00]
S2 Comodo Anti-Virus and Anti-Spyware Service;Comodo Anti-Virus and Anti-Spyware Service;"C:\Program Files\Comodo\common\CAVASpy\cavasm.exe" []
S2 RPCT;Remote Procedure Call (TPM);C:\Program Files\Common Files\Microsoft Shared\Speech\mstinit.exe [2004-12-02 22:03]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 12:11]
S3 BOCDRIVE;BOClean Kernel Monitor.;G:\Patrick's Stuff\Program Files\BOCDRIVE.sys []
S3 hdnuxsirnc;hdnuxsirnc;G:\Patrick's Stuff\G_Lide\hdnuxsirnc.sys []
S3 kix;kix;G:\Patrick's Stuff\Firefox\kix.sys []
S3 lc3pkt_2.1;LC3 Packet Driver;C:\Program Files\@stake\LC4\lc3pkt.sys []
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;G:\Patrick's Stuff\Program Files\Sniffer\usft_sn4.sys [2007-11-12 23:10]
S3 XSHARK;XSHARK Driver (xshark.sys);C:\WINDOWS\system32\Drivers\xshark.sys [2003-01-31 06:41]
S4 RPCSEO;Remote Procedure Call (RPC) Se;C:\Program Files\Intel\service [2007-09-23 13:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49ed17f4-bda8-11da-8497-0007e9560613}]
\Shell\AutoRun\command - H:\JDSecure\Windows\JDSecure20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57fe71cf-0d87-11d8-8032-0048542290d5}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{874ef91e-1e0d-11d8-8057-0048542290d5}]
\Shell\AutoRun\command - H:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-26 12:26:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-07-25 04:40:38 C:\WINDOWS\Tasks\Backup_2.job"
- C:\WINDOWS\system32\ntbackup.exegbackup
"2005-08-01 04:09:45 C:\WINDOWS\Tasks\Backup_3.job"
- C:\WINDOWS\system32\ntbackup.exegbackup
"2005-07-23 19:24:40 C:\WINDOWS\Tasks\Backup_4.job"
- C:\WINDOWS\system32\ntbackup.exegbackup
"2007-12-30 23:00:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (D8RG9L31-Grace).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2006-07-28 21:00:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (D8RG9L31-Patrick).job"
- c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
"2007-12-31 06:48:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 10:17:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\guard32.dll
C:\Program Files\Common Files\Microsoft Shared\Speech\GWTWNP.DAT
.
Completion time: 2008-01-01 10:35:44 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 15:35:38
C:\qoobox\ComboFix2.txt 2007-12-30 16:14:04
C:\qoobox\ComboFix3.txt 2007-12-30 05:18:03
C:\qoobox\ComboFix4.txt 2007-12-30 00:30:13
.
2007-12-22 14:51:00 --- E O F ---

Ried · 12-31-2007, 12:09 PM

Quote:

Unfortunately, I have also spent my morning snowblowing (New Hampshire weather...ten inches of snow

By all means, being able to get out of the driveway takes precedence.

We've been lucky here so far this winter. I've only been hit with 1 or 2 Lake Effect snow events so far...

Quote:

We've got Quicktime being reported as infected by Kaspersky, but not Messenger--yet Messenger is in the log produced by RenV.

According to RenV log, Quicktime does not have a legit file replacement onboard. Let's just get rid of it and download fresh when we're through cleaning the system.

-----------------------------------------------------------------

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

Close any open browsers.

--------------------------------------------------------------------

Go to your Add/Remove programs panel and uninstall Quicktime. Ignore any prompt to reboot if asked.

-----------------------------------------------------------------

Double click RenV.exe to run it again--it will produce a fresh Log.txt

-----------------------------------------------------------------

We still have files that got renamed by the infection. It added an extra space into the filename.

Example:

Original Name: "msmsgs.exe"
Name modified by the infection: "msmsgs .exe"

Refering to the picture above, drag Log.txt into RenV.exe

When finished, it shall produce a new log for you. Post that log in your next reply.

--------------------------------------------------------------

Reboot your system.

--------------------------------------------------------------

Run ComboFix.exe again, by double clicking on it.

--------------------------------------------------------------

Post both logs here for further review.

rpmccaffrey · 12-31-2007, 10:30 PM

Happy New Year, Ried! I hope you're not spending your evening up reading other people's computer problems, but here are the logs you asked for.
----------------------------------------------------------------
First is the RenV log. Before I drag-and-dropped it in it looked like:

Code:

Ran on Tue 01/01/2008 - 19:15:12.23

----a-w         1,694,208 2008-01-01 23:57:54  C:\Program Files\Messenger\msmsgs .exe
----a-w            81,920 2008-01-01 14:41:52  C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd .exe
----a-w            15,360 2008-01-01 14:41:52  C:\WINDOWS\SYSTEM32\ctfmon .exe

 Entries:                3  (3)
 Directories:            0  Files:             3
 Bytes:          1,791,488  Blocks:        3,499

While it was running it said something to the effect of "File C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd .e

12-29-2007, 09:36 AM	#21 (permalink)
rpmccaffrey Registered User Join Date: Dec 2007 Location: Hopkinton, NH Posts: 21 OS: Windows XP, SP2	Re: Issue with Explorer Double-Post and i can't seem to figure out how to delete a post. Last edited by rpmccaffrey : 12-29-2007 at 09:53 AM.

12-29-2007, 09:49 AM	#22 (permalink)
rpmccaffrey Registered User Join Date: Dec 2007 Location: Hopkinton, NH Posts: 21 OS: Windows XP, SP2	Re: Issue with Explorer Okay, sorry about all the confusion. Hopefully we're on the same page now. ComboFix 07-12-25.2 - Patrick 2007-12-30 11:05:32.9 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.396 [GMT -5:00] Running from: C:\Documents and Settings\Patrick\Desktop\TSF\ComboFix.exe . The following files were disabled during the run: C:\WINDOWS\system32\guard32.dll ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 ))))))))))))))))))))))))))))))) . 2007-12-29 19:56 . 2007-12-29 19:56 <DIR> d-------- C:\Program Files\AskPBar 2007-12-29 18:23 . 2007-12-29 18:23 139,008 --a------ C:\WINDOWS\SYSTEM32\guard32.dll.vir 2007-12-29 18:23 . 2007-12-29 18:23 81,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cmdGuard.sys 2007-12-29 18:23 . 2007-12-29 18:23 23,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cmdhlp.sys 2007-12-29 18:21 . 2007-12-29 18:21 <DIR> d-------- C:\Program Files\New Folder 2007-12-24 14:29 . 2007-12-30 10:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-24 14:29 . 2007-12-24 14:29 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-24 10:50 . 2007-12-24 10:50 354,816 --a------ C:\WINDOWS\SYSTEM32\OLD68.tmp 2007-12-23 18:15 . 2007-12-23 18:15 <DIR> d----c--- C:\VundoFix Backups 2007-12-23 18:09 . 2007-12-23 18:09 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab 2007-12-23 18:09 . 2007-12-23 18:09 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-12-23 16:53 . 2007-12-24 10:48 169,984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msconfig.exe 2007-12-23 13:57 . 2007-12-23 17:58 18,944 --a------ C:\WINDOWS\SYSTEM32\CTXFIHLP.EXE 2007-12-23 09:25 . 2007-12-30 00:37 4,958,588 --a------ C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.BAK 2007-12-22 21:53 . 2007-12-22 21:53 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-22 21:05 . 2007-12-23 19:40 15,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ctfmon.exe 2007-12-22 21:05 . 2007-12-23 19:40 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon.exe 2007-12-22 20:03 . 2007-12-22 20:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-12-22 20:02 . 2007-12-22 20:02 <DIR> d-------- C:\Documents and Settings\Patrick\Application Data\SUPERAntiSpyware.com 2007-12-22 19:32 . 2007-12-23 18:15 <DIR> d-------- C:\Documents and Settings\Patrick\.housecall6.6 2007-12-22 14:56 . 2007-12-22 14:56 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-21 23:23 . 2007-12-21 23:23 <DIR> d-------- C:\Documents and Settings\Patrick\Application Data\Armagetron 2007-12-21 23:23 . 2007-12-21 23:23 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Armagetron 2007-12-21 18:43 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\SYSTEM32\spmsg2.dll 2007-12-21 18:29 . 2007-12-21 18:29 <DIR> d-------- C:\Program Files\MSXML 6.0 2007-12-21 18:25 . 2007-12-21 18:26 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2007-12-08 19:24 . 2007-12-08 19:24 <DIR> d-------- C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP 2007-12-02 09:39 . 2007-12-02 13:45 <DIR> d-------- C:\Documents and Settings\Patrick\Application Data\Ufasoft 2007-11-24 11:44 . 2007-12-22 16:37 <DIR> d-------- C:\Program Files\QuickTime 2007-11-21 11:38 . 2007-11-21 11:38 <DIR> d-------- C:\Documents and Settings\Patrick\Application Data\Nero 2007-11-18 12:54 . 2007-11-18 12:54 <DIR> d-------- C:\Program Files\NVIDIA Corporation 2007-11-16 20:32 . 2007-11-16 20:32 <DIR> d-------- C:\Program Files\Ventrilo 2007-11-16 16:13 . 2007-11-16 16:58 <DIR> d-------- C:\WINDOWS\NV27882364.TMP 2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx 2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts 2007-11-13 22:06 . 2007-10-11 20:57 195,096 --a------ C:\WINDOWS\SYSTEM32\lvci1150.dll 2007-11-13 22:05 . 2007-12-30 10:45 0 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\logiflt.iad 2007-11-13 22:03 . 2007-07-18 19:40 195,096 --a------ C:\WINDOWS\SYSTEM32\lvci1110.dll 2007-11-13 22:01 . 2007-11-13 22:11 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Logishrd 2007-11-11 00:11 . 2007-11-21 11:31 69 --a------ C:\WINDOWS\NeroDigital.ini 2007-11-07 17:33 . 2007-11-07 17:33 <DIR> d-------- C:\Documents and Settings\Patrick\My Games 2007-11-07 17:33 . 2007-11-07 17:33 <DIR> d----c--- C:\Documents and Settings\All Users\Microsoft 2007-11-04 21:11 . 2007-11-04 21:11 <DIR> d-------- C:\Program Files\Nero 2007-11-04 21:11 . 2007-11-04 21:16 <DIR> d-------- C:\Program Files\Common Files\Nero 2007-11-04 21:11 . 2007-11-04 21:11 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Nero . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-30 15:45 0 -c--a-w C:\WINDOWS\system32\drivers\lvuvc.hs 2007-12-30 05:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL 2007-12-30 05:12 --------- d-----w C:\Program Files\Common Files\aol 2007-12-30 01:29 --------- d-----w C:\Program Files\MSN Apps 2007-12-30 00:48 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Aim 2007-12-29 23:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\Comodo 2007-12-29 23:49 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Comodo 2007-12-24 15:48 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe 2007-12-24 03:05 --------- d-----w C:\Program Files\Intel 2007-12-23 19:03 --------- d-----w C:\Program Files\Microsoft ActiveSync 2007-12-23 00:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-12-22 23:50 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-22 19:56 --------- d-----w C:\Program Files\Lavasoft 2007-12-22 01:43 --------- d-----w C:\Documents and Settings\Patrick\Application Data\My Battle for Middle-earth(tm) II Files 2007-12-16 19:29 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Canon 2007-12-16 18:32 --------- d-----w C:\Program Files\MSECACHE 2007-12-09 00:23 --------- d-----w C:\Documents and Settings\Grace\Application Data\Comodo 2007-12-08 00:25 --------- d-----w C:\Program Files\CPP-AIO-FD 2007-12-04 20:57 --------- d-----w C:\Documents and Settings\Marcia\Application Data\Skype 2007-12-04 20:57 --------- d-----w C:\Documents and Settings\Marcia\Application Data\Comodo 2007-11-24 19:38 --------- d-----w C:\Program Files\Apple Software Update 2007-11-24 19:04 --------- d-----w C:\Program Files\iPod 2007-11-21 17:37 --------- d-----w C:\Program Files\Mozilla Thunderbird 2007-11-21 17:37 --------- d-----w C:\Program Files\Google 2007-11-21 16:44 --------- d-----w C:\Program Files\Viewpoint 2007-11-21 16:44 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Viewpoint 2007-11-21 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-11-21 16:24 --------- d-----w C:\Program Files\Common Files\Real 2007-11-21 16:22 --------- d-----w C:\Program Files\DHzer0point ForceWare Drivers 2007-11-18 17:55 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-14 03:07 --------- d-----w C:\Program Files\Common Files\LogiShrd 2007-11-14 03:03 --------- d-----w C:\Program Files\Common Files\Logitech 2007-11-14 03:01 --------- d-----w C:\Program Files\Logitech 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-02 00:54 21,840 -c--atw C:\WINDOWS\SYSTEM32\SIntfNT.dll 2007-11-02 00:54 17,212 -c--atw C:\WINDOWS\SYSTEM32\SIntf32.dll 2007-11-02 00:54 12,067 -c--atw C:\WINDOWS\SYSTEM32\SIntf16.dll 2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll 2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll 2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\shell32(2).dll 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll 2007-10-24 06:47 96,760 ----a-w C:\WINDOWS\SYSTEM32\dfshim.dll 2007-10-24 06:47 84,480 ----a-w C:\WINDOWS\SYSTEM32\mscories.dll 2007-10-24 06:47 282,112 ----a-w C:\WINDOWS\SYSTEM32\mscoree.dll 2007-10-24 06:47 158,720 ----a-w C:\WINDOWS\SYSTEM32\mscorier.dll 2007-10-21 15:37 82,960 -c--a-w C:\Documents and Settings\Patrick\Application Data\GDIPFONTCACHEV1.DAT 2007-10-12 02:00 490,008 ----a-w C:\WINDOWS\SYSTEM32\LVUI2.dll 2007-10-12 02:00 465,432 ----a-w C:\WINDOWS\SYSTEM32\LVUI2RC.dll 2007-10-12 01:57 416,280 ----a-w C:\WINDOWS\SYSTEM32\lvcodec2.dll 2007-10-12 01:18 21,138 ----a-w C:\WINDOWS\SYSTEM32\Repository.reg 2007-10-04 22:14 81,920 ----a-w C:\WINDOWS\SYSTEM32\nvwddi.dll 2007-10-04 22:14 81,920 ----a-w C:\WINDOWS\SYSTEM32\nvmctray.dll 2007-10-04 22:14 8,491,008 ----a-w C:\WINDOWS\SYSTEM32\nvcpl.dll 2007-10-04 22:14 753,664 ----a-w C:\WINDOWS\SYSTEM32\nvcplui.exe 2007-10-04 22:14 6,854,464 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\nv4_mini.sys 2007-10-04 22:14 6,750,208 ----a-w C:\WINDOWS\SYSTEM32\nvoglnt.dll 2007-10-04 22:14 6,344,704 ----a-w C:\WINDOWS\SYSTEM32\nvdisps.dll 2007-10-04 22:14 5,783,424 ----a-w C:\WINDOWS\SYSTEM32\nv4_disp.dll 2007-10-04 22:14 466,944 ----a-w C:\WINDOWS\SYSTEM32\nvshell.dll 2007-10-04 22:14 45,056 ----a-w C:\WINDOWS\SYSTEM32\nvmccsrs.dll 2007-10-04 22:14 442,368 ----a-w C:\WINDOWS\SYSTEM32\nvappbar.exe 2007-10-04 22:14 425,984 ----a-w C:\WINDOWS\SYSTEM32\keystone.exe 2007-10-04 22:14 364,544 ----a-w C:\WINDOWS\SYSTEM32\nvapi.dll 2007-10-04 22:14 36,864 ----a-w C:\WINDOWS\SYSTEM32\nvcodins.dll 2007-10-04 22:14 36,864 ----a-w C:\WINDOWS\SYSTEM32\nvcod.dll 2007-10-04 22:14 307,200 ----a-w C:\WINDOWS\SYSTEM32\nvexpbar.dll 2007-10-04 22:14 3,551,232 ----a-w C:\WINDOWS\SYSTEM32\nvvitvs.dll 2007-10-04 22:14 3,334,144 ----a-w C:\WINDOWS\SYSTEM32\nvgames.dll 2007-10-04 22:14 286,720 ----a-w C:\WINDOWS\SYSTEM32\nvnt4cpl.dll 2007-10-04 22:14 229,376 ----a-w C:\WINDOWS\SYSTEM32\nvmccs.dll 2007-10-04 22:14 2,371,584 ----a-w C:\WINDOWS\SYSTEM32\nvwss.dll 2007-10-04 22:14 188,416 ----a-w C:\WINDOWS\SYSTEM32\nvmccss.dll 2007-10-04 22:14 155,716 ----a-w C:\WINDOWS\SYSTEM32\nvsvc32.exe 2007-10-04 22:14 147,456 ----a-w C:\WINDOWS\SYSTEM32\nvcolor.exe 2007-10-04 22:14 1,703,936 ----a-w C:\WINDOWS\SYSTEM32\nvwdmcpl.dll 2007-10-04 22:14 1,626,112 ----a-w C:\WINDOWS\SYSTEM32\nwiz.exe 2007-10-04 22:14 1,478,656 ----a-w C:\WINDOWS\SYSTEM32\nview.dll 2007-10-04 22:14 1,339,392 ----a-w C:\WINDOWS\SYSTEM32\nvdspsch.exe 2007-10-04 22:14 1,150,976 ----a-w C:\WINDOWS\SYSTEM32\nvmobls.dll 2007-10-04 22:14 1,019,904 ----a-w C:\WINDOWS\SYSTEM32\nvwimg.dll 2007-09-20 21:21 43,520 -c--a-w C:\WINDOWS\SYSTEM32\CmdLineExt03.dll 2007-09-20 14:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2007-09-20 14:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-09-20 14:55 95,600 ----a-w C:\WINDOWS\SYSTEM32\NeroCo.dll 2007-09-17 06:10 356,352 -c--a-w C:\WINDOWS\SYSTEM32\NVUNINST.EXE 2007-09-17 06:10 356,352 -c--a-w C:\WINDOWS\SYSTEM32\nvudisp.exe 2007-09-11 09:17 81,920 -c--a-w C:\WINDOWS\SYSTEM32\frapsvid.dll 2007-09-05 00:03 73,728 ----a-w C:\WINDOWS\SYSTEM32\CavEmLSP.dll 2007-09-05 00:03 499,712 ----a-w C:\WINDOWS\SYSTEM32\msvcp71.dll 2007-09-05 00:03 434,252 -c--a-w C:\WINDOWS\SYSTEM32\MSVCRTD.DLL 2007-09-05 00:03 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll 2007-09-05 00:03 216,576 ----a-w C:\WINDOWS\SYSTEM32\monln.dll 2007-09-05 00:03 1,060,864 -c--a-w C:\WINDOWS\SYSTEM32\MFC71.dll 2007-06-27 23:57 77,160 -c--a-w C:\Documents and Settings\Marcia\Application Data\GDIPFONTCACHEV1.DAT 2007-06-22 14:27 1,112 -c--a-w C:\Documents and Settings\Patrick\Application Data\ViewerApp.dat 2007-04-08 23:48 32 -c--a-r C:\Documents and Settings\All Users\hash.dat 2006-06-01 21:24 71,248 -c--a-w C:\Documents and Settings\Grace\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot@2007-12-23_12.42.27.26 ))))))))))))))))))))))))))))))))))))))))) . + 2007-09-21 20:53:44 385,536 ----a-w C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll - 2007-12-23 15:03:01 15,086 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ARPPRODUCTICON.exe + 2007-12-26 03:46:46 15,086 -c--a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ARPPRODUCTICON.exe - 2007-12-23 15:03:01 15,086 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\DesktopShortcut_10110FE91EE84A3DADFD1294F86BE5FC.exe + 2007-12-26 03:46:47 15,086 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\DesktopShortcut_10110FE91EE84A3DADFD1294F86BE5FC.exe - 2007-12-23 15:03:01 53,248 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ProgramGroupShortcut_EFA2BBEBCF93493B904B1B970B8DFAB6.exe + 2007-12-26 03:46:47 53,248 ----a-r C:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ProgramGroupShortcut_EFA2BBEBCF93493B904B1B970B8DFAB6.exe - 2007-11-24 01:12:08 74,616 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\inspect.sys + 2007-12-29 23:23:07 75,384 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\inspect.sys - 2007-04-24 00:56:40 217,586 -c--a-w C:\WINDOWS\SYSTEM32\INETSRV\MetaBase.bin + 2007-12-30 15:48:26 217,037 ----a-w C:\WINDOWS\SYSTEM32\INETSRV\MetaBase.bin + 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll + 2007-12-30 15:46:40 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_40c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SB Audigy 2 Startup Menu"="/L:ENG" [] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-23 19:40] "DAEMON Tools"="G:\Patrick's Stuff\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 17:29] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-12-29 19:24] "SUPERAntiSpyware"="G:\Patrick's Stuff\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 13:46 C:\WINDOWS\KHALMNPR.Exe] "CTHelper"="CTHELPER.EXE" [2006-08-11 13:56 C:\WINDOWS\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2007-12-23 17:58 C:\WINDOWS\SYSTEM32\CTXFIHLP.EXE] "cnfgCav"="G:\Patrick's Stuff\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [2007-09-04 19:03] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 02:56 C:\WINDOWS\SYSTEM32\rundll32.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 02:56 C:\WINDOWS\SYSTEM32\rundll32.exe] "iTunesHelper"="G:\Patrick's Stuff\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11] "COMODO Firewall Pro"="G:\Patrick's Stuff\Program Files\Comodo\cfp.exe" [2007-12-29 18:23] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-10-11 21:03] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-08-11 10:46:15] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= G:\Patrick's Stuff\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] G:\Patrick's Stuff\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 G:\Patrick's Stuff\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln] monln.dll 2007-09-04 19:03 216576 C:\WINDOWS\SYSTEM32\monln.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet k series) - 1.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet k series) - 1.lnk backup=C:\WINDOWS\pss\HPAiODevice(hp officejet k series) - 1.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk] backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk] backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Patrick^Start Menu^Programs^Startup^Event Reminder.lnk] backup=C:\WINDOWS\pss\Event Reminder.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] 2002-12-17 12:28 684032 --a--c--- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] G:\Patrick's Stuff\Program Files\BitTorrent\bittorrent.exe --force_start_minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet] 2002-09-30 01:00 45056 --a--c--- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2007-12-23 19:40 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] 2002-10-29 09:18 49152 --a--c--- C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] \Program\ [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0] 2001-07-25 10:00 241714 --a--c--- C:\Program Files\Microsoft Money\System\Activation.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 15:57 153136 --a------ C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2] 2003-05-08 11:00 49152 --a--c--- G:\Patrick's Stuff\Program Files\OmniPage SE\OpwareSE2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-03-14 02:43 83608 --a--c--- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_7 -reboot 1 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 01:00 90112 --a--c--- C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP Tools] C:\Program Files\XP Tools\xptools.exe /min [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPodService"=3 (0x3) "NwSapAgent"=2 (0x2) "McTskshd.exe"=2 (0x2) "McRedirector"=2 (0x2) "McODS"=2 (0x2) "McNASvc"=2 (0x2) "McLogManagerService"=2 (0x2) "NMap"=2 (0x2) "DNADownloader"=2 (0x2) "StarWindServiceAE"=2 (0x2) "McAfee HackerWatch Service"=2 (0x2) "gusvc"=3 (0x3) "GoogleDesktopManager"=3 (0x3) "Viewpoint Manager Service"=2 (0x2) "WZCSVC"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "TapiSrv"=3 (0x3) "Spooler"=2 (0x2) "SCardSvr"=3 (0x3) "SandraTheSrv"=3 (0x3) "SandraDataSrv"=3 (0x3) "RPCSEO"=2 (0x2) "NetSvc"=3 (0x3) "MSFtpsvc"=2 (0x2) "mcpromgr"=2 (0x2) "mcmispupdmgr"=2 (0x2) "LVSrvLauncher"=2 (0x2) "LVPrcSrv"=2 (0x2) "LVCOMSer"=2 (0x2) "KodakCCS"=3 (0x3) "IDriverT"=3 (0x3) "Crypkey License"=2 (0x2) "Apple Mobile Device"=2 (0x2) "Adobe LM Service"=3 (0x3) "aawservice"=2 (0x2) R0 Cavasm;Cavasm;C:\WINDOWS\system32\DRIVERS\cavasm.sys [2007-09-04 19:03] R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sonypvl3.sys [2007-09-08 10:46] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-12-29 18:23] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-12-29 18:23] R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sonypvf3.sys [2004-11-15 13:55] R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sonypvt3.sys [2004-12-06 14:26] R1 vcdrom;Virtual CD-ROM Device Driver;C:\Documents and Settings\Patrick\Desktop\Mods\VCdRom.sys [2001-12-19 10:45] R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys [2002-06-20 20:45] R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys [2002-06-20 20:45] S1 sonypvd3;Sony DVD Handycam;C:\WINDOWS\system32\DRIVERS\sonypvd3.sys [2004-12-07 15:00] S2 Comodo Anti-Virus and Anti-Spyware Service;Comodo Anti-Virus and Anti-Spyware Service;"C:\Program Files\Comodo\common\CAVASpy\cavasm.exe" [] S2 RPCT;Remote Procedure Call (TPM);C:\Program Files\Common Files\Microsoft Shared\Speech\mstinit.exe [2004-12-02 22:03] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 12:11] S3 BOCDRIVE;BOClean Kernel Monitor.;G:\Patrick's Stuff\Program Files\BOCDRIVE.sys [] S3 hdnuxsirnc;hdnuxsirnc;G:\Patrick's Stuff\G_Lide\hdnuxsirnc.sys [] S3 kix;kix;G:\Patrick's Stuff\Firefox\kix.sys [] S3 lc3pkt_2.1;LC3 Packet Driver;C:\Program Files\@stake\LC4\lc3pkt.sys [] S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys [2004-02-04 10:27] S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;G:\Patrick's Stuff\Program Files\Sniffer\usft_sn4.sys [2007-11-12 23:10] S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys [2002-06-20 20:45] S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys [2002-06-20 20:45] S3 XSHARK;XSHARK Driver (xshark.sys);C:\WINDOWS\system32\Drivers\xshark.sys [2003-01-31 06:41] S4 RPCSEO;Remote Procedure Call (RPC) Se;C:\Program Files\Intel\service [2007-09-23 13:38] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49ed17f4-bda8-11da-8497-0007e9560613}] \Shell\AutoRun\command - H:\JDSecure\Windows\JDSecure20.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57fe71cf-0d87-11d8-8032-0048542290d5}] \Shell\AutoRun\command - H:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{874ef91e-1e0d-11d8-8057-0048542290d5}] \Shell\AutoRun\command - H:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder "2007-12-26 12:26:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2005-07-25 04:40:38 C:\WINDOWS\Tasks\Backup_2.job" - C:\WINDOWS\system32\ntbackup.exegbackup "2005-08-01 04:09:45 C:\WINDOWS\Tasks\Backup_3.job" - C:\WINDOWS\system32\ntbackup.exegbackup "2005-07-23 19:24:40 C:\WINDOWS\Tasks\Backup_4.job" - C:\WINDOWS\system32\ntbackup.exegbackup "2007-12-23 23:00:06 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (D8RG9L31-Grace).job" - c:\program files\mcafee.com\vso\mcmnhdlr.exe "2006-07-28 21:00:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (D8RG9L31-Patrick).job" - c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe "2007-12-26 06:48:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************ scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\guard32.dll PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\WINDOWS\system32\guard32.dll . Completion time: 2007-12-30 11:14:02 C:\ComboFix2.txt ... 2007-12-30 00:18 C:\ComboFix3.txt ... 2007-12-29 19:30 . 2007-12-22 14:51:00 --- E O F ---

12-29-2007, 09:59 PM	#23 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 20,048 OS: WinXP and Vista	Re: Issue with Explorer Please run a new scan at Kaspersky and save the results to post in your next reply. Also, delete your existing Log.txt and run RenV.exe again. Post that new Log.txt here as well. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

12-30-2007, 09:26 PM	#24 (permalink)
rpmccaffrey Registered User Join Date: Dec 2007 Location: Hopkinton, NH Posts: 21 OS: Windows XP, SP2	Re: Issue with Explorer trimmed Kaspersky report "C:\Program Files\QuickTime\QTTask.exe" "C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\xkfsnuzm.dll.vir" "C:\qoobox\Quarantine\C\Documents and Settings\Patrick\Local Settings\Temp\TMP959.tmp.vir" "C:\qoobox\Quarantine\C\Documents and Settings\Patrick\Local Settings\Temp\TMPCF.tmp.vir" "C:\qoobox\Quarantine\C\Program Files\Canqzrac\dodahxga.dll.vir" "C:\qoobox\Quarantine\C\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe.vir" "C:\qoobox\Quarantine\C\Program Files\Logitech\QuickCam\Quickcam.exe.vir" "C:\qoobox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir" "C:\qoobox\Quarantine\C\Program Files\Outerinfo\OuterinfoUpdate.exe.vir" "C:\qoobox\Quarantine\C\Program Files\vqlitsfe\dorwjgtw.dll.vir" "C:\qoobox\Quarantine\C\WINDOWS\Intel.DLL.vir" "C:\qoobox\Quarantine\C\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe.tmp.vir" "C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\ctfmon(2).exe.vir" "C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\ctfmon.exe.tmp.vir" "C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\hggfged.dll.vir" "C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\njprckha\njprckha1.exe.vir" "C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\njprckha\njprckha2.exe.vir" "C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\njprckha\njprckha3.exe.vir" "C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\OLD103.tmp.vir" "C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\ssqrp(2).dll.vir" "C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\ssqrp.dll.vir" "C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\ssqrp.exe.vir" "C:\qoobox\Quarantine\catchme2007-12-23_123955.57.zip" "C:\qoobox\Quarantine\catchme2007-12-23_175737.42.zip" "C:\qoobox\Quarantine\D\Program Files\World of Warcraft\Interface\AddOns\WOWEcon.exe.vir" "C:\qoobox\Quarantine\G\Patrick's Stuff\Hack1\ophcrack\win32_tools\LsaExt.dll.vir" "C:\qoobox\Quarantine\G\Patrick's Stuff\Hack1\ophcrack\win32_tools\pwservice.exe.vir" "C:\qoobox\Quarantine\G\Patrick's Stuff\Torrent\Warcraft III Reign of Chaos and The Frozen Throne + Crack +Patch War3TFT_121a_English\Files\Warcraft3keygen.exe.exe.vir" "C:\RECYCLER\S-1-5-21-2243144081-4092077250-658685947-1007\Dc1\bar\2.bin\ASKPBAR.DLL" "C:\WINDOWS\SYSTEM32\OLD68.tmp" "C:\WINDOWS\SYSTEM32\ssqrp.dll" "C:\WINDOWS\SYSTEM32\ssqrp.exe" ===== Details ===== Number of items = 379 C:\Program Files\QuickTime\QTTask.exe ------> AdWare.Win32.Virtumonde.cli skipped C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\xkfsnuzm.dll.vir ------> Trojan.Win32.Obfuscated.mi skipped C:\qoobox\Quarantine\C\Documents and Settings\Patrick\Local Settings\Temp\TMP959.tmp.vir ---more entries in backups-- C:\WINDOWS\SYSTEM32\OLD68.tmp ------> AdWare.Win32.Virtumonde.cli skipped C:\WINDOWS\SYSTEM32\ssqrp.dll ------> AdWare.Win32.Virtumonde.dgy skipped C:\WINDOWS\SYSTEM32\ssqrp.exe ------> AdWare.Win32.Virtumonde.cli skipped RenV Log: Code: Ran on Mon 12/31/2007 - 23:22:33.14 ----a-w 1,694,208 2008-01-01 00:53:40 C:\Program Files\Messenger\msmsgs .exe Entries: 1 (1) Directories: 0 Files: 1 Bytes: 1,694,208 Blocks: 3,309 ----------------------------------------------------------------------- I am still not sure what is totally safe to trim off the Kasper Sky log myself, so as much as I would like to help, i think it is best if i leave that in your hands. Here it is: KS_12-30.txt Last edited by Ried : 12-30-2007 at 09:40 PM.

12-30-2007, 09:47 PM	#25 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 20,048 OS: WinXP and Vista	Re: Issue with Explorer I'd like to hit this hard and fast, if you can stick around. We've got Quicktime being reported as infected by Kaspersky, but not Messenger--yet Messenger is in the log produced by RenV. Delete your existing ComboFix.exe as the tool has once again been updated. Download it again from any of these locations: Link 1 Link 2 Link 3 Note: It is important that it is saved directly to your desktop -------------------------------------------------------------------- 1. Disconnect from the internet. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. -------------------------------------------------------------------- Open notepad and copy/paste the text in the code box below into it: Code: File:: C:\WINDOWS\SYSTEM32\OLD68.tmp C:\WINDOWS\SYSTEM32\ssqrp.dll C:\WINDOWS\SYSTEM32\ssqrp.exe Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Please post the C:\ComboFix.txt __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."