IE hijacks and spyware ads

mikeyg98 · 03-17-2008, 08:12 PM

IE is goes to other sites, mostly ebay, search engines or other normal sites.
Ads within both IE and Firefox pages are replaced with sex-oriented ads.
Firefox randomly can take up to five minutes to display a page. Other times it works normally.

Panda online scan

Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Michael Greene\Cookies\michael_greene@ad.yieldmanager[1].txt
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Michael Greene\Local Settings\Temporary Internet Files\Content.IE5\HHTRB911\hctp[2]
Possible Virus. Not disinfected C:\Program Files\asys\stb.exe
Possible Virus. Not disinfected C:\Program Files\CMAPP\cmappstub.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\bxyuaonk.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\cvywfklc.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\fmvdihvk.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\pbjkpkqi.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\tvrfhgru.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\vhuyflsi.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\wjceaals.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\wjvpkuua.dll

DSS

Deckard's System Scanner v20071014.68
Run by Michael Greene on 2008-03-17 18:03:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Michael Greene.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:03:42 PM, on 3/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Michael Greene\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MICHAE~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\SYSTEM32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\SYSTEM32\mouse_configurator.win
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25BE2418-6C95-418F-BE03-0D9B9354A167} - C:\WINDOWS\system32\efccbcc.dll (file missing)
O2 - BHO: {758e5555-a4fe-d1cb-70c4-963cbbc84a72} - {27a48cbb-c369-4c07-bc1d-ef4a5555e857} - C:\WINDOWS\system32\qgwphfko.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B175C66D-4624-4179-9CB8-C87463647F05} - C:\WINDOWS\system32\mljge.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BMe465e73a] Rundll32.exe "C:\WINDOWS\system32\qwsaahim.dll",s
O4 - HKLM\..\Run: [e756d4a6] rundll32.exe "C:\WINDOWS\system32\toybshio.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Coast to Coast AM] C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Policies\Explorer\Run: [csnob.exe] C:\WINDOWS\system\csnob.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Timex Data Link USB Launcher.lnk = C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O15 - Trusted Zone: *.morwillsearch.com
O16 - DPF: ConferenceRoom Java Client - http://pix.sexyads.net:8080/java/cr.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanc...instmodule.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/inst...l/pinstall.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://61.60.112.230/activex/AMC.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-306.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcophotocenter.com/CostcoUpload.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/act...CamControl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O20 - Winlogon Notify: efccbcc - efccbcc.dll (file missing)
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\pbpusd.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\SYSTEM32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe

--
End of file - 13691 bytes

-- Files created between 2008-02-17 and 2008-03-17 -----------------------------

2008-03-17 17:46:42 0 d-------- C:\ie-spyad_zo
2008-03-16 23:27:05 0 d-------- C:\WINDOWS\LastGood
2008-03-16 22:17:31 99904 --a------ C:\WINDOWS\system32\qgwphfko.dll
2008-03-16 22:14:28 92224 --a------ C:\WINDOWS\system32\toybshio.dll
2008-03-16 22:11:28 95296 --a------ C:\WINDOWS\system32\qwsaahim.dll
2008-03-15 22:18:42 94272 -----n--- C:\WINDOWS\system32\mfonxvks.dll
2008-03-15 22:15:41 98368 --a------ C:\WINDOWS\system32\hmfeapee.dll
2008-03-15 22:09:41 98368 --a------ C:\WINDOWS\system32\nisjsprp.dll
2008-03-14 22:12:40 92224 --a------ C:\WINDOWS\system32\asdmjtim.dll
2008-03-14 22:09:40 98368 --a------ C:\WINDOWS\system32\ixuegpyk.dll
2008-03-14 22:07:54 96832 --a------ C:\WINDOWS\system32\hbvvhhju.dll
2008-03-13 19:44:04 93760 --a------ C:\WINDOWS\system32\kdrvsudx.dll
2008-03-13 19:42:01 90176 --a------ C:\WINDOWS\system32\fsdfdeyn.dll
2008-03-12 00:58:06 93248 --a------ C:\WINDOWS\system32\wovfinjo.dll
2008-03-12 00:55:05 90688 --a------ C:\WINDOWS\system32\albxjodg.dll
2008-03-11 00:58:05 93760 --a------ C:\WINDOWS\system32\jqlxqwjt.dll
2008-03-11 00:55:05 89152 --a------ C:\WINDOWS\system32\pbjkpkqi.dll
2008-03-10 00:59:51 91200 --a------ C:\WINDOWS\system32\yqugwtdv.dll
2008-03-10 00:53:51 89664 --a------ C:\WINDOWS\system32\fmvdihvk.dll
2008-03-09 00:56:49 92224 --a------ C:\WINDOWS\system32\uunfxkmf.dll
2008-03-09 00:53:49 88640 --a------ C:\WINDOWS\system32\qufkmyiu.dll
2008-03-08 00:55:52 90688 --a------ C:\WINDOWS\system32\vovidxkr.dll
2008-03-08 00:52:51 88640 --a------ C:\WINDOWS\system32\edaqelrk.dll
2008-03-07 00:55:57 96832 --a------ C:\WINDOWS\system32\ydrvxvmh.dll
2008-03-07 00:52:56 92736 --a------ C:\WINDOWS\system32\uabkhenj.dll
2008-03-06 22:34:05 0 d-------- C:\WINDOWS\Prefetch
2008-03-06 00:56:10 96320 --a------ C:\WINDOWS\system32\makxmthy.dll
2008-03-06 00:50:12 92736 --a------ C:\WINDOWS\system32\oekvfsxo.dll
2008-03-05 00:56:10 96832 --a------ C:\WINDOWS\system32\vhuyflsi.dll
2008-03-04 00:56:10 95296 --a------ C:\WINDOWS\system32\bxyuaonk.dll
2008-03-03 00:52:36 89664 --a------ C:\WINDOWS\system32\tvrfhgru.dll
2008-03-02 00:49:36 89664 --a------ C:\WINDOWS\system32\cvywfklc.dll
2008-03-01 13:59:36 89664 --a------ C:\WINDOWS\system32\wjceaals.dll
2008-03-01 02

54 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-29 21:57:47 0 d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-02-29 21:56:40 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-02-29 21:56:31 0 d-------- C:\Documents and Settings\Michael Greene\Application Data\Panda Software
2008-02-29 21:56:27 0 d-------- C:\WINDOWS\system32\PAV
2008-02-29 21:56:10 0 d-------- C:\Program Files\Panda Security
2008-02-29 21:47:44 0 d-------- C:\Program Files\Common Files\Panda Software
2008-02-29 13:59:27 88640 --a------ C:\WINDOWS\system32\srysdmdw.dll
2008-02-28 14:01:55 89664 --a------ C:\WINDOWS\system32\wjvpkuua.dll
2008-02-26 13:59:20 86080 --a------ C:\WINDOWS\system32\xutgejtk.dll
2008-02-25 19:13:54 1597 --a------ C:\WINDOWS\mozver.dat
2008-02-25 18:51:04 0 d-------- C:\Program Files\SpywareBlaster
2008-02-25 17:28:01 0 d-------- C:\Program Files\Enigma Software Group
2008-02-24 23:29:06 0 d-------- C:\Documents and Settings\Michael Greene\.housecall6.6
2008-02-24 23:17:34 0 d-------- C:\Program Files\Trend Micro
2008-02-24 22:54:13 0 d-------- C:\NVIDIA
2008-02-24 21:07:25 0 dr-h----- C:\Documents and Settings\Michael Greene\Recent
2008-02-24 20:42:39 0 d-------- C:\VundoFix Backups
2008-02-24 20:42:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-24 20:42:23 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-24 20:42:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Anvsoft
2008-02-23 19:27:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-22 06:20:51 89664 --a------ C:\WINDOWS\system32\iapkbtps.dll
2008-02-22 06:17:51 91712 --a------ C:\WINDOWS\system32\pubntywb.dll
2008-02-17 18:11:32 253733 --ahs---- C:\WINDOWS\system32\egjlm.ini2
2008-02-17 18:11:26 321536 --a------ C:\WINDOWS\system32\mljge.dll

-- Find3M Report ---------------------------------------------------------------

2008-03-17 15:41:59 0 d-------- C:\Program Files\mobile PhoneTools
2008-03-17 15:38:04 0 d-------- C:\Program Files\Google
2008-03-17 15:36:50 0 d-------- C:\Program Files\Common Files\LightScribe
2008-03-17 15:36:12 0 d-------- C:\Program Files\Coast to Coast AM Media Center
2008-03-16 18:14:25 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-03-09 17:47:39 0 d-------- C:\Program Files\AtomTime Pro
2008-03-07 17:10:01 2111496 --ah----- C:\Documents and Settings\Michael Greene\Application Data\IconCache.db
2008-03-06 22:38:43 28144 --a------ C:\Documents and Settings\Michael Greene\Application Data\GDIPFONTCACHEV1.DAT
2008-03-06 22:24:58 23388 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-29 22:53:50 5883064 --a------ C:\Program Files\DPSS0303.ZIP
2008-02-29 21:56:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-29 21:47:44 0 d-------- C:\Program Files\Common Files
2008-02-25 18:37:09 0 d-------- C:\Program Files\LimeWire
2008-02-25 17:52:53 0 d-------- C:\Documents and Settings\Michael Greene\Application Data\Mozilla
2008-02-24 23:51:30 715 --a------ C:\Documents and Settings\Michael Greene\Application Data\DSS_Wallpaper.ini
2008-02-24 22:50:01 0 d-------- C:\Program Files\SystemRequirementsLab
2008-02-24 20:42:37 0 d-------- C:\Documents and Settings\Michael Greene\Application Data\Lavasoft
2008-02-24 20:41:30 0 d-------- C:\Program Files\Common Files\Ahead
2008-02-24 20:41:20 0 d-------- C:\Program Files\AviSynth 2.5
2008-02-24 20:41:18 0 d-------- C:\Program Files\RegistryFix
2008-02-24 20:39:32 0 d-------- C:\Program Files\DVD slideshow GUI
2008-02-24 20:39:28 0 d-------- C:\Program Files\GetASFStream
2008-02-24 20:37:19 0 d-------- C:\Program Files\Picasa2
2008-02-24 20:37:09 0 d-------- C:\Program Files\Lavasoft
2008-02-20 18:37:21 0 d-------- C:\Documents and Settings\Michael Greene\Application Data\Ahead
2008-02-16 19:51:39 0 d-------- C:\Program Files\Nero
2008-02-16 19:45:43 0 d-------- C:\Program Files\Common Files\Nero
2008-02-16 15:43:27 0 d-------- C:\Documents and Settings\Michael Greene\Application Data\Media Player Classic
2008-02-16 15:36:19 0 d-------- C:\Program Files\Replay Converter
2008-02-13 23:41:31 0 --a------ C:\WINDOWS\system32\Biport
2008-02-13 03:20:15 1424 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-11 22:43:09 36352 --a------ C:\Documents and Settings\Michael Greene\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-02-08 22:05:47 0 d-------- C:\Program Files\RealArcade
2008-02-08 00:53:53 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-05 23:41:09 0 d-------- C:\Program Files\URLSnooper2
2008-01-20 09:59:12 46 --a------ C:\WINDOWS\system32\DonationCoder_urlsnooper_InstallInfo.dat
2008-01-20 09:59:12 0 d-------- C:\Documents and Settings\Michael Greene\Application Data\DonationCoder
2008-01-19 05:32:19 0 d-------- C:\Documents and Settings\Michael Greene\Application Data\Move Networks
2008-01-17 20:34:20 0 d-------- C:\Program Files\Real

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25BE2418-6C95-418F-BE03-0D9B9354A167}]
C:\WINDOWS\system32\efccbcc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27a48cbb-c369-4c07-bc1d-ef4a5555e857}]
03/16/2008 10:17 PM 99904 --a------ C:\WINDOWS\system32\qgwphfko.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B175C66D-4624-4179-9CB8-C87463647F05}]
02/17/2008 06:11 PM 321536 --a------ C:\WINDOWS\system32\mljge.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [06/26/2003 10:35 AM]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [05/25/2004 08:16 AM]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [07/20/2004 08:34 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/01/2006 02:07 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [04/10/2006 08:19 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/15/2005 07:23 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [10/04/2007 03:15 PM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"BMe465e73a"="C:\WINDOWS\system32\qwsaahim.dll" [03/16/2008 10:11 PM]
"e756d4a6"="C:\WINDOWS\system32\toybshio.dll" [03/16/2008 10:14 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/30/2006 08:49 PM]
"Coast to Coast AM"="C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe" [06/08/2005 10:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/20/2007 10:04 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 07:05 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" []

C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [7/20/2007 9:57:16 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 12:15:54 AM]
Timex Data Link USB Launcher.lnk - C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe [1/1/2006 6:22:01 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"csnob.exe"=C:\WINDOWS\system\csnob.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{25BE2418-6C95-418F-BE03-0D9B9354A167}"= C:\WINDOWS\system32\efccbcc.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 02/15/2007 07:02 PM 50736 C:\WINDOWS\SYSTEM32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbcc]
efccbcc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Reliability]
C:\WINDOWS\system32\pbpusd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljge.dll
"Notification Packages"= :\WINDOWS\system32\srrstr.dll cecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timex Data Link USB Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timex Data Link USB Launcher.lnk
backup=C:\WINDOWS\pss\Timex Data Link USB Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Palm Registration.lnk]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Palm Registration.lnk
backup=C:\WINDOWS\pss\Palm Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Reboot.exe]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Reboot.exe
backup=C:\WINDOWS\pss\Reboot.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Screenshot Utility.lnk]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Screenshot Utility.lnk
backup=C:\WINDOWS\pss\Screenshot Utility.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aCr3RWJpX]
prismsno.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert]
C:\Program Files\AdwareAlert\adwarealert.Exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
"C:\Program Files\AutoUpdate\AutoUpdate.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe465e73a]
Rundll32.exe "C:\WINDOWS\system32\igcvqlvu.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
C:\Program Files\BullsEye Network\bin\bargains.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\VCMnet11.exe]
C:\WINDOWS\VCMnet11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\canoenc]
C:\WINDOWS\canoenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup]
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAS Client]
"C:\Program Files\Cas\Client\casclient.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfgmgr52]
RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\checkrun]
C:\windows\system32\eliteuhe32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMAPP]
"C:\Program Files\CMAPP\Client\cmappclient.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer]
"C:\Program Files\Microsoft Plus! Digital Media Edition\Dancer\Dancer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dwridll]
C:\WINDOWS\dwridll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e756d4a6]
rundll32.exe "C:\WINDOWS\system32\xutgejtk.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjdll]
C:\WINDOWS\eddjdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjenc]
C:\WINDOWS\eddjenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgoldll]
C:\WINDOWS\fgoldll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgolenc]
C:\WINDOWS\fgolenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup 4.0]
"C:\PROGRA~1\NOVOSOFT\HANDYB~1\hbagent.exe" -logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE New Window Maximizer]
C:\Program Files\IE New Window Maximizer\iemaximizer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Israfel]
C:\WINDOWS\SYSTEM32\Israfel.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
C:\WINDOWS\system32\JMRaidTool.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KavSvc]
C:\WINDOWS\system32\pnphma.exe reg_run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel32]
C:\WINDOWS\SYSTEM32\Kernel32.win

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lu38clae]
C:\WINDOWS\system32\lu38clae.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\Money Express.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
"C:\Program Files\Microsoft Money\System\Activation.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyApplication]
C:\Program Files\SlideShow\wpchng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch]
C:\Program Files\NaviSearch\bin\nls.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]
C:\Program Files\NetZero\exec.exe regrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NGServer]
C:\Program Files\Symantec\Ghost\ngserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqdll]
C:\WINDOWS\ozdqdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqenc]
C:\WINDOWS\ozdqenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder]
C:\Program Files\PCPitstop\Optimize\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pidfdll]
C:\WINDOWS\pidfdll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivacyScanner]
C:\Program Files\Privacy Champion\pscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSof1]
C:\WINDOWS\system32\PSof1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\richup]
C:\WINDOWS\system32\richup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rn8T36l]
qashlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker]
C:\WINDOWS\system32\khooker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sysnet]
C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\sysnet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The Phil Hendrie Show]
C:\Program Files\Phil Hendrie Media Center\Phil Hendrie Media Center.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfdll]
C:\WINDOWS\tkbfdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfenc]
C:\WINDOWS\tkbfenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBouncer]
C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vidctrl]
C:\WINDOWS\system32\vidctrl\vidctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WallpaperSS]
C:\Program Files\WallpaperSS\WallpaperSS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\mobile PhoneTools\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsync]
C:\WINDOWS\system32\babpon.exe reg_run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]
C:\Program Files\winupdates\winupdates.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WootAgent]
C:\Program Files\Woot Agent\WootAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ycbyenc]
C:\WINDOWS\ycbyenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YCentral]
c:\progra~1\yahoo!\YCentral\YahooCentral.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrdll]
C:\WINDOWS\yfzrdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrenc]
C:\WINDOWS\yfzrenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yykvenc]
C:\WINDOWS\yykvenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]
C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwdll]
C:\WINDOWS\zztwdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwenc]
C:\WINDOWS\zztwenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RioMSC"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

*Newly Created Service* - RKPAVPROC

-- End of Deckard's System Scanner: finished at 2008-03-17 18:04:00 ------------

extra.txt does not appear minimized as the instructions say. It is not present in the deckard\system scanner folder. I found one from 3 weeks ago, but there are no newer ones in the folder.

**Pancake** · 03-19-2008, 04:24 PM

Please download SDFix from here and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Post that log in your next reply.

=================================

Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.

Please visit this webpage for download links, and instructions for running the tool

When the tool is finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a security analyst.

mikeyg98 · 03-19-2008, 07:50 PM

SDFix: Version 1.159

Run by Administrator on Wed 03/19/2008 at 03:59 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url - Deleted
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url - Deleted
C:\Program Files\Setup.exe - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 17:17:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000051
"TracesSuccessful"=dword:00000009

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Palm\\Hotsync.exe"="C:\\Program Files\\Palm\\Hotsync.exe:*:Enabled:HotSync Manager"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_server.exe"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_server.exe:*:Disabled:Musicmatchr Music Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\FlightGear\\bin\\win32\\fgfs.exe"="C:\\Program Files\\FlightGear\\bin\\win32\\fgfs.exe:*:Enabled:fgfs"
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\\Program Files\\SecondLife\\SecondLife.exe"="C:\\Program Files\\SecondLife\\SecondLife.exe:*:Enabled:Second Life"
"C:\\Program Files\\SecondLife\\SLVoice.exe"="C:\\Program Files\\SecondLife\\SLVoice.exe:*:Enabled:SLVoice"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Documents and Settings\\Michael Greene\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\Michael Greene\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 4 Feb 2005 194 ..SH. --- "C:\AUTOEXEC.BAK"
Mon 11 Jul 2005 3,112,968 ...H. --- "C:\amanda tem\setup.exe"
Thu 21 Feb 2008 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Tue 21 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Sun 7 Oct 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 11 Dec 2006 0 A.SH. --- "C:\WINDOWS\DRM\Cache\Indiv02.tmp"
Sun 21 Jul 2002 418,816 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\All.exe"
Thu 18 Jul 2002 390,144 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\Change.exe"
Thu 18 Jul 2002 574,464 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\CheckPath.exe"
Mon 19 Aug 2002 430,592 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\Counter.exe"
Mon 22 Jul 2002 390,656 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\DelFolders.exe"
Fri 22 Nov 2002 399,872 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\DirectSetup.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\RegClean.exe"
Fri 19 Jul 2002 388,608 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\Regexe.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\RunRegexe.exe"
Sun 14 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 7 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT4.tmp"
Sun 2 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52e811b9b8a98e903e9af1663dd13485\BIT4.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT3.tmp"
Sun 2 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\771350e502329b319ea4189fe126f571\BIT3.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT4.tmp"
Fri 7 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT3.tmp"
Sun 4 Dec 2005 27,648 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Templates\~WRL0001.tmp"
Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL0003.tmp"
Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL1772.tmp"
Mon 16 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL1851.tmp"
Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL2215.tmp"
Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL2695.tmp"
Sat 21 Jul 2007 1,101,824 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\cooper garry's wedding fishing\SIV53.tmp"
Tue 22 Aug 2006 1,978,368 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\jun07\SIV9D.tmp"
Mon 10 Sep 2007 1,640 ..SH. --- "C:\Documents and Settings\Michael Greene\Application Data\Roxio\Dragon\DiscInfoCache\SONY_____DVD_RW_DRU-530A__2.1a_300_DICV018_DRGV2050108.TMP"
Fri 2 Nov 2007 2,172 A.SH. --- "C:\Documents and Settings\Michael Greene\Application Data\Roxio\Dragon\DiscInfoCache\SONY_____DVD_RW_DRU-530A__2.1a_100_DICV018_DRGV2050108.TMP"
Wed 6 Jul 2005 1,409,024 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\102NIKON\102NIKON\SIV3F.tmp"
Wed 6 Jul 2005 557,056 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\102NIKON\102NIKON\SIV42.tmp"
Wed 6 Jul 2005 1,409,024 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\cruise\102NIKON\102NIKON\SIV3F.tmp"
Wed 6 Jul 2005 557,056 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\cruise\102NIKON\102NIKON\SIV42.tmp"
Thu 22 Jun 2006 2,461,696 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\jun07\DCIM\100NIKON\SIV39.tmp"
Tue 6 Jun 2006 827,392 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\jun07\DCIM\100NIKON\SIV55.tmp"

Finished!

ComboFix 08-03-18.1 - Michael Greene 2008-03-19 18:25:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1424 [GMT -7:00]
Running from: C:\Documents and Settings\Michael Greene\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\cmapp
C:\Program Files\cmapp\Client\hf.txt
C:\Program Files\cmapp\Client\rf.txt
C:\Program Files\cmapp\Client\sf.txt
C:\Program Files\cmapp\Client\Uninstall.exe
C:\Program Files\cmapp\cmappstub.exe
C:\Program Files\Common Files\uninstall information
C:\Program Files\winupdates
C:\Program Files\winupdates\a.zip
C:\WINDOWS\BMe465e73a.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\start.exe
C:\WINDOWS\SYSTEM32\adnwyvie.ini
C:\WINDOWS\system32\albxjodg.dll
C:\WINDOWS\system32\asdmjtim.dll
C:\WINDOWS\SYSTEM32\bptcllyu.ini
C:\WINDOWS\system32\bxyuaonk.dll
C:\WINDOWS\system32\cvywfklc.dll
C:\WINDOWS\SYSTEM32\djeukusu.ini
C:\WINDOWS\system32\edaqelrk.dll
C:\WINDOWS\SYSTEM32\egjlm.ini
C:\WINDOWS\SYSTEM32\egjlm.ini2
C:\WINDOWS\system32\fmvdihvk.dll
C:\WINDOWS\system32\fsdfdeyn.dll
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\gwajljhn.dll
C:\WINDOWS\system32\hbvvhhju.dll
C:\WINDOWS\system32\hmfeapee.dll
C:\WINDOWS\system32\iapkbtps.dll
C:\WINDOWS\SYSTEM32\inqhtdla.ini
C:\WINDOWS\system32\iqnmdrrl.dll
C:\WINDOWS\system32\iwiicvpa.dll
C:\WINDOWS\system32\ixuegpyk.dll
C:\WINDOWS\SYSTEM32\jlmdvkgd.ini
C:\WINDOWS\SYSTEM32\jovhpwxj.ini
C:\WINDOWS\system32\jqlxqwjt.dll
C:\WINDOWS\system32\kdrvsudx.dll
C:\WINDOWS\SYSTEM32\ktjegtux.ini
C:\WINDOWS\SYSTEM32\laodyemv.ini
C:\WINDOWS\SYSTEM32\lrrdmnqi.ini
C:\WINDOWS\system32\lvdbcmer.dll
C:\WINDOWS\system32\makxmthy.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\mitjmdsa.ini
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\SYSTEM32\mmhhuswo.ini
C:\WINDOWS\system32\nisjsprp.dll
C:\WINDOWS\SYSTEM32\nutxlmne.ini
C:\WINDOWS\system32\oekvfsxo.dll
C:\WINDOWS\system32\oxrlbdeq.dll
C:\WINDOWS\system32\pbjkpkqi.dll
C:\WINDOWS\system32\pubntywb.dll
C:\WINDOWS\system32\qgwphfko.dll
C:\WINDOWS\SYSTEM32\qobhppso.ini
C:\WINDOWS\system32\qufkmyiu.dll
C:\WINDOWS\system32\qwsaahim.dll
C:\WINDOWS\SYSTEM32\rnpsgojr.ini
C:\WINDOWS\SYSTEM32\spnjgglu.ini
C:\WINDOWS\SYSTEM32\sptbkpai.ini
C:\WINDOWS\SYSTEM32\srclfebv.ini
C:\WINDOWS\system32\srysdmdw.dll
C:\WINDOWS\system32\tvrfhgru.dll
C:\WINDOWS\SYSTEM32\tvyxendx.ini
C:\WINDOWS\system32\uabkhenj.dll
C:\WINDOWS\SYSTEM32\ugrmphgf.ini
C:\WINDOWS\SYSTEM32\uhmamesi.ini
C:\WINDOWS\SYSTEM32\utxnnthj.ini
C:\WINDOWS\system32\uunfxkmf.dll
C:\WINDOWS\system32\vhuyflsi.dll
C:\WINDOWS\system32\vovidxkr.dll
C:\WINDOWS\system32\wjceaals.dll
C:\WINDOWS\system32\wjvpkuua.dll
C:\WINDOWS\system32\wovfinjo.dll
C:\WINDOWS\SYSTEM32\wqgdmxol.ini
C:\WINDOWS\SYSTEM32\xddgtsbm.ini
C:\WINDOWS\SYSTEM32\xeegjhvf.ini
C:\WINDOWS\SYSTEM32\xituejkj.ini
C:\WINDOWS\system32\xutgejtk.dll
C:\WINDOWS\system32\ydrvxvmh.dll
C:\WINDOWS\SYSTEM32\ylqmsxim.ini
C:\WINDOWS\system32\yqugwtdv.dll
C:\WINDOWS\Web\default.htt

.
((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.

2008-03-19 17:18 . 2008-03-19 17:18 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-03-19 15:42 . 2008-03-19 15:42 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-19 15:36 . 2008-03-19 17:26 <DIR> d-------- C:\SDFix
2008-03-17 23:14 . 2008-03-18 23:15 2,104,562 ---hs---- C:\WINDOWS\SYSTEM32\fhyaouro.ini
2008-03-17 18:46 . 2008-03-17 18:46 <DIR> d-------- C:\ie-spyad_zo
2008-03-16 23:14 . 2008-03-16 23:14 1,367,267 ---hs---- C:\WINDOWS\SYSTEM32\oihsbyot.ini
2008-03-15 23:18 . 2008-03-16 14:08 1,366,743 ---hs---- C:\WINDOWS\SYSTEM32\skvxnofm.ini
2008-03-06 23:29 . 2004-08-04 05:00 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\hwxjpn.dll
2008-03-06 23:28 . 2004-05-13 01:39 876,653 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\fp4awel.dll
2008-03-06 23:26 . 2008-03-06 23:26 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2008-03-06 22:40 . 2004-08-04 05:00 1,086,058 -ra------ C:\WINDOWS\SET79.tmp
2008-03-06 22:40 . 2004-08-04 05:00 1,042,903 -ra------ C:\WINDOWS\SET76.tmp
2008-03-06 22:40 . 2004-08-04 05:00 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2008-03-06 22:40 . 2004-08-04 05:00 24,661 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\spxcoins.dll
2008-03-06 22:40 . 2004-08-04 05:00 13,753 -ra------ C:\WINDOWS\SET85.tmp
2008-03-06 22:40 . 2004-08-04 05:00 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll
2008-03-06 22:40 . 2004-08-04 05:00 13,312 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\irclass.dll
2008-03-06 18:25 . 2007-12-10 15:24 159,458 --a------ C:\WINDOWS\SYSTEM32\nvapps.nvb
2008-03-06 18:20 . 2008-03-08 00:21 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-03-01 03:07 . 2008-03-17 15:35 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-03-01 03:06 . 2008-03-17 17:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-03-01 03:06 . 2008-03-17 15:35 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-03-01 03:06 . 2008-03-17 15:35 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-02-29 23:01 . 2008-02-29 23:04 197,009,408 --a------ C:\B.tmp
2008-02-29 22:57 . 2008-02-29 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-02-29 22:56 . 2008-02-29 23:01 <DIR> d-------- C:\WINDOWS\SYSTEM32\PAV
2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Program Files\Panda Security
2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Documents and Settings\Michael Greene\Application Data\Panda Software
2008-02-29 22:56 . 2007-09-28 14:24 83,896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pavdrv51.sys
2008-02-29 22:56 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\SYSTEM32\pavcpl.cpl
2008-02-29 22:56 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\SYSTEM32\avldr.dll
2008-02-29 22:56 . 2008-02-29 22:56 248 --a------ C:\WINDOWS\SYSTEM32\PavCPL.dat
2008-02-29 22:53 . 2007-07-12 14:49 178,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PavProc.sys
2008-02-29 22:53 . 2007-05-23 16:40 38,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ShlDrv51.sys
2008-02-29 22:48 . 2008-02-29 22:48 170 --a------ C:\WINDOWS\AvDetected.ini
2008-02-29 22:47 . 2008-02-29 22:53 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-02-26 02:37 . 2008-02-26 02:37 <DIR> d-------- C:\Deckard
2008-02-25 20:13 . 2008-03-11 20:31 1,597 --a------ C:\WINDOWS\mozver.dat
2008-02-25 19:51 . 2008-03-17 18:42 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-25 18:28 . 2008-02-25 18:28 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-25 01:48 . 2007-08-01 23:47 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-02-25 00:51 . 2008-02-25 00:51 1,966,134 --a------ C:\WINDOWS\wall.bmp
2008-02-25 00:29 . 2008-02-25 01:48 <DIR> d-------- C:\Documents and Settings\Michael Greene\.housecall6.6
2008-02-25 00:17 . 2008-02-25 00:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-24 23:54 . 2008-02-24 23:54 <DIR> d-------- C:\NVIDIA
2008-02-24 23:54 . 2007-12-05 03:53 356,352 --a------ C:\WINDOWS\SYSTEM32\NVUNINST.EXE
2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\VundoFix Backups
2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-24 21:42 . 2008-03-17 18:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Anvsoft
2008-02-23 21:37 . 2008-02-23 21:37 0 --a------ C:\WINDOWS\SYSTEM32\efccbcc.dll.vir
2008-02-23 20:27 . 2008-02-23 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-20 18:13 . 2008-02-20 18:13 11 -ra------ C:\WINDOWS\amunres.lsl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 23:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-17 23:41 --------- d-----w C:\Program Files\mobile PhoneTools
2008-03-17 23:38 --------- d-----w C:\Program Files\Google
2008-03-17 23:36 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-03-17 23:36 --------- d-----w C:\Program Files\Coast to Coast AM Media Center
2008-03-10 01:47 --------- d-----w C:\Program Files\AtomTime Pro
2008-03-07 06:38 28,144 ----a-w C:\Documents and Settings\Michael Greene\Application Data\GDIPFONTCACHEV1.DAT
2008-03-01 07:49 5,751,849 ----a-w C:\WINDOWS\JAVA\Packages\6rr9np7x.zip
2008-03-01 07:49 5,749,283 ----a-w C:\WINDOWS\JAVA\Packages\a9flzxvh.zip
2008-03-01 06:53 5,883,064 ----a-w C:\Program Files\DPSS0303.ZIP
2008-03-01 05:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 02:37 --------- d-----w C:\Program Files\LimeWire
2008-02-25 06:50 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-02-25 05:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-25 04:42 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Lavasoft
2008-02-25 04:41 --------- d-----w C:\Program Files\RegistryFix
2008-02-25 04:41 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-25 04:41 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-25 04:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-25 04:39 --------- d-----w C:\Program Files\GetASFStream
2008-02-25 04:39 --------- d-----w C:\Program Files\DVD slideshow GUI
2008-02-25 04:37 --------- d-----w C:\Program Files\Picasa2
2008-02-25 04:37 --------- d-----w C:\Program Files\Lavasoft
2008-02-21 02:37 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Ahead
2008-02-17 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-02-17 03:51 --------- d-----w C:\Program Files\Nero
2008-02-17 03:45 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-16 23:43 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Media Player Classic
2008-02-16 23:36 --------- d-----w C:\Program Files\Replay Converter
2008-02-09 06:05 --------- d-----w C:\Program Files\RealArcade
2008-02-08 08:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-06 07:41 --------- d-----w C:\Program Files\URLSnooper2
2008-01-20 17:59 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\DonationCoder
2008-01-20 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\DonationCoder
2007-08-25 07:00 250 ------w C:\Documents and Settings\Michael Greene\jobq.dat
2007-06-04 21:13 3,655,608 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-06-04 21:13 25,990,392 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2006-10-03 08:00 24,192 ------w C:\Documents and Settings\Michael Greene\usbsermptxp.sys
2006-10-03 08:00 22,768 ------w C:\Documents and Settings\Michael Greene\usbsermpt.sys
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2005-02-06 16:27 122 ------w C:\Documents and Settings\Michael Greene\Application Data\fusioncache.dat
2005-02-05 04:02 271 --sh--w C:\Program Files\desktop.ini
2005-02-05 04:02 23,357 ---ha-w C:\Program Files\folder.htt
2004-07-18 05:55 460,728 ----a-w C:\WINDOWS\FONTS\SET496.tmp
2004-07-18 05:55 383,140 ----a-w C:\WINDOWS\FONTS\SET495.tmp
2004-07-18 05:55 355,436 ----a-w C:\WINDOWS\FONTS\SET494.tmp
2004-07-17 18:39 409,280 ----a-w C:\WINDOWS\FONTS\SET493.tmp
2004-07-17 18:39 398,372 ----a-w C:\WINDOWS\FONTS\SET492.tmp
2004-07-17 18:39 367,112 ----a-w C:\WINDOWS\FONTS\SET49A.tmp
2004-07-17 18:39 352,224 ----a-w C:\WINDOWS\FONTS\SET499.tmp
2004-07-17 18:39 171,792 ----a-w C:\WINDOWS\FONTS\SET490.tmp
2004-07-17 18:39 155,068 ----a-w C:\WINDOWS\FONTS\SET497.tmp
2004-07-17 18:39 134,108 ----a-w C:\WINDOWS\FONTS\SET491.tmp
2004-07-17 18:39 127,596 ----a-w C:\WINDOWS\FONTS\SET498.tmp
2003-02-08 11:50 8,707 ----a-w C:\Program Files\Readme.rtf
2003-02-08 11:50 2,418 ----a-w C:\Program Files\Readme.txt
2003-01-12 19:41 3,392 ----a-w C:\WINDOWS\inf\OTHER\cmiainfo.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
"Coast to Coast AM"="C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe" [2005-06-08 11:00 983040]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-20 23:04 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2003-06-26 11:35 303104]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07 843776]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-15 20:23 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 10:57:16 2913584]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588]
Timex Data Link USB Launcher.lnk - C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe [2006-01-01 19:22:01 40960]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"csnob.exe"= C:\WINDOWS\system\csnob.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\SYSTEM32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbcc]
efccbcc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timex Data Link USB Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timex Data Link USB Launcher.lnk
backup=C:\WINDOWS\pss\Timex Data Link USB Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Palm Registration.lnk]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Palm Registration.lnk
backup=C:\WINDOWS\pss\Palm Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Reboot.exe]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Reboot.exe
backup=C:\WINDOWS\pss\Reboot.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Screenshot Utility.lnk]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Screenshot Utility.lnk
backup=C:\WINDOWS\pss\Screenshot Utility.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aCr3RWJpX]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-09-09 01:18 57344 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert]
C:\Program Files\AdwareAlert\adwarealert.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
C:\Program Files\AutoUpdate\AutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe465e73a]
C:\WINDOWS\system32\igcvqlvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
C:\Program Files\BullsEye Network\bin\bargains.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\VCMnet11.exe]
C:\WINDOWS\VCMnet11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\canoenc]
C:\WINDOWS\canoenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup]
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAS Client]
C:\Program Files\Cas\Client\casclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfgmgr52]
C:\WINDOWS\cfgmgr52.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\checkrun]
C:\windows\system32\eliteuhe32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMAPP]
C:\Program Files\CMAPP\Client\cmappclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer]
--a------ 2003-07-24 00:05 395264 C:\Program Files\Microsoft Plus! Digital Media Edition\Dancer\Dancer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dwridll]
C:\WINDOWS\dwridll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e756d4a6]
C:\WINDOWS\system32\xutgejtk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjdll]
C:\WINDOWS\eddjdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjenc]
C:\WINDOWS\eddjenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgoldll]
C:\WINDOWS\fgoldll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgolenc]
C:\WINDOWS\fgolenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup 4.0]
C:\PROGRA~1\NOVOSOFT\HANDYB~1\hbagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2001-11-19 06:27 196608 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE New Window Maximizer]
--a------ 2005-02-08 23:06 356352 C:\Program Files\IE New Window Maximizer\iemaximizer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2004-04-14 15:04 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Israfel]
C:\WINDOWS\SYSTEM32\Israfel.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-03-20 17:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
C:\WINDOWS\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KavSvc]
C:\WINDOWS\system32\pnphma.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel32]
C:\WINDOWS\SYSTEM32\Kernel32.win

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lu38clae]
C:\WINDOWS\system32\lu38clae.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
C:\Program Files\Microsoft Money\System\Activation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyApplication]
--a------ 2006-04-29 06:37 2841600 C:\Program Files\SlideShow\wpchng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2007-10-29 18:14 323216 C:\Program Files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch]
C:\Program Files\NaviSearch\bin\nls.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]
C:\Program Files\NetZero\exec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NGServer]
C:\Program Files\Symantec\Ghost\ngserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqdll]
C:\WINDOWS\ozdqdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqenc]
C:\WINDOWS\ozdqenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2004-04-14 14:46 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder]
C:\Program Files\PCPitstop\Optimize\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pidfdll]
C:\WINDOWS\pidfdll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivacyScanner]
C:\Program Files\Privacy Champion\pscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSof1]
C:\WINDOWS\system32\PSof1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-11-15 20:23 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\richup]
C:\WINDOWS\system32\richup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rn8T36l]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker]
C:\WINDOWS\system32\khooker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
--a------ 2002-07-12 03:15 106496 C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-10-14 10:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-20 23:04 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sysnet]
C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\sysnet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The Phil Hendrie Show]
C:\Program Files\Phil Hendrie Media Center\Phil Hendrie Media Center.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfdll]
C:\WINDOWS\tkbfdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfenc]
C:\WINDOWS\tkbfenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBouncer]
C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vidctrl]
C:\WINDOWS\system32\vidctrl\vidctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WallpaperSS]
C:\Program Files\WallpaperSS\WallpaperSS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\mobile PhoneTools\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsync]
C:\WINDOWS\system32\babpon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]
C:\Program Files\winupdates\winupdates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WootAgent]
C:\Program Files\Woot Agent\WootAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ycbyenc]
C:\WINDOWS\ycbyenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YCentral]
--a------ 2005-12-06 17:37 409112 c:\progra~1\yahoo!\YCentral\YahooCentral.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrdll]
C:\WINDOWS\yfzrdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrenc]
C:\WINDOWS\yfzrenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yykvenc]
C:\WINDOWS\yykvenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]
C:\Program Files\Zinio\ZinioDeliveryManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwdll]
C:\WINDOWS\zztwdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwenc]
C:\WINDOWS\zztwenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RioMSC"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Palm\\Hotsync.exe"=
"C:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\SecondLife\\SecondLife.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1755:TCP"= 1755:TCP:yahoo.com
"14237:TCP"= 14237:TCP:hotsync
"14238:UDP"= 14238:UDP:hotsync

R0 MtxDma0;Matrox Dma Manager (0);C:\WINDOWS\system32\drivers\MtxDma0.sys [2002-07-09 23:33]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 14:49]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 05:27]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28]
S3 DoradoPC;Conexant VGA Camera;C:\WINDOWS\system32\DRIVERS\drdvid40.sys [2001-12-16 19:33]
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys [2006-04-17 18:13]
S3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys []
S3 sgiul50;sgiul50;C:\WINDOWS\system32\DRIVERS\sgiulnt5.sys [2001-08-17 12:51]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 16:02]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;C:\Program Files\Ufasoft\Sniffer\usft_sn4.sys []
S3 USB-100;SMC Compact USB to Ethernet converter;C:\WINDOWS\system32\DRIVERS\SMC2208.SYS [2003-04-03 00:21]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-20 01:10:01 C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job"
- C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE
"2008-03-06 07:00:00 C:\WINDOWS\Tasks\Tune-up Application Start.job"
"2008-03-20 01:39:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{3238FA5A-B1EB-4855-987F-502E04ED310C}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 18:31:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-03-19 18:40:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-20 01:40:12
.
2008-03-19 10:00:28 --- E O F ---

ComboFix 08-03-18.1 - Michael Greene 2008-03-19 18:25:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1424 [GMT -7:00]
Running from: C:\Documents and Settings\Michael Greene\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\cmapp
C:\Program Files\cmapp\Client\hf.txt
C:\Program Files\cmapp\Client\rf.txt
C:\Program Files\cmapp\Client\sf.txt
C:\Program Files\cmapp\Client\Uninstall.exe
C:\Program Files\cmapp\cmappstub.exe
C:\Program Files\Common Files\uninstall information
C:\Program Files\winupdates
C:\Program Files\winupdates\a.zip
C:\WINDOWS\BMe465e73a.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\start.exe
C:\WINDOWS\SYSTEM32\adnwyvie.ini
C:\WINDOWS\system32\albxjodg.dll
C:\WINDOWS\system32\asdmjtim.dll
C:\WINDOWS\SYSTEM32\bptcllyu.ini
C:\WINDOWS\system32\bxyuaonk.dll
C:\WINDOWS\system32\cvywfklc.dll
C:\WINDOWS\SYSTEM32\djeukusu.ini
C:\WINDOWS\system32\edaqelrk.dll
C:\WINDOWS\SYSTEM32\egjlm.ini
C:\WINDOWS\SYSTEM32\egjlm.ini2
C:\WINDOWS\system32\fmvdihvk.dll
C:\WINDOWS\system32\fsdfdeyn.dll
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\gwajljhn.dll
C:\WINDOWS\system32\hbvvhhju.dll
C:\WINDOWS\system32\hmfeapee.dll
C:\WINDOWS\system32\iapkbtps.dll
C:\WINDOWS\SYSTEM32\inqhtdla.ini
C:\WINDOWS\system32\iqnmdrrl.dll
C:\WINDOWS\system32\iwiicvpa.dll
C:\WINDOWS\system32\ixuegpyk.dll
C:\WINDOWS\SYSTEM32\jlmdvkgd.ini
C:\WINDOWS\SYSTEM32\jovhpwxj.ini
C:\WINDOWS\system32\jqlxqwjt.dll
C:\WINDOWS\system32\kdrvsudx.dll
C:\WINDOWS\SYSTEM32\ktjegtux.ini
C:\WINDOWS\SYSTEM32\laodyemv.ini
C:\WINDOWS\SYSTEM32\lrrdmnqi.ini
C:\WINDOWS\system32\lvdbcmer.dll
C:\WINDOWS\system32\makxmthy.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\mitjmdsa.ini
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\SYSTEM32\mmhhuswo.ini
C:\WINDOWS\system32\nisjsprp.dll
C:\WINDOWS\SYSTEM32\nutxlmne.ini
C:\WINDOWS\system32\oekvfsxo.dll
C:\WINDOWS\system32\oxrlbdeq.dll
C:\WINDOWS\system32\pbjkpkqi.dll
C:\WINDOWS\system32\pubntywb.dll
C:\WINDOWS\system32\qgwphfko.dll
C:\WINDOWS\SYSTEM32\qobhppso.ini
C:\WINDOWS\system32\qufkmyiu.dll
C:\WINDOWS\system32\qwsaahim.dll
C:\WINDOWS\SYSTEM32\rnpsgojr.ini
C:\WINDOWS\SYSTEM32\spnjgglu.ini
C:\WINDOWS\SYSTEM32\sptbkpai.ini
C:\WINDOWS\SYSTEM32\srclfebv.ini
C:\WINDOWS\system32\srysdmdw.dll
C:\WINDOWS\system32\tvrfhgru.dll
C:\WINDOWS\SYSTEM32\tvyxendx.ini
C:\WINDOWS\system32\uabkhenj.dll
C:\WINDOWS\SYSTEM32\ugrmphgf.ini
C:\WINDOWS\SYSTEM32\uhmamesi.ini
C:\WINDOWS\SYSTEM32\utxnnthj.ini
C:\WINDOWS\system32\uunfxkmf.dll
C:\WINDOWS\system32\vhuyflsi.dll
C:\WINDOWS\system32\vovidxkr.dll
C:\WINDOWS\system32\wjceaals.dll
C:\WINDOWS\system32\wjvpkuua.dll
C:\WINDOWS\system32\wovfinjo.dll
C:\WINDOWS\SYSTEM32\wqgdmxol.ini
C:\WINDOWS\SYSTEM32\xddgtsbm.ini
C:\WINDOWS\SYSTEM32\xeegjhvf.ini
C:\WINDOWS\SYSTEM32\xituejkj.ini
C:\WINDOWS\system32\xutgejtk.dll
C:\WINDOWS\system32\ydrvxvmh.dll
C:\WINDOWS\SYSTEM32\ylqmsxim.ini
C:\WINDOWS\system32\yqugwtdv.dll
C:\WINDOWS\Web\default.htt

.
((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.

2008-03-19 17:18 . 2008-03-19 17:18 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-03-19 15:42 . 2008-03-19 15:42 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-19 15:36 . 2008-03-19 17:26 <DIR> d-------- C:\SDFix
2008-03-17 23:14 . 2008-03-18 23:15 2,104,562 ---hs---- C:\WINDOWS\SYSTEM32\fhyaouro.ini
2008-03-17 18:46 . 2008-03-17 18:46 <DIR> d-------- C:\ie-spyad_zo
2008-03-16 23:14 . 2008-03-16 23:14 1,367,267 ---hs---- C:\WINDOWS\SYSTEM32\oihsbyot.ini
2008-03-15 23:18 . 2008-03-16 14:08 1,366,743 ---hs---- C:\WINDOWS\SYSTEM32\skvxnofm.ini
2008-03-06 23:29 . 2004-08-04 05:00 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\hwxjpn.dll
2008-03-06 23:28 . 2004-05-13 01:39 876,653 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\fp4awel.dll
2008-03-06 23:26 . 2008-03-06 23:26 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2008-03-06 22:40 . 2004-08-04 05:00 1,086,058 -ra------ C:\WINDOWS\SET79.tmp
2008-03-06 22:40 . 2004-08-04 05:00 1,042,903 -ra------ C:\WINDOWS\SET76.tmp
2008-03-06 22:40 . 2004-08-04 05:00 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2008-03-06 22:40 . 2004-08-04 05:00 24,661 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\spxcoins.dll
2008-03-06 22:40 . 2004-08-04 05:00 13,753 -ra------ C:\WINDOWS\SET85.tmp
2008-03-06 22:40 . 2004-08-04 05:00 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll
2008-03-06 22:40 . 2004-08-04 05:00 13,312 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\irclass.dll
2008-03-06 18:25 . 2007-12-10 15:24 159,458 --a------ C:\WINDOWS\SYSTEM32\nvapps.nvb
2008-03-06 18:20 . 2008-03-08 00:21 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-03-01 03:07 . 2008-03-17 15:35 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-03-01 03:06 . 2008-03-17 17:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-03-01 03:06 . 2008-03-17 15:35 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-03-01 03:06 . 2008-03-17 15:35 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-02-29 23:01 . 2008-02-29 23:04 197,009,408 --a------ C:\B.tmp
2008-02-29 22:57 . 2008-02-29 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-02-29 22:56 . 2008-02-29 23:01 <DIR> d-------- C:\WINDOWS\SYSTEM32\PAV
2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Program Files\Panda Security
2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Documents and Settings\Michael Greene\Application Data\Panda Software
2008-02-29 22:56 . 2007-09-28 14:24 83,896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pavdrv51.sys
2008-02-29 22:56 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\SYSTEM32\pavcpl.cpl
2008-02-29 22:56 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\SYSTEM32\avldr.dll
2008-02-29 22:56 . 2008-02-29 22:56 248 --a------ C:\WINDOWS\SYSTEM32\PavCPL.dat
2008-02-29 22:53 . 2007-07-12 14:49 178,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PavProc.sys
2008-02-29 22:53 . 2007-05-23 16:40 38,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ShlDrv51.sys
2008-02-29 22:48 . 2008-02-29 22:48 170 --a------ C:\WINDOWS\AvDetected.ini
2008-02-29 22:47 . 2008-02-29 22:53 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-02-26 02:37 . 2008-02-26 02:37 <DIR> d-------- C:\Deckard
2008-02-25 20:13 . 2008-03-11 20:31 1,597 --a------ C:\WINDOWS\mozver.dat
2008-02-25 19:51 . 2008-03-17 18:42 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-25 18:28 . 2008-02-25 18:28 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-25 01:48 . 2007-08-01 23:47 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-02-25 00:51 . 2008-02-25 00:51 1,966,134 --a------ C:\WINDOWS\wall.bmp
2008-02-25 00:29 . 2008-02-25 01:48 <DIR> d-------- C:\Documents and Settings\Michael Greene\.housecall6.6
2008-02-25 00:17 . 2008-02-25 00:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-24 23:54 . 2008-02-24 23:54 <DIR> d-------- C:\NVIDIA
2008-02-24 23:54 . 2007-12-05 03:53 356,352 --a------ C:\WINDOWS\SYSTEM32\NVUNINST.EXE
2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\VundoFix Backups
2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-24 21:42 . 2008-03-17 18:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Anvsoft
2008-02-23 21:37 . 2008-02-23 21:37 0 --a------ C:\WINDOWS\SYSTEM32\efccbcc.dll.vir
2008-02-23 20:27 . 2008-02-23 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-20 18:13 . 2008-02-20 18:13 11 -ra------ C:\WINDOWS\amunres.lsl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 23:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-17 23:41 --------- d-----w C:\Program Files\mobile PhoneTools
2008-03-17 23:38 --------- d-----w C:\Program Files\Google
2008-03-17 23:36 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-03-17 23:36 --------- d-----w C:\Program Files\Coast to Coast AM Media Center
2008-03-10 01:47 --------- d-----w C:\Program Files\AtomTime Pro
2008-03-07 06:38 28,144 ----a-w C:\Documents and Settings\Michael Greene\Application Data\GDIPFONTCACHEV1.DAT
2008-03-01 07:49 5,751,849 ----a-w C:\WINDOWS\JAVA\Packages\6rr9np7x.zip
2008-03-01 07:49 5,749,283 ----a-w C:\WINDOWS\JAVA\Packages\a9flzxvh.zip
2008-03-01 06:53 5,883,064 ----a-w C:\Program Files\DPSS0303.ZIP
2008-03-01 05:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 02:37 --------- d-----w C:\Program Files\LimeWire
2008-02-25 06:50 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-02-25 05:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-25 04:42 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Lavasoft
2008-02-25 04:41 --------- d-----w C:\Program Files\RegistryFix
2008-02-25 04:41 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-25 04:41 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-25 04:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-25 04:39 --------- d-----w C:\Program Files\GetASFStream
2008-02-25 04:39 --------- d-----w C:\Program Files\DVD slideshow GUI
2008-02-25 04:37 --------- d-----w C:\Program Files\Picasa2
2008-02-25 04:37 --------- d-----w C:\Program Files\Lavasoft
2008-02-21 02:37 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Ahead
2008-02-17 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-02-17 03:51 --------- d-----w C:\Program Files\Nero
2008-02-17 03:45 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-16 23:43 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Media Player Classic
2008-02-16 23:36 --------- d-----w C:\Program Files\Replay Converter
2008-02-09 06:05 --------- d-----w C:\Program Files\RealArcade
2008-02-08 08:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-06 07:41 --------- d-----w C:\Program Files\URLSnooper2
2008-01-20 17:59 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\DonationCoder
2008-01-20 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\DonationCoder
2007-08-25 07:00 250 ------w C:\Documents and Settings\Michael Greene\jobq.dat
2007-06-04 21:13 3,655,608 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-06-04 21:13 25,990,392 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2006-10-03 08:00 24,192 ------w C:\Documents and Settings\Michael Greene\usbsermptxp.sys
2006-10-03 08:00 22,768 ------w C:\Documents and Settings\Michael Greene\usbsermpt.sys
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2005-02-06 16:27 122 ------w C:\Documents and Settings\Michael Greene\Application Data\fusioncache.dat
2005-02-05 04:02 271 --sh--w C:\Program Files\desktop.ini
2005-02-05 04:02 23,357 ---ha-w C:\Program Files\folder.htt
2004-07-18 05:55 460,728 ----a-w C:\WINDOWS\FONTS\SET496.tmp
2004-07-18 05:55 383,140 ----a-w C:\WINDOWS\FONTS\SET495.tmp
2004-07-18 05:55 355,436 ----a-w C:\WINDOWS\FONTS\SET494.tmp
2004-07-17 18:39 409,280 ----a-w C:\WINDOWS\FONTS\SET493.tmp
2004-07-17 18:39 398,372 ----a-w C:\WINDOWS\FONTS\SET492.tmp
2004-07-17 18:39 367,112 ----a-w C:\WINDOWS\FONTS\SET49A.tmp
2004-07-17 18:39 352,224 ----a-w C:\WINDOWS\FONTS\SET499.tmp
2004-07-17 18:39 171,792 ----a-w C:\WINDOWS\FONTS\SET490.tmp
2004-07-17 18:39 155,068 ----a-w C:\WINDOWS\FONTS\SET497.tmp
2004-07-17 18:39 134,108 ----a-w C:\WINDOWS\FONTS\SET491.tmp
2004-07-17 18:39 127,596 ----a-w C:\WINDOWS\FONTS\SET498.tmp
2003-02-08 11:50 8,707 ----a-w C:\Program Files\Readme.rtf
2003-02-08 11:50 2,418 ----a-w C:\Program Files\Readme.txt
2003-01-12 19:41 3,392 ----a-w C:\WINDOWS\inf\OTHER\cmiainfo.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
"Coast to Coast AM"="C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe" [2005-06-08 11:00 983040]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-20 23:04 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2003-06-26 11:35 303104]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07 843776]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-15 20:23 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 10:57:16 2913584]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588]
Timex Data Link USB Launcher.lnk - C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe [2006-01-01 19:22:01 40960]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"csnob.exe"= C:\WINDOWS\system\csnob.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\SYSTEM32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbcc]
efccbcc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timex Data Link USB Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timex Data Link USB Launcher.lnk
backup=C:\WINDOWS\pss\Timex Data Link USB Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Palm Registration.lnk]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Palm Registration.lnk
backup=C:\WINDOWS\pss\Palm Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Reboot.exe]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Reboot.exe
backup=C:\WINDOWS\pss\Reboot.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Screenshot Utility.lnk]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Screenshot Utility.lnk
backup=C:\WINDOWS\pss\Screenshot Utility.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aCr3RWJpX]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-09-09 01:18 57344 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert]
C:\Program Files\AdwareAlert\adwarealert.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
C:\Program Files\AutoUpdate\AutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe465e73a]
C:\WINDOWS\system32\igcvqlvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
C:\Program Files\BullsEye Network\bin\bargains.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\VCMnet11.exe]
C:\WINDOWS\VCMnet11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\canoenc]
C:\WINDOWS\canoenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup]
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAS Client]
C:\Program Files\Cas\Client\casclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfgmgr52]
C:\WINDOWS\cfgmgr52.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\checkrun]
C:\windows\system32\eliteuhe32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMAPP]
C:\Program Files\CMAPP\Client\cmappclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer]
--a------ 2003-07-24 00:05 395264 C:\Program Files\Microsoft Plus! Digital Media Edition\Dancer\Dancer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dwridll]
C:\WINDOWS\dwridll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e756d4a6]
C:\WINDOWS\system32\xutgejtk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjdll]
C:\WINDOWS\eddjdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjenc]
C:\WINDOWS\eddjenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgoldll]
C:\WINDOWS\fgoldll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgolenc]
C:\WINDOWS\fgolenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup 4.0]
C:\PROGRA~1\NOVOSOFT\HANDYB~1\hbagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2001-11-19 06:27 196608 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE New Window Maximizer]
--a------ 2005-02-08 23:06 356352 C:\Program Files\IE New Window Maximizer\iemaximizer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2004-04-14 15:04 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Israfel]
C:\WINDOWS\SYSTEM32\Israfel.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-03-20 17:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
C:\WINDOWS\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KavSvc]
C:\WINDOWS\system32\pnphma.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel32]
C:\WINDOWS\SYSTEM32\Kernel32.win

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lu38clae]
C:\WINDOWS\system32\lu38clae.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
C:\Program Files\Microsoft Money\System\Activation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyApplication]
--a------ 2006-04-29 06:37 2841600 C:\Program Files\SlideShow\wpchng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2007-10-29 18:14 323216 C:\Program Files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch]
C:\Program Files\NaviSearch\bin\nls.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]
C:\Program Files\NetZero\exec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NGServer]
C:\Program Files\Symantec\Ghost\ngserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqdll]
C:\WINDOWS\ozdqdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqenc]
C:\WINDOWS\ozdqenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2004-04-14 14:46 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder]
C:\Program Files\PCPitstop\Optimize\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pidfdll]
C:\WINDOWS\pidfdll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivacyScanner]
C:\Program Files\Privacy Champion\pscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSof1]
C:\WINDOWS\system32\PSof1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-11-15 20:23 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\richup]
C:\WINDOWS\system32\richup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rn8T36l]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker]
C:\WINDOWS\system32\khooker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
--a------ 2002-07-12 03:15 106496 C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-10-14 10:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-20 23:04 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sysnet]
C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\sysnet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The Phil Hendrie Show]
C:\Program Files\Phil Hendrie Media Center\Phil Hendrie Media Center.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfdll]
C:\WINDOWS\tkbfdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfenc]
C:\WINDOWS\tkbfenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBouncer]
C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vidctrl]
C:\WINDOWS\system32\vidctrl\vidctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WallpaperSS]
C:\Program Files\WallpaperSS\WallpaperSS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\mobile PhoneTools\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsync]
C:\WINDOWS\system32\babpon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]
C:\Program Files\winupdates\winupdates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WootAgent]
C:\Program Files\Woot Agent\WootAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ycbyenc]
C:\WINDOWS\ycbyenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YCentral]
--a------ 2005-12-06 17:37 409112 c:\progra~1\yahoo!\YCentral\YahooCentral.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrdll]
C:\WINDOWS\yfzrdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrenc]
C:\WINDOWS\yfzrenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yykvenc]
C:\WINDOWS\yykvenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]
C:\Program Files\Zinio\ZinioDeliveryManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwdll]
C:\WINDOWS\zztwdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwenc]
C:\WINDOWS\zztwenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RioMSC"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Palm\\Hotsync.exe"=
"C:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\SecondLife\\SecondLife.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1755:TCP"= 1755:TCP:yahoo.com
"14237:TCP"= 14237:TCP:hotsync
"14238:UDP"= 14238:UDP:hotsync

R0 MtxDma0;Matrox Dma Manager (0);C:\WINDOWS\system32\drivers\MtxDma0.sys [2002-07-09 23:33]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 14:49]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 05:27]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28]
S3 DoradoPC;Conexant VGA Camera;C:\WINDOWS\system32\DRIVERS\drdvid40.sys [2001-12-16 19:33]
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys [2006-04-17 18:13]
S3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys []
S3 sgiul50;sgiul50;C:\WINDOWS\system32\DRIVERS\sgiulnt5.sys [2001-08-17 12:51]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 16:02]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;C:\Program Files\Ufasoft\Sniffer\usft_sn4.sys []
S3 USB-100;SMC Compact USB to Ethernet converter;C:\WINDOWS\system32\DRIVERS\SMC2208.SYS [2003-04-03 00:21]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-20 01:10:01 C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job"
- C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE
"2008-03-06 07:00:00 C:\WINDOWS\Tasks\Tune-up Application Start.job"
"2008-03-20 01:39:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{3238FA5A-B1EB-4855-987F-502E04ED310C}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 18:31:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-03-19 18:40:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-20 01:40:12
.
2008-03-19 10:00:28 --- E O F ---

mikeyg98 · 03-19-2008, 07:50 PM

SDFix: Version 1.159

Run by Administrator on Wed 03/19/2008 at 03:59 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url - Deleted
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url - Deleted
C:\Program Files\Setup.exe - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 17:17:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000051
"TracesSuccessful"=dword:00000009

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Palm\\Hotsync.exe"="C:\\Program Files\\Palm\\Hotsync.exe:*:Enabled:HotSync Manager"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_server.exe"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_server.exe:*:Disabled:Musicmatchr Music Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\FlightGear\\bin\\win32\\fgfs.exe"="C:\\Program Files\\FlightGear\\bin\\win32\\fgfs.exe:*:Enabled:fgfs"
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\\Program Files\\SecondLife\\SecondLife.exe"="C:\\Program Files\\SecondLife\\SecondLife.exe:*:Enabled:Second Life"
"C:\\Program Files\\SecondLife\\SLVoice.exe"="C:\\Program Files\\SecondLife\\SLVoice.exe:*:Enabled:SLVoice"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Documents and Settings\\Michael Greene\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\Michael Greene\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 4 Feb 2005 194 ..SH. --- "C:\AUTOEXEC.BAK"
Mon 11 Jul 2005 3,112,968 ...H. --- "C:\amanda tem\setup.exe"
Thu 21 Feb 2008 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Tue 21 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Sun 7 Oct 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 11 Dec 2006 0 A.SH. --- "C:\WINDOWS\DRM\Cache\Indiv02.tmp"
Sun 21 Jul 2002 418,816 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\All.exe"
Thu 18 Jul 2002 390,144 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\Change.exe"
Thu 18 Jul 2002 574,464 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\CheckPath.exe"
Mon 19 Aug 2002 430,592 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\Counter.exe"
Mon 22 Jul 2002 390,656 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\DelFolders.exe"
Fri 22 Nov 2002 399,872 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\DirectSetup.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\RegClean.exe"
Fri 19 Jul 2002 388,608 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\Regexe.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\RunRegexe.exe"
Sun 14 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 7 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT4.tmp"
Sun 2 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52e811b9b8a98e903e9af1663dd13485\BIT4.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT3.tmp"
Sun 2 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\771350e502329b319ea4189fe126f571\BIT3.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT4.tmp"
Fri 7 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT3.tmp"
Sun 4 Dec 2005 27,648 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Templates\~WRL0001.tmp"
Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL0003.tmp"
Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL1772.tmp"
Mon 16 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL1851.tmp"
Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL2215.tmp"
Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL2695.tmp"
Sat 21 Jul 2007 1,101,824 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\cooper garry's wedding fishing\SIV53.tmp"
Tue 22 Aug 2006 1,978,368 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\jun07\SIV9D.tmp"
Mon 10 Sep 2007 1,640 ..SH. --- "C:\Documents and Settings\Michael Greene\Application Data\Roxio\Dragon\DiscInfoCache\SONY_____DVD_RW_DRU-530A__2.1a_300_DICV018_DRGV2050108.TMP"
Fri 2 Nov 2007 2,172 A.SH. --- "C:\Documents and Settings\Michael Greene\Application Data\Roxio\Dragon\DiscInfoCache\SONY_____DVD_RW_DRU-530A__2.1a_100_DICV018_DRGV2050108.TMP"
Wed 6 Jul 2005 1,409,024 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\102NIKON\102NIKON\SIV3F.tmp"
Wed 6 Jul 2005 557,056 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\102NIKON\102NIKON\SIV42.tmp"
Wed 6 Jul 2005 1,409,024 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\cruise\102NIKON\102NIKON\SIV3F.tmp"
Wed 6 Jul 2005 557,056 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\cruise\102NIKON\102NIKON\SIV42.tmp"
Thu 22 Jun 2006 2,461,696 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\jun07\DCIM\100NIKON\SIV39.tmp"
Tue 6 Jun 2006 827,392 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\jun07\DCIM\100NIKON\SIV55.tmp"

Finished!

ComboFix 08-03-18.1 - Michael Greene 2008-03-19 18:25:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1424 [GMT -7:00]
Running from: C:\Documents and Settings\Michael Greene\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\cmapp
C:\Program Files\cmapp\Client\hf.txt
C:\Program Files\cmapp\Client\rf.txt
C:\Program Files\cmapp\Client\sf.txt
C:\Program Files\cmapp\Client\Uninstall.exe
C:\Program Files\cmapp\cmappstub.exe
C:\Program Files\Common Files\uninstall information
C:\Program Files\winupdates
C:\Program Files\winupdates\a.zip
C:\WINDOWS\BMe465e73a.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\start.exe
C:\WINDOWS\SYSTEM32\adnwyvie.ini
C:\WINDOWS\system32\albxjodg.dll
C:\WINDOWS\system32\asdmjtim.dll
C:\WINDOWS\SYSTEM32\bptcllyu.ini
C:\WINDOWS\system32\bxyuaonk.dll
C:\WINDOWS\system32\cvywfklc.dll
C:\WINDOWS\SYSTEM32\djeukusu.ini
C:\WINDOWS\system32\edaqelrk.dll
C:\WINDOWS\SYSTEM32\egjlm.ini
C:\WINDOWS\SYSTEM32\egjlm.ini2
C:\WINDOWS\system32\fmvdihvk.dll
C:\WINDOWS\system32\fsdfdeyn.dll
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\gwajljhn.dll
C:\WINDOWS\system32\hbvvhhju.dll
C:\WINDOWS\system32\hmfeapee.dll
C:\WINDOWS\system32\iapkbtps.dll
C:\WINDOWS\SYSTEM32\inqhtdla.ini
C:\WINDOWS\system32\iqnmdrrl.dll
C:\WINDOWS\system32\iwiicvpa.dll
C:\WINDOWS\system32\ixuegpyk.dll
C:\WINDOWS\SYSTEM32\jlmdvkgd.ini
C:\WINDOWS\SYSTEM32\jovhpwxj.ini
C:\WINDOWS\system32\jqlxqwjt.dll
C:\WINDOWS\system32\kdrvsudx.dll
C:\WINDOWS\SYSTEM32\ktjegtux.ini
C:\WINDOWS\SYSTEM32\laodyemv.ini
C:\WINDOWS\SYSTEM32\lrrdmnqi.ini
C:\WINDOWS\system32\lvdbcmer.dll
C:\WINDOWS\system32\makxmthy.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\mitjmdsa.ini
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\SYSTEM32\mmhhuswo.ini
C:\WINDOWS\system32\nisjsprp.dll
C:\WINDOWS\SYSTEM32\nutxlmne.ini
C:\WINDOWS\system32\oekvfsxo.dll
C:\WINDOWS\system32\oxrlbdeq.dll
C:\WINDOWS\system32\pbjkpkqi.dll
C:\WINDOWS\system32\pubntywb.dll
C:\WINDOWS\system32\qgwphfko.dll
C:\WINDOWS\SYSTEM32\qobhppso.ini
C:\WINDOWS\system32\qufkmyiu.dll
C:\WINDOWS\system32\qwsaahim.dll
C:\WINDOWS\SYSTEM32\rnpsgojr.ini
C:\WINDOWS\SYSTEM32\spnjgglu.ini
C:\WINDOWS\SYSTEM32\sptbkpai.ini
C:\WINDOWS\SYSTEM32\srclfebv.ini
C:\WINDOWS\system32\srysdmdw.dll
C:\WINDOWS\system32\tvrfhgru.dll
C:\WINDOWS\SYSTEM32\tvyxendx.ini
C:\WINDOWS\system32\uabkhenj.dll
C:\WINDOWS\SYSTEM32\ugrmphgf.ini
C:\WINDOWS\SYSTEM32\uhmamesi.ini
C:\WINDOWS\SYSTEM32\utxnnthj.ini
C:\WINDOWS\system32\uunfxkmf.dll
C:\WINDOWS\system32\vhuyflsi.dll
C:\WINDOWS\system32\vovidxkr.dll
C:\WINDOWS\system32\wjceaals.dll
C:\WINDOWS\system32\wjvpkuua.dll
C:\WINDOWS\system32\wovfinjo.dll
C:\WINDOWS\SYSTEM32\wqgdmxol.ini
C:\WINDOWS\SYSTEM32\xddgtsbm.ini
C:\WINDOWS\SYSTEM32\xeegjhvf.ini
C:\WINDOWS\SYSTEM32\xituejkj.ini
C:\WINDOWS\system32\xutgejtk.dll
C:\WINDOWS\system32\ydrvxvmh.dll
C:\WINDOWS\SYSTEM32\ylqmsxim.ini
C:\WINDOWS\system32\yqugwtdv.dll
C:\WINDOWS\Web\default.htt

.
((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.

2008-03-19 17:18 . 2008-03-19 17:18 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-03-19 15:42 . 2008-03-19 15:42 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-19 15:36 . 2008-03-19 17:26 <DIR> d-------- C:\SDFix
2008-03-17 23:14 . 2008-03-18 23:15 2,104,562 ---hs---- C:\WINDOWS\SYSTEM32\fhyaouro.ini
2008-03-17 18:46 . 2008-03-17 18:46 <DIR> d-------- C:\ie-spyad_zo
2008-03-16 23:14 . 2008-03-16 23:14 1,367,267 ---hs---- C:\WINDOWS\SYSTEM32\oihsbyot.ini
2008-03-15 23:18 . 2008-03-16 14:08 1,366,743 ---hs---- C:\WINDOWS\SYSTEM32\skvxnofm.ini
2008-03-06 23:29 . 2004-08-04 05:00 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\hwxjpn.dll
2008-03-06 23:28 . 2004-05-13 01:39 876,653 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\fp4awel.dll
2008-03-06 23:26 . 2008-03-06 23:26 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2008-03-06 22:40 . 2004-08-04 05:00 1,086,058 -ra------ C:\WINDOWS\SET79.tmp
2008-03-06 22:40 . 2004-08-04 05:00 1,042,903 -ra------ C:\WINDOWS\SET76.tmp
2008-03-06 22:40 . 2004-08-04 05:00 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2008-03-06 22:40 . 2004-08-04 05:00 24,661 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\spxcoins.dll
2008-03-06 22:40 . 2004-08-04 05:00 13,753 -ra------ C:\WINDOWS\SET85.tmp
2008-03-06 22:40 . 2004-08-04 05:00 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll
2008-03-06 22:40 . 2004-08-04 05:00 13,312 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\irclass.dll
2008-03-06 18:25 . 2007-12-10 15:24 159,458 --a------ C:\WINDOWS\SYSTEM32\nvapps.nvb
2008-03-06 18:20 . 2008-03-08 00:21 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-03-01 03:07 . 2008-03-17 15:35 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-03-01 03:06 . 2008-03-17 17:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-03-01 03:06 . 2008-03-17 15:35 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-03-01 03:06 . 2008-03-17 15:35 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-02-29 23:01 . 2008-02-29 23:04 197,009,408 --a------ C:\B.tmp
2008-02-29 22:57 . 2008-02-29 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-02-29 22:56 . 2008-02-29 23:01 <DIR> d-------- C:\WINDOWS\SYSTEM32\PAV
2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Program Files\Panda Security
2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Documents and Settings\Michael Greene\Application Data\Panda Software
2008-02-29 22:56 . 2007-09-28 14:24 83,896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pavdrv51.sys
2008-02-29 22:56 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\SYSTEM32\pavcpl.cpl
2008-02-29 22:56 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\SYSTEM32\avldr.dll
2008-02-29 22:56 . 2008-02-29 22:56 248 --a------ C:\WINDOWS\SYSTEM32\PavCPL.dat
2008-02-29 22:53 . 2007-07-12 14:49 178,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PavProc.sys
2008-02-29 22:53 . 2007-05-23 16:40 38,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ShlDrv51.sys
2008-02-29 22:48 . 2008-02-29 22:48 170 --a------ C:\WINDOWS\AvDetected.ini
2008-02-29 22:47 . 2008-02-29 22:53 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-02-26 02:37 . 2008-02-26 02:37 <DIR> d-------- C:\Deckard
2008-02-25 20:13 . 2008-03-11 20:31 1,597 --a------ C:\WINDOWS\mozver.dat
2008-02-25 19:51 . 2008-03-17 18:42 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-25 18:28 . 2008-02-25 18:28 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-25 01:48 . 2007-08-01 23:47 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-02-25 00:51 . 2008-02-25 00:51 1,966,134 --a------ C:\WINDOWS\wall.bmp
2008-02-25 00:29 . 2008-02-25 01:48 <DIR> d-------- C:\Documents and Settings\Michael Greene\.housecall6.6
2008-02-25 00:17 . 2008-02-25 00:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-24 23:54 . 2008-02-24 23:54 <DIR> d-------- C:\NVIDIA
2008-02-24 23:54 . 2007-12-05 03:53 356,352 --a------ C:\WINDOWS\SYSTEM32\NVUNINST.EXE
2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\VundoFix Backups
2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-24 21:42 . 2008-03-17 18:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Anvsoft
2008-02-23 21:37 . 2008-02-23 21:37 0 --a------ C:\WINDOWS\SYSTEM32\efccbcc.dll.vir
2008-02-23 20:27 . 2008-02-23 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-20 18:13 . 2008-02-20 18:13 11 -ra------ C:\WINDOWS\amunres.lsl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 23:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-17 23:41 --------- d-----w C:\Program Files\mobile PhoneTools
2008-03-17 23:38 --------- d-----w C:\Program Files\Google
2008-03-17 23:36 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-03-17 23:36 --------- d-----w C:\Program Files\Coast to Coast AM Media Center
2008-03-10 01:47 --------- d-----w C:\Program Files\AtomTime Pro
2008-03-07 06:38 28,144 ----a-w C:\Documents and Settings\Michael Greene\Application Data\GDIPFONTCACHEV1.DAT
2008-03-01 07:49 5,751,849 ----a-w C:\WINDOWS\JAVA\Packages\6rr9np7x.zip
2008-03-01 07:49 5,749,283 ----a-w C:\WINDOWS\JAVA\Packages\a9flzxvh.zip
2008-03-01 06:53 5,883,064 ----a-w C:\Program Files\DPSS0303.ZIP
2008-03-01 05:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 02:37 --------- d-----w C:\Program Files\LimeWire
2008-02-25 06:50 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-02-25 05:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-25 04:42 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Lavasoft
2008-02-25 04:41 --------- d-----w C:\Program Files\RegistryFix
2008-02-25 04:41 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-25 04:41 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-25 04:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-25 04:39 --------- d-----w C:\Program Files\GetASFStream
2008-02-25 04:39 --------- d-----w C:\Program Files\DVD slideshow GUI
2008-02-25 04:37 --------- d-----w C:\Program Files\Picasa2
2008-02-25 04:37 --------- d-----w C:\Program Files\Lavasoft
2008-02-21 02:37 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Ahead
2008-02-17 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-02-17 03:51 --------- d-----w C:\Program Files\Nero
2008-02-17 03:45 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-16 23:43 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Media Player Classic
2008-02-16 23:36 --------- d-----w C:\Program Files\Replay Converter
2008-02-09 06:05 --------- d-----w C:\Program Files\RealArcade
2008-02-08 08:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-06 07:41 --------- d-----w C:\Program Files\URLSnooper2
2008-01-20 17:59 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\DonationCoder
2008-01-20 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\DonationCoder
2007-08-25 07:00 250 ------w C:\Documents and Settings\Michael Greene\jobq.dat
2007-06-04 21:13 3,655,608 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-06-04 21:13 25,990,392 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2006-10-03 08:00 24,192 ------w C:\Documents and Settings\Michael Greene\usbsermptxp.sys
2006-10-03 08:00 22,768 ------w C:\Documents and Settings\Michael Greene\usbsermpt.sys
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2005-02-06 16:27 122 ------w C:\Documents and Settings\Michael Greene\Application Data\fusioncache.dat
2005-02-05 04:02 271 --sh--w C:\Program Files\desktop.ini
2005-02-05 04:02 23,357 ---ha-w C:\Program Files\folder.htt
2004-07-18 05:55 460,728 ----a-w C:\WINDOWS\FONTS\SET496.tmp
2004-07-18 05:55 383,140 ----a-w C:\WINDOWS\FONTS\SET495.tmp
2004-07-18 05:55 355,436 ----a-w C:\WINDOWS\FONTS\SET494.tmp
2004-07-17 18:39 409,280 ----a-w C:\WINDOWS\FONTS\SET493.tmp
2004-07-17 18:39 398,372 ----a-w C:\WINDOWS\FONTS\SET492.tmp
2004-07-17 18:39 367,112 ----a-w C:\WINDOWS\FONTS\SET49A.tmp
2004-07-17 18:39 352,224 ----a-w C:\WINDOWS\FONTS\SET499.tmp
2004-07-17 18:39 171,792 ----a-w C:\WINDOWS\FONTS\SET490.tmp
2004-07-17 18:39 155,068 ----a-w C:\WINDOWS\FONTS\SET497.tmp
2004-07-17 18:39 134,108 ----a-w C:\WINDOWS\FONTS\SET491.tmp
2004-07-17 18:39 127,596 ----a-w C:\WINDOWS\FONTS\SET498.tmp
2003-02-08 11:50 8,707 ----a-w C:\Program Files\Readme.rtf
2003-02-08 11:50 2,418 ----a-w C:\Program Files\Readme.txt
2003-01-12 19:41 3,392 ----a-w C:\WINDOWS\inf\OTHER\cmiainfo.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
"Coast to Coast AM"="C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe" [2005-06-08 11:00 983040]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-20 23:04 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2003-06-26 11:35 303104]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07 843776]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-15 20:23 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 10:57:16 2913584]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588]
Timex Data Link USB Launcher.lnk - C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe [2006-01-01 19:22:01 40960]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"csnob.exe"= C:\WINDOWS\system\csnob.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\SYSTEM32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbcc]
efccbcc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timex Data Link USB Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timex Data Link USB Launcher.lnk
backup=C:\WINDOWS\pss\Timex Data Link USB Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Palm Registration.lnk]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Palm Registration.lnk
backup=C:\WINDOWS\pss\Palm Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Reboot.exe]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Reboot.exe
backup=C:\WINDOWS\pss\Reboot.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Screenshot Utility.lnk]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Screenshot Utility.lnk
backup=C:\WINDOWS\pss\Screenshot Utility.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aCr3RWJpX]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-09-09 01:18 57344 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert]
C:\Program Files\AdwareAlert\adwarealert.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
C:\Program Files\AutoUpdate\AutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe465e73a]
C:\WINDOWS\system32\igcvqlvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
C:\Program Files\BullsEye Network\bin\bargains.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\VCMnet11.exe]
C:\WINDOWS\VCMnet11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\canoenc]
C:\WINDOWS\canoenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup]
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAS Client]
C:\Program Files\Cas\Client\casclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfgmgr52]
C:\WINDOWS\cfgmgr52.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\checkrun]
C:\windows\system32\eliteuhe32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMAPP]
C:\Program Files\CMAPP\Client\cmappclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer]
--a------ 2003-07-24 00:05 395264 C:\Program Files\Microsoft Plus! Digital Media Edition\Dancer\Dancer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dwridll]
C:\WINDOWS\dwridll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e756d4a6]
C:\WINDOWS\system32\xutgejtk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjdll]
C:\WINDOWS\eddjdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjenc]
C:\WINDOWS\eddjenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgoldll]
C:\WINDOWS\fgoldll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgolenc]
C:\WINDOWS\fgolenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup 4.0]
C:\PROGRA~1\NOVOSOFT\HANDYB~1\hbagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2001-11-19 06:27 196608 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE New Window Maximizer]
--a------ 2005-02-08 23:06 356352 C:\Program Files\IE New Window Maximizer\iemaximizer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2004-04-14 15:04 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Israfel]
C:\WINDOWS\SYSTEM32\Israfel.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-03-20 17:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
C:\WINDOWS\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KavSvc]
C:\WINDOWS\system32\pnphma.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel32]
C:\WINDOWS\SYSTEM32\Kernel32.win

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lu38clae]
C:\WINDOWS\system32\lu38clae.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
C:\Program Files\Microsoft Money\System\Activation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyApplication]
--a------ 2006-04-29 06:37 2841600 C:\Program Files\SlideShow\wpchng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2007-10-29 18:14 323216 C:\Program Files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch]
C:\Program Files\NaviSearch\bin\nls.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]
C:\Program Files\NetZero\exec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NGServer]
C:\Program Files\Symantec\Ghost\ngserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqdll]
C:\WINDOWS\ozdqdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqenc]
C:\WINDOWS\ozdqenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2004-04-14 14:46 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder]
C:\Program Files\PCPitstop\Optimize\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pidfdll]
C:\WINDOWS\pidfdll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivacyScanner]
C:\Program Files\Privacy Champion\pscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSof1]
C:\WINDOWS\system32\PSof1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-11-15 20:23 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\richup]
C:\WINDOWS\system32\richup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rn8T36l]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker]
C:\WINDOWS\system32\khooker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
--a------ 2002-07-12 03:15 106496 C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-10-14 10:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-20 23:04 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sysnet]
C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\sysnet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The Phil Hendrie Show]
C:\Program Files\Phil Hendrie Media Center\Phil Hendrie Media Center.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfdll]
C:\WINDOWS\tkbfdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfenc]
C:\WINDOWS\tkbfenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBouncer]
C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vidctrl]
C:\WINDOWS\system32\vidctrl\vidctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WallpaperSS]
C:\Program Files\WallpaperSS\WallpaperSS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\mobile PhoneTools\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsync]
C:\WINDOWS\system32\babpon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]
C:\Program Files\winupdates\winupdates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WootAgent]
C:\Program Files\Woot Agent\WootAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ycbyenc]
C:\WINDOWS\ycbyenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YCentral]
--a------ 2005-12-06 17:37 409112 c:\progra~1\yahoo!\YCentral\YahooCentral.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrdll]
C:\WINDOWS\yfzrdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrenc]
C:\WINDOWS\yfzrenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yykvenc]
C:\WINDOWS\yykvenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]
C:\Program Files\Zinio\ZinioDeliveryManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwdll]
C:\WINDOWS\zztwdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwenc]
C:\WINDOWS\zztwenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RioMSC"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Palm\\Hotsync.exe"=
"C:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\SecondLife\\SecondLife.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1755:TCP"= 1755:TCP:yahoo.com
"14237:TCP"= 14237:TCP:hotsync
"14238:UDP"= 14238:UDP:hotsync

R0 MtxDma0;Matrox Dma Manager (0);C:\WINDOWS\system32\drivers\MtxDma0.sys [2002-07-09 23:33]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 14:49]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 05:27]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28]
S3 DoradoPC;Conexant VGA Camera;C:\WINDOWS\system32\DRIVERS\drdvid40.sys [2001-12-16 19:33]
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys [2006-04-17 18:13]
S3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys []
S3 sgiul50;sgiul50;C:\WINDOWS\system32\DRIVERS\sgiulnt5.sys [2001-08-17 12:51]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 16:02]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;C:\Program Files\Ufasoft\Sniffer\usft_sn4.sys []
S3 USB-100;SMC Compact USB to Ethernet converter;C:\WINDOWS\system32\DRIVERS\SMC2208.SYS [2003-04-03 00:21]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-20 01:10:01 C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job"
- C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE
"2008-03-06 07:00:00 C:\WINDOWS\Tasks\Tune-up Application Start.job"
"2008-03-20 01:39:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{3238FA5A-B1EB-4855-987F-502E04ED310C}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 18:31:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-03-19 18:40:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-20 01:40:12
.
2008-03-19 10:00:28 --- E O F ---

ComboFix 08-03-18.1 - Michael Greene 2008-03-19 18:25:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1424 [GMT -7:00]
Running from: C:\Documents and Settings\Michael Greene\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\cmapp
C:\Program Files\cmapp\Client\hf.txt
C:\Program Files\cmapp\Client\rf.txt
C:\Program Files\cmapp\Client\sf.txt
C:\Program Files\cmapp\Client\Uninstall.exe
C:\Program Files\cmapp\cmappstub.exe
C:\Program Files\Common Files\uninstall information
C:\Program Files\winupdates
C:\Program Files\winupdates\a.zip
C:\WINDOWS\BMe465e73a.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\start.exe
C:\WINDOWS\SYSTEM32\adnwyvie.ini
C:\WINDOWS\system32\albxjodg.dll
C:\WINDOWS\system32\asdmjtim.dll
C:\WINDOWS\SYSTEM32\bptcllyu.ini
C:\WINDOWS\system32\bxyuaonk.dll
C:\WINDOWS\system32\cvywfklc.dll
C:\WINDOWS\SYSTEM32\djeukusu.ini
C:\WINDOWS\system32\edaqelrk.dll
C:\WINDOWS\SYSTEM32\egjlm.ini
C:\WINDOWS\SYSTEM32\egjlm.ini2
C:\WINDOWS\system32\fmvdihvk.dll
C:\WINDOWS\system32\fsdfdeyn.dll
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\gwajljhn.dll
C:\WINDOWS\system32\hbvvhhju.dll
C:\WINDOWS\system32\hmfeapee.dll
C:\WINDOWS\system32\iapkbtps.dll
C:\WINDOWS\SYSTEM32\inqhtdla.ini
C:\WINDOWS\system32\iqnmdrrl.dll
C:\WINDOWS\system32\iwiicvpa.dll
C:\WINDOWS\system32\ixuegpyk.dll
C:\WINDOWS\SYSTEM32\jlmdvkgd.ini
C:\WINDOWS\SYSTEM32\jovhpwxj.ini
C:\WINDOWS\system32\jqlxqwjt.dll
C:\WINDOWS\system32\kdrvsudx.dll
C:\WINDOWS\SYSTEM32\ktjegtux.ini
C:\WINDOWS\SYSTEM32\laodyemv.ini
C:\WINDOWS\SYSTEM32\lrrdmnqi.ini
C:\WINDOWS\system32\lvdbcmer.dll
C:\WINDOWS\system32\makxmthy.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\mitjmdsa.ini
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\SYSTEM32\mmhhuswo.ini
C:\WINDOWS\system32\nisjsprp.dll
C:\WINDOWS\SYSTEM32\nutxlmne.ini
C:\WINDOWS\system32\oekvfsxo.dll
C:\WINDOWS\system32\oxrlbdeq.dll
C:\WINDOWS\system32\pbjkpkqi.dll
C:\WINDOWS\system32\pubntywb.dll
C:\WINDOWS\system32\qgwphfko.dll
C:\WINDOWS\SYSTEM32\qobhppso.ini
C:\WINDOWS\system32\qufkmyiu.dll
C:\WINDOWS\system32\qwsaahim.dll
C:\WINDOWS\SYSTEM32\rnpsgojr.ini
C:\WINDOWS\SYSTEM32\spnjgglu.ini
C:\WINDOWS\SYSTEM32\sptbkpai.ini
C:\WINDOWS\SYSTEM32\srclfebv.ini
C:\WINDOWS\system32\srysdmdw.dll
C:\WINDOWS\system32\tvrfhgru.dll
C:\WINDOWS\SYSTEM32\tvyxendx.ini
C:\WINDOWS\system32\uabkhenj.dll
C:\WINDOWS\SYSTEM32\ugrmphgf.ini
C:\WINDOWS\SYSTEM32\uhmamesi.ini
C:\WINDOWS\SYSTEM32\utxnnthj.ini
C:\WINDOWS\system32\uunfxkmf.dll
C:\WINDOWS\system32\vhuyflsi.dll
C:\WINDOWS\system32\vovidxkr.dll
C:\WINDOWS\system32\wjceaals.dll
C:\WINDOWS\system32\wjvpkuua.dll
C:\WINDOWS\system32\wovfinjo.dll
C:\WINDOWS\SYSTEM32\wqgdmxol.ini
C:\WINDOWS\SYSTEM32\xddgtsbm.ini
C:\WINDOWS\SYSTEM32\xeegjhvf.ini
C:\WINDOWS\SYSTEM32\xituejkj.ini
C:\WINDOWS\system32\xutgejtk.dll
C:\WINDOWS\system32\ydrvxvmh.dll
C:\WINDOWS\SYSTEM32\ylqmsxim.ini
C:\WINDOWS\system32\yqugwtdv.dll
C:\WINDOWS\Web\default.htt

.
((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.

2008-03-19 17:18 . 2008-03-19 17:18 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-03-19 15:42 . 2008-03-19 15:42 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-19 15:36 . 2008-03-19 17:26 <DIR> d-------- C:\SDFix
2008-03-17 23:14 . 2008-03-18 23:15 2,104,562 ---hs---- C:\WINDOWS\SYSTEM32\fhyaouro.ini
2008-03-17 18:46 . 2008-03-17 18:46 <DIR> d-------- C:\ie-spyad_zo
2008-03-16 23:14 . 2008-03-16 23:14 1,367,267 ---hs---- C:\WINDOWS\SYSTEM32\oihsbyot.ini
2008-03-15 23:18 . 2008-03-16 14:08 1,366,743 ---hs---- C:\WINDOWS\SYSTEM32\skvxnofm.ini
2008-03-06 23:29 . 2004-08-04 05:00 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\hwxjpn.dll
2008-03-06 23:28 . 2004-05-13 01:39 876,653 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\fp4awel.dll
2008-03-06 23:26 . 2008-03-06 23:26 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2008-03-06 22:40 . 2004-08-04 05:00 1,086,058 -ra------ C:\WINDOWS\SET79.tmp
2008-03-06 22:40 . 2004-08-04 05:00 1,042,903 -ra------ C:\WINDOWS\SET76.tmp
2008-03-06 22:40 . 2004-08-04 05:00 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2008-03-06 22:40 . 2004-08-04 05:00 24,661 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\spxcoins.dll
2008-03-06 22:40 . 2004-08-04 05:00 13,753 -ra------ C:\WINDOWS\SET85.tmp
2008-03-06 22:40 . 2004-08-04 05:00 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll
2008-03-06 22:40 . 2004-08-04 05:00 13,312 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\irclass.dll
2008-03-06 18:25 . 2007-12-10 15:24 159,458 --a------ C:\WINDOWS\SYSTEM32\nvapps.nvb
2008-03-06 18:20 . 2008-03-08 00:21 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-03-01 03:07 . 2008-03-17 15:35 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-03-01 03:06 . 2008-03-17 17:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-03-01 03:06 . 2008-03-17 15:35 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-03-01 03:06 . 2008-03-17 15:35 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-02-29 23:01 . 2008-02-29 23:04 197,009,408 --a------ C:\B.tmp
2008-02-29 22:57 . 2008-02-29 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-02-29 22:56 . 2008-02-29 23:01 <DIR> d-------- C:\WINDOWS\SYSTEM32\PAV
2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Program Files\Panda Security
2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Documents and Settings\Michael Greene\Application Data\Panda Software
2008-02-29 22:56 . 2007-09-28 14:24 83,896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pavdrv51.sys
2008-02-29 22:56 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\SYSTEM32\pavcpl.cpl
2008-02-29 22:56 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\SYSTEM32\avldr.dll
2008-02-29 22:56 . 2008-02-29 22:56 248 --a------ C:\WINDOWS\SYSTEM32\PavCPL.dat
2008-02-29 22:53 . 2007-07-12 14:49 178,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PavProc.sys
2008-02-29 22:53 . 2007-05-23 16:40 38,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ShlDrv51.sys
2008-02-29 22:48 . 2008-02-29 22:48 170 --a------ C:\WINDOWS\AvDetected.ini
2008-02-29 22:47 . 2008-02-29 22:53 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-02-26 02:37 . 2008-02-26 02:37 <DIR> d-------- C:\Deckard
2008-02-25 20:13 . 2008-03-11 20:31 1,597 --a------ C:\WINDOWS\mozver.dat
2008-02-25 19:51 . 2008-03-17 18:42 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-25 18:28 . 2008-02-25 18:28 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-25 01:48 . 2007-08-01 23:47 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-02-25 00:51 . 2008-02-25 00:51 1,966,134 --a------ C:\WINDOWS\wall.bmp
2008-02-25 00:29 . 2008-02-25 01:48 <DIR> d-------- C:\Documents and Settings\Michael Greene\.housecall6.6
2008-02-25 00:17 . 2008-02-25 00:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-24 23:54 . 2008-02-24 23:54 <DIR> d-------- C:\NVIDIA
2008-02-24 23:54 . 2007-12-05 03:53 356,352 --a------ C:\WINDOWS\SYSTEM32\NVUNINST.EXE
2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\VundoFix Backups
2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-24 21:42 . 2008-03-17 18:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Anvsoft
2008-02-23 21:37 . 2008-02-23 21:37 0 --a------ C:\WINDOWS\SYSTEM32\efccbcc.dll.vir
2008-02-23 20:27 . 2008-02-23 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-20 18:13 . 2008-02-20 18:13 11 -ra------ C:\WINDOWS\amunres.lsl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 23:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-17 23:41 --------- d-----w C:\Program Files\mobile PhoneTools
2008-03-17 23:38 --------- d-----w C:\Program Files\Google
2008-03-17 23:36 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-03-17 23:36 --------- d-----w C:\Program Files\Coast to Coast AM Media Center
2008-03-10 01:47 --------- d-----w C:\Program Files\AtomTime Pro
2008-03-07 06:38 28,144 ----a-w C:\Documents and Settings\Michael Greene\Application Data\GDIPFONTCACHEV1.DAT
2008-03-01 07:49 5,751,849 ----a-w C:\WINDOWS\JAVA\Packages\6rr9np7x.zip
2008-03-01 07:49 5,749,283 ----a-w C:\WINDOWS\JAVA\Packages\a9flzxvh.zip
2008-03-01 06:53 5,883,064 ----a-w C:\Program Files\DPSS0303.ZIP
2008-03-01 05:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 02:37 --------- d-----w C:\Program Files\LimeWire
2008-02-25 06:50 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-02-25 05:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-25 04:42 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Lavasoft
2008-02-25 04:41 --------- d-----w C:\Program Files\RegistryFix
2008-02-25 04:41 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-25 04:41 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-25 04:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-25 04:39 --------- d-----w C:\Program Files\GetASFStream
2008-02-25 04:39 --------- d-----w C:\Program Files\DVD slideshow GUI
2008-02-25 04:37 --------- d-----w C:\Program Files\Picasa2
2008-02-25 04:37 --------- d-----w C:\Program Files\Lavasoft
2008-02-21 02:37 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Ahead
2008-02-17 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-02-17 03:51 --------- d-----w C:\Program Files\Nero
2008-02-17 03:45 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-16 23:43 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Media Player Classic
2008-02-16 23:36 --------- d-----w C:\Program Files\Replay Converter
2008-02-09 06:05 --------- d-----w C:\Program Files\RealArcade
2008-02-08 08:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-06 07:41 --------- d-----w C:\Program Files\URLSnooper2
2008-01-20 17:59 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\DonationCoder
2008-01-20 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\DonationCoder
2007-08-25 07:00 250 ------w C:\Documents and Settings\Michael Greene\jobq.dat
2007-06-04 21:13 3,655,608 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-06-04 21:13 25,990,392 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2006-10-03 08:00 24,192 ------w C:\Documents and Settings\Michael Greene\usbsermptxp.sys
2006-10-03 08:00 22,768 ------w C:\Documents and Settings\Michael Greene\usbsermpt.sys
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2005-02-06 16:27 122 ------w C:\Documents and Settings\Michael Greene\Application Data\fusioncache.dat
2005-02-05 04:02 271 --sh--w C:\Program Files\desktop.ini
2005-02-05 04:02 23,357 ---ha-w C:\Program Files\folder.htt
2004-07-18 05:55 460,728 ----a-w C:\WINDOWS\FONTS\SET496.tmp
2004-07-18 05:55 383,140 ----a-w C:\WINDOWS\FONTS\SET495.tmp
2004-07-18 05:55 355,436 ----a-w C:\WINDOWS\FONTS\SET494.tmp
2004-07-17 18:39 409,280 ----a-w C:\WINDOWS\FONTS\SET493.tmp
2004-07-17 18:39 398,372 ----a-w C:\WINDOWS\FONTS\SET492.tmp
2004-07-17 18:39 367,112 ----a-w C:\WINDOWS\FONTS\SET49A.tmp
2004-07-17 18:39 352,224 ----a-w C:\WINDOWS\FONTS\SET499.tmp
2004-07-17 18:39 171,792 ----a-w C:\WINDOWS\FONTS\SET490.tmp
2004-07-17 18:39 155,068 ----a-w C:\WINDOWS\FONTS\SET497.tmp
2004-07-17 18:39 134,108 ----a-w C:\WINDOWS\FONTS\SET491.tmp
2004-07-17 18:39 127,596 ----a-w C:\WINDOWS\FONTS\SET498.tmp
2003-02-08 11:50 8,707 ----a-w C:\Program Files\Readme.rtf
2003-02-08 11:50 2,418 ----a-w C:\Program Files\Readme.txt
2003-01-12 19:41 3,392 ----a-w C:\WINDOWS\inf\OTHER\cmiainfo.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
"Coast to Coast AM"="C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe" [2005-06-08 11:00 983040]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-20 23:04 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2003-06-26 11:35 303104]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07 843776]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-15 20:23 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 10:57:16 2913584]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588]
Timex Data Link USB Launcher.lnk - C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe [2006-01-01 19:22:01 40960]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"csnob.exe"= C:\WINDOWS\system\csnob.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\SYSTEM32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbcc]
efccbcc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timex Data Link USB Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timex Data Link USB Launcher.lnk
backup=C:\WINDOWS\pss\Timex Data Link USB Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Palm Registration.lnk]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Palm Registration.lnk
backup=C:\WINDOWS\pss\Palm Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Reboot.exe]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Reboot.exe
backup=C:\WINDOWS\pss\Reboot.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Screenshot Utility.lnk]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Screenshot Utility.lnk
backup=C:\WINDOWS\pss\Screenshot Utility.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aCr3RWJpX]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-09-09 01:18 57344 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert]
C:\Program Files\AdwareAlert\adwarealert.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
C:\Program Files\AutoUpdate\AutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe465e73a]
C:\WINDOWS\system32\igcvqlvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
C:\Program Files\BullsEye Network\bin\bargains.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\VCMnet11.exe]
C:\WINDOWS\VCMnet11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\canoenc]
C:\WINDOWS\canoenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup]
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAS Client]
C:\Program Files\Cas\Client\casclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfgmgr52]
C:\WINDOWS\cfgmgr52.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\checkrun]
C:\windows\system32\eliteuhe32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMAPP]
C:\Program Files\CMAPP\Client\cmappclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer]
--a------ 2003-07-24 00:05 395264 C:\Program Files\Microsoft Plus! Digital Media Edition\Dancer\Dancer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dwridll]
C:\WINDOWS\dwridll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e756d4a6]
C:\WINDOWS\system32\xutgejtk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjdll]
C:\WINDOWS\eddjdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjenc]
C:\WINDOWS\eddjenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgoldll]
C:\WINDOWS\fgoldll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgolenc]
C:\WINDOWS\fgolenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup 4.0]
C:\PROGRA~1\NOVOSOFT\HANDYB~1\hbagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2001-11-19 06:27 196608 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE New Window Maximizer]
--a------ 2005-02-08 23:06 356352 C:\Program Files\IE New Window Maximizer\iemaximizer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2004-04-14 15:04 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Israfel]
C:\WINDOWS\SYSTEM32\Israfel.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-03-20 17:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
C:\WINDOWS\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KavSvc]
C:\WINDOWS\system32\pnphma.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel32]
C:\WINDOWS\SYSTEM32\Kernel32.win

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lu38clae]
C:\WINDOWS\system32\lu38clae.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
C:\Program Files\Microsoft Money\System\Activation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyApplication]
--a------ 2006-04-29 06:37 2841600 C:\Program Files\SlideShow\wpchng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2007-10-29 18:14 323216 C:\Program Files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch]
C:\Program Files\NaviSearch\bin\nls.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]
C:\Program Files\NetZero\exec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NGServer]
C:\Program Files\Symantec\Ghost\ngserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqdll]
C:\WINDOWS\ozdqdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqenc]
C:\WINDOWS\ozdqenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2004-04-14 14:46 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder]
C:\Program Files\PCPitstop\Optimize\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pidfdll]
C:\WINDOWS\pidfdll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivacyScanner]
C:\Program Files\Privacy Champion\pscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSof1]
C:\WINDOWS\system32\PSof1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-11-15 20:23 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\richup]
C:\WINDOWS\system32\richup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rn8T36l]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker]
C:\WINDOWS\system32\khooker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
--a------ 2002-07-12 03:15 106496 C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-10-14 10:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-20 23:04 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sysnet]
C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\sysnet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The Phil Hendrie Show]
C:\Program Files\Phil Hendrie Media Center\Phil Hendrie Media Center.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfdll]
C:\WINDOWS\tkbfdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfenc]
C:\WINDOWS\tkbfenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBouncer]
C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vidctrl]
C:\WINDOWS\system32\vidctrl\vidctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WallpaperSS]
C:\Program Files\WallpaperSS\WallpaperSS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\mobile PhoneTools\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsync]
C:\WINDOWS\system32\babpon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]
C:\Program Files\winupdates\winupdates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WootAgent]
C:\Program Files\Woot Agent\WootAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ycbyenc]
C:\WINDOWS\ycbyenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YCentral]
--a------ 2005-12-06 17:37 409112 c:\progra~1\yahoo!\YCentral\YahooCentral.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrdll]
C:\WINDOWS\yfzrdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrenc]
C:\WINDOWS\yfzrenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yykvenc]
C:\WINDOWS\yykvenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]
C:\Program Files\Zinio\ZinioDeliveryManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwdll]
C:\WINDOWS\zztwdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwenc]
C:\WINDOWS\zztwenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RioMSC"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Palm\\Hotsync.exe"=
"C:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\SecondLife\\SecondLife.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1755:TCP"= 1755:TCP:yahoo.com
"14237:TCP"= 14237:TCP:hotsync
"14238:UDP"= 14238:UDP:hotsync

R0 MtxDma0;Matrox Dma Manager (0);C:\WINDOWS\system32\drivers\MtxDma0.sys [2002-07-09 23:33]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 14:49]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 05:27]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28]
S3 DoradoPC;Conexant VGA Camera;C:\WINDOWS\system32\DRIVERS\drdvid40.sys [2001-12-16 19:33]
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys [2006-04-17 18:13]
S3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys []
S3 sgiul50;sgiul50;C:\WINDOWS\system32\DRIVERS\sgiulnt5.sys [2001-08-17 12:51]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 16:02]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;C:\Program Files\Ufasoft\Sniffer\usft_sn4.sys []
S3 USB-100;SMC Compact USB to Ethernet converter;C:\WINDOWS\system32\DRIVERS\SMC2208.SYS [2003-04-03 00:21]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-20 01:10:01 C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job"
- C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE
"2008-03-06 07:00:00 C:\WINDOWS\Tasks\Tune-up Application Start.job"
"2008-03-20 01:39:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{3238FA5A-B1EB-4855-987F-502E04ED310C}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 18:31:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-03-19 18:40:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-20 01:40:12
.
2008-03-19 10:00:28 --- E O F ---

mikeyg98 · 03-19-2008, 07:57 PM

SDFix: Version 1.159

Run by Administrator on Wed 03/19/2008 at 03:59 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url - Deleted
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url - Deleted
C:\Program Files\Setup.exe - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 17:17:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000051
"TracesSuccessful"=dword:00000009

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Palm\\Hotsync.exe"="C:\\Program Files\\Palm\\Hotsync.exe:*:Enabled:HotSync Manager"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_server.exe"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_server.exe:*:Disabled:Musicmatchr Music Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\FlightGear\\bin\\win32\\fgfs.exe"="C:\\Program Files\\FlightGear\\bin\\win32\\fgfs.exe:*:Enabled:fgfs"
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\\Program Files\\SecondLife\\SecondLife.exe"="C:\\Program Files\\SecondLife\\SecondLife.exe:*:Enabled:Second Life"
"C:\\Program Files\\SecondLife\\SLVoice.exe"="C:\\Program Files\\SecondLife\\SLVoice.exe:*:Enabled:SLVoice"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Documents and Settings\\Michael Greene\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\Michael Greene\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 4 Feb 2005 194 ..SH. --- "C:\AUTOEXEC.BAK"
Mon 11 Jul 2005 3,112,968 ...H. --- "C:\amanda tem\setup.exe"
Thu 21 Feb 2008 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Tue 21 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Sun 7 Oct 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 11 Dec 2006 0 A.SH. --- "C:\WINDOWS\DRM\Cache\Indiv02.tmp"
Sun 21 Jul 2002 418,816 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\All.exe"
Thu 18 Jul 2002 390,144 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\Change.exe"
Thu 18 Jul 2002 574,464 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\CheckPath.exe"
Mon 19 Aug 2002 430,592 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\Counter.exe"
Mon 22 Jul 2002 390,656 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\DelFolders.exe"
Fri 22 Nov 2002 399,872 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\DirectSetup.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\RegClean.exe"
Fri 19 Jul 2002 388,608 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\Regexe.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\RunRegexe.exe"
Sun 14 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 7 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT4.tmp"
Sun 2 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52e811b9b8a98e903e9af1663dd13485\BIT4.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT3.tmp"
Sun 2 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\771350e502329b319ea4189fe126f571\BIT3.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT4.tmp"
Fri 7 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT3.tmp"
Sun 4 Dec 2005 27,648 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Templates\~WRL0001.tmp"
Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL0003.tmp"
Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL1772.tmp"
Mon 16 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL1851.tmp"
Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL2215.tmp"
Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL2695.tmp"
Sat 21 Jul 2007 1,101,824 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\cooper garry's wedding fishing\SIV53.tmp"
Tue 22 Aug 2006 1,978,368 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\jun07\SIV9D.tmp"
Mon 10 Sep 2007 1,640 ..SH. --- "C:\Documents and Settings\Michael Greene\Application Data\Roxio\Dragon\DiscInfoCache\SONY_____DVD_RW_DRU-530A__2.1a_300_DICV018_DRGV2050108.TMP"
Fri 2 Nov 2007 2,172 A.SH. --- "C:\Documents and Settings\Michael Greene\Application Data\Roxio\Dragon\DiscInfoCache\SONY_____DVD_RW_DRU-530A__2.1a_100_DICV018_DRGV2050108.TMP"
Wed 6 Jul 2005 1,409,024 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\102NIKON\102NIKON\SIV3F.tmp"
Wed 6 Jul 2005 557,056 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\102NIKON\102NIKON\SIV42.tmp"
Wed 6 Jul 2005 1,409,024 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\cruise\102NIKON\102NIKON\SIV3F.tmp"
Wed 6 Jul 2005 557,056 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\cruise\102NIKON\102NIKON\SIV42.tmp"
Thu 22 Jun 2006 2,461,696 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\jun07\DCIM\100NIKON\SIV39.tmp"
Tue 6 Jun 2006 827,392 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\jun07\DCIM\100NIKON\SIV55.tmp"

Finished!

ComboFix 08-03-18.1 - Michael Greene 2008-03-19 18:25:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1424 [GMT -7:00]
Running from: C:\Documents and Settings\Michael Greene\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\cmapp
C:\Program Files\cmapp\Client\hf.txt
C:\Program Files\cmapp\Client\rf.txt
C:\Program Files\cmapp\Client\sf.txt
C:\Program Files\cmapp\Client\Uninstall.exe
C:\Program Files\cmapp\cmappstub.exe
C:\Program Files\Common Files\uninstall information
C:\Program Files\winupdates
C:\Program Files\winupdates\a.zip
C:\WINDOWS\BMe465e73a.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\start.exe
C:\WINDOWS\SYSTEM32\adnwyvie.ini
C:\WINDOWS\system32\albxjodg.dll
C:\WINDOWS\system32\asdmjtim.dll
C:\WINDOWS\SYSTEM32\bptcllyu.ini
C:\WINDOWS\system32\bxyuaonk.dll
C:\WINDOWS\system32\cvywfklc.dll
C:\WINDOWS\SYSTEM32\djeukusu.ini
C:\WINDOWS\system32\edaqelrk.dll
C:\WINDOWS\SYSTEM32\egjlm.ini
C:\WINDOWS\SYSTEM32\egjlm.ini2
C:\WINDOWS\system32\fmvdihvk.dll
C:\WINDOWS\system32\fsdfdeyn.dll
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\gwajljhn.dll
C:\WINDOWS\system32\hbvvhhju.dll
C:\WINDOWS\system32\hmfeapee.dll
C:\WINDOWS\system32\iapkbtps.dll
C:\WINDOWS\SYSTEM32\inqhtdla.ini
C:\WINDOWS\system32\iqnmdrrl.dll
C:\WINDOWS\system32\iwiicvpa.dll
C:\WINDOWS\system32\ixuegpyk.dll
C:\WINDOWS\SYSTEM32\jlmdvkgd.ini
C:\WINDOWS\SYSTEM32\jovhpwxj.ini
C:\WINDOWS\system32\jqlxqwjt.dll
C:\WINDOWS\system32\kdrvsudx.dll
C:\WINDOWS\SYSTEM32\ktjegtux.ini
C:\WINDOWS\SYSTEM32\laodyemv.ini
C:\WINDOWS\SYSTEM32\lrrdmnqi.ini
C:\WINDOWS\system32\lvdbcmer.dll
C:\WINDOWS\system32\makxmthy.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\mitjmdsa.ini
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\SYSTEM32\mmhhuswo.ini
C:\WINDOWS\system32\nisjsprp.dll
C:\WINDOWS\SYSTEM32\nutxlmne.ini
C:\WINDOWS\system32\oekvfsxo.dll
C:\WINDOWS\system32\oxrlbdeq.dll
C:\WINDOWS\system32\pbjkpkqi.dll
C:\WINDOWS\system32\pubntywb.dll
C:\WINDOWS\system32\qgwphfko.dll
C:\WINDOWS\SYSTEM32\qobhppso.ini
C:\WINDOWS\system32\qufkmyiu.dll
C:\WINDOWS\system32\qwsaahim.dll
C:\WINDOWS\SYSTEM32\rnpsgojr.ini
C:\WINDOWS\SYSTEM32\spnjgglu.ini
C:\WINDOWS\SYSTEM32\sptbkpai.ini
C:\WINDOWS\SYSTEM32\srclfebv.ini
C:\WINDOWS\system32\srysdmdw.dll
C:\WINDOWS\system32\tvrfhgru.dll
C:\WINDOWS\SYSTEM32\tvyxendx.ini
C:\WINDOWS\system32\uabkhenj.dll
C:\WINDOWS\SYSTEM32\ugrmphgf.ini
C:\WINDOWS\SYSTEM32\uhmamesi.ini
C:\WINDOWS\SYSTEM32\utxnnthj.ini
C:\WINDOWS\system32\uunfxkmf.dll
C:\WINDOWS\system32\vhuyflsi.dll
C:\WINDOWS\system32\vovidxkr.dll
C:\WINDOWS\system32\wjceaals.dll
C:\WINDOWS\system32\wjvpkuua.dll
C:\WINDOWS\system32\wovfinjo.dll
C:\WINDOWS\SYSTEM32\wqgdmxol.ini
C:\WINDOWS\SYSTEM32\xddgtsbm.ini
C:\WINDOWS\SYSTEM32\xeegjhvf.ini
C:\WINDOWS\SYSTEM32\xituejkj.ini
C:\WINDOWS\system32\xutgejtk.dll
C:\WINDOWS\system32\ydrvxvmh.dll
C:\WINDOWS\SYSTEM32\ylqmsxim.ini
C:\WINDOWS\system32\yqugwtdv.dll
C:\WINDOWS\Web\default.htt

.
((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.

2008-03-19 17:18 . 2008-03-19 17:18 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-03-19 15:42 . 2008-03-19 15:42 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-19 15:36 . 2008-03-19 17:26 <DIR> d-------- C:\SDFix
2008-03-17 23:14 . 2008-03-18 23:15 2,104,562 ---hs---- C:\WINDOWS\SYSTEM32\fhyaouro.ini
2008-03-17 18:46 . 2008-03-17 18:46 <DIR> d-------- C:\ie-spyad_zo
2008-03-16 23:14 . 2008-03-16 23:14 1,367,267 ---hs---- C:\WINDOWS\SYSTEM32\oihsbyot.ini
2008-03-15 23:18 . 2008-03-16 14:08 1,366,743 ---hs---- C:\WINDOWS\SYSTEM32\skvxnofm.ini
2008-03-06 23:29 . 2004-08-04 05:00 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\hwxjpn.dll
2008-03-06 23:28 . 2004-05-13 01:39 876,653 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\fp4awel.dll
2008-03-06 23:26 . 2008-03-06 23:26 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2008-03-06 22:40 . 2004-08-04 05:00 1,086,058 -ra------ C:\WINDOWS\SET79.tmp
2008-03-06 22:40 . 2004-08-04 05:00 1,042,903 -ra------ C:\WINDOWS\SET76.tmp
2008-03-06 22:40 . 2004-08-04 05:00 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2008-03-06 22:40 . 2004-08-04 05:00 24,661 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\spxcoins.dll
2008-03-06 22:40 . 2004-08-04 05:00 13,753 -ra------ C:\WINDOWS\SET85.tmp
2008-03-06 22:40 . 2004-08-04 05:00 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll
2008-03-06 22:40 . 2004-08-04 05:00 13,312 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\irclass.dll
2008-03-06 18:25 . 2007-12-10 15:24 159,458 --a------ C:\WINDOWS\SYSTEM32\nvapps.nvb
2008-03-06 18:20 . 2008-03-08 00:21 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-03-01 03:07 . 2008-03-17 15:35 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-03-01 03:06 . 2008-03-17 17:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-03-01 03:06 . 2008-03-17 15:35 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-03-01 03:06 . 2008-03-17 15:35 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-02-29 23:01 . 2008-02-29 23:04 197,009,408 --a------ C:\B.tmp
2008-02-29 22:57 . 2008-02-29 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-02-29 22:56 . 2008-02-29 23:01 <DIR> d-------- C:\WINDOWS\SYSTEM32\PAV
2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Program Files\Panda Security
2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Documents and Settings\Michael Greene\Application Data\Panda Software
2008-02-29 22:56 . 2007-09-28 14:24 83,896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pavdrv51.sys
2008-02-29 22:56 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\SYSTEM32\pavcpl.cpl
2008-02-29 22:56 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\SYSTEM32\avldr.dll
2008-02-29 22:56 . 2008-02-29 22:56 248 --a------ C:\WINDOWS\SYSTEM32\PavCPL.dat
2008-02-29 22:53 . 2007-07-12 14:49 178,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PavProc.sys
2008-02-29 22:53 . 2007-05-23 16:40 38,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ShlDrv51.sys
2008-02-29 22:48 . 2008-02-29 22:48 170 --a------ C:\WINDOWS\AvDetected.ini
2008-02-29 22:47 . 2008-02-29 22:53 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-02-26 02:37 . 2008-02-26 02:37 <DIR> d-------- C:\Deckard
2008-02-25 20:13 . 2008-03-11 20:31 1,597 --a------ C:\WINDOWS\mozver.dat
2008-02-25 19:51 . 2008-03-17 18:42 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-25 18:28 . 2008-02-25 18:28 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-25 01:48 . 2007-08-01 23:47 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-02-25 00:51 . 2008-02-25 00:51 1,966,134 --a------ C:\WINDOWS\wall.bmp
2008-02-25 00:29 . 2008-02-25 01:48 <DIR> d-------- C:\Documents and Settings\Michael Greene\.housecall6.6
2008-02-25 00:17 . 2008-02-25 00:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-24 23:54 . 2008-02-24 23:54 <DIR> d-------- C:\NVIDIA
2008-02-24 23:54 . 2007-12-05 03:53 356,352 --a------ C:\WINDOWS\SYSTEM32\NVUNINST.EXE
2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\VundoFix Backups
2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-24 21:42 . 2008-03-17 18:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Anvsoft
2008-02-23 21:37 . 2008-02-23 21:37 0 --a------ C:\WINDOWS\SYSTEM32\efccbcc.dll.vir
2008-02-23 20:27 . 2008-02-23 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-20 18:13 . 2008-02-20 18:13 11 -ra------ C:\WINDOWS\amunres.lsl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 23:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-17 23:41 --------- d-----w C:\Program Files\mobile PhoneTools
2008-03-17 23:38 --------- d-----w C:\Program Files\Google
2008-03-17 23:36 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-03-17 23:36 --------- d-----w C:\Program Files\Coast to Coast AM Media Center
2008-03-10 01:47 --------- d-----w C:\Program Files\AtomTime Pro
2008-03-07 06:38 28,144 ----a-w C:\Documents and Settings\Michael Greene\Application Data\GDIPFONTCACHEV1.DAT
2008-03-01 07:49 5,751,849 ----a-w C:\WINDOWS\JAVA\Packages\6rr9np7x.zip
2008-03-01 07:49 5,749,283 ----a-w C:\WINDOWS\JAVA\Packages\a9flzxvh.zip
2008-03-01 06:53 5,883,064 ----a-w C:\Program Files\DPSS0303.ZIP
2008-03-01 05:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 02:37 --------- d-----w C:\Program Files\LimeWire
2008-02-25 06:50 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-02-25 05:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-25 04:42 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Lavasoft
2008-02-25 04:41 --------- d-----w C:\Program Files\RegistryFix
2008-02-25 04:41 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-25 04:41 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-25 04:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-25 04:39 --------- d-----w C:\Program Files\GetASFStream
2008-02-25 04:39 --------- d-----w C:\Program Files\DVD slideshow GUI
2008-02-25 04:37 --------- d-----w C:\Program Files\Picasa2
2008-02-25 04:37 --------- d-----w C:\Program Files\Lavasoft
2008-02-21 02:37 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Ahead
2008-02-17 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-02-17 03:51 --------- d-----w C:\Program Files\Nero
2008-02-17 03:45 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-16 23:43 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Media Player Classic
2008-02-16 23:36 --------- d-----w C:\Program Files\Replay Converter
2008-02-09 06:05 --------- d-----w C:\Program Files\RealArcade
2008-02-08 08:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-06 07:41 --------- d-----w C:\Program Files\URLSnooper2
2008-01-20 17:59 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\DonationCoder
2008-01-20 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\DonationCoder
2007-08-25 07:00 250 ------w C:\Documents and Settings\Michael Greene\jobq.dat
2007-06-04 21:13 3,655,608 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-06-04 21:13 25,990,392 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2006-10-03 08:00 24,192 ------w C:\Documents and Settings\Michael Greene\usbsermptxp.sys
2006-10-03 08:00 22,768 ------w C:\Documents and Settings\Michael Greene\usbsermpt.sys
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2005-02-06 16:27 122 ------w C:\Documents and Settings\Michael Greene\Application Data\fusioncache.dat
2005-02-05 04:02 271 --sh--w C:\Program Files\desktop.ini
2005-02-05 04:02 23,357 ---ha-w C:\Program Files\folder.htt
2004-07-18 05:55 460,728 ----a-w C:\WINDOWS\FONTS\SET496.tmp
2004-07-18 05:55 383,140 ----a-w C:\WINDOWS\FONTS\SET495.tmp
2004-07-18 05:55 355,436 ----a-w C:\WINDOWS\FONTS\SET494.tmp
2004-07-17 18:39 409,280 ----a-w C:\WINDOWS\FONTS\SET493.tmp
2004-07-17 18:39 398,372 ----a-w C:\WINDOWS\FONTS\SET492.tmp
2004-07-17 18:39 367,112 ----a-w C:\WINDOWS\FONTS\SET49A.tmp
2004-07-17 18:39 352,224 ----a-w C:\WINDOWS\FONTS\SET499.tmp
2004-07-17 18:39 171,792 ----a-w C:\WINDOWS\FONTS\SET490.tmp
2004-07-17 18:39 155,068 ----a-w C:\WINDOWS\FONTS\SET497.tmp
2004-07-17 18:39 134,108 ----a-w C:\WINDOWS\FONTS\SET491.tmp
2004-07-17 18:39 127,596 ----a-w C:\WINDOWS\FONTS\SET498.tmp
2003-02-08 11:50 8,707 ----a-w C:\Program Files\Readme.rtf
2003-02-08 11:50 2,418 ----a-w C:\Program Files\Readme.txt
2003-01-12 19:41 3,392 ----a-w C:\WINDOWS\inf\OTHER\cmiainfo.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
"Coast to Coast AM"="C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe" [2005-06-08 11:00 983040]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-20 23:04 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2003-06-26 11:35 303104]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07 843776]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-15 20:23 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 10:57:16 2913584]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588]
Timex Data Link USB Launcher.lnk - C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe [2006-01-01 19:22:01 40960]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"csnob.exe"= C:\WINDOWS\system\csnob.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\SYSTEM32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbcc]
efccbcc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timex Data Link USB Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timex Data Link USB Launcher.lnk
backup=C:\WINDOWS\pss\Timex Data Link USB Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Palm Registration.lnk]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Palm Registration.lnk
backup=C:\WINDOWS\pss\Palm Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Reboot.exe]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Reboot.exe
backup=C:\WINDOWS\pss\Reboot.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Screenshot Utility.lnk]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Screenshot Utility.lnk
backup=C:\WINDOWS\pss\Screenshot Utility.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aCr3RWJpX]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-09-09 01:18 57344 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert]
C:\Program Files\AdwareAlert\adwarealert.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
C:\Program Files\AutoUpdate\AutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe465e73a]
C:\WINDOWS\system32\igcvqlvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
C:\Program Files\BullsEye Network\bin\bargains.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\VCMnet11.exe]
C:\WINDOWS\VCMnet11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\canoenc]
C:\WINDOWS\canoenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup]
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAS Client]
C:\Program Files\Cas\Client\casclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfgmgr52]
C:\WINDOWS\cfgmgr52.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\checkrun]
C:\windows\system32\eliteuhe32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMAPP]
C:\Program Files\CMAPP\Client\cmappclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer]
--a------ 2003-07-24 00:05 395264 C:\Program Files\Microsoft Plus! Digital Media Edition\Dancer\Dancer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dwridll]
C:\WINDOWS\dwridll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e756d4a6]
C:\WINDOWS\system32\xutgejtk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjdll]
C:\WINDOWS\eddjdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjenc]
C:\WINDOWS\eddjenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgoldll]
C:\WINDOWS\fgoldll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgolenc]
C:\WINDOWS\fgolenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup 4.0]
C:\PROGRA~1\NOVOSOFT\HANDYB~1\hbagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2001-11-19 06:27 196608 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE New Window Maximizer]
--a------ 2005-02-08 23:06 356352 C:\Program Files\IE New Window Maximizer\iemaximizer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2004-04-14 15:04 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Israfel]
C:\WINDOWS\SYSTEM32\Israfel.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-03-20 17:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
C:\WINDOWS\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KavSvc]
C:\WINDOWS\system32\pnphma.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel32]
C:\WINDOWS\SYSTEM32\Kernel32.win

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lu38clae]
C:\WINDOWS\system32\lu38clae.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
C:\Program Files\Microsoft Money\System\Activation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyApplication]
--a------ 2006-04-29 06:37 2841600 C:\Program Files\SlideShow\wpchng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2007-10-29 18:14 323216 C:\Program Files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch]
C:\Program Files\NaviSearch\bin\nls.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]
C:\Program Files\NetZero\exec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NGServer]
C:\Program Files\Symantec\Ghost\ngserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqdll]
C:\WINDOWS\ozdqdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqenc]
C:\WINDOWS\ozdqenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2004-04-14 14:46 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder]
C:\Program Files\PCPitstop\Optimize\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pidfdll]
C:\WINDOWS\pidfdll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivacyScanner]
C:\Program Files\Privacy Champion\pscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSof1]
C:\WINDOWS\system32\PSof1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-11-15 20:23 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\richup]
C:\WINDOWS\system32\richup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rn8T36l]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker]
C:\WINDOWS\system32\khooker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
--a------ 2002-07-12 03:15 106496 C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-10-14 10:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-20 23:04 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sysnet]
C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\sysnet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The Phil Hendrie Show]
C:\Program Files\Phil Hendrie Media Center\Phil Hendrie Media Center.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfdll]
C:\WINDOWS\tkbfdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfenc]
C:\WINDOWS\tkbfenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBouncer]
C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vidctrl]
C:\WINDOWS\system32\vidctrl\vidctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WallpaperSS]
C:\Program Files\WallpaperSS\WallpaperSS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\mobile PhoneTools\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsync]
C:\WINDOWS\system32\babpon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]
C:\Program Files\winupdates\winupdates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WootAgent]
C:\Program Files\Woot Agent\WootAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ycbyenc]
C:\WINDOWS\ycbyenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YCentral]
--a------ 2005-12-06 17:37 409112 c:\progra~1\yahoo!\YCentral\YahooCentral.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrdll]
C:\WINDOWS\yfzrdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrenc]
C:\WINDOWS\yfzrenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yykvenc]
C:\WINDOWS\yykvenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]
C:\Program Files\Zinio\ZinioDeliveryManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwdll]
C:\WINDOWS\zztwdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwenc]
C:\WINDOWS\zztwenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RioMSC"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Palm\\Hotsync.exe"=
"C:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\SecondLife\\SecondLife.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1755:TCP"= 1755:TCP:yahoo.com
"14237:TCP"= 14237:TCP:hotsync
"14238:UDP"= 14238:UDP:hotsync

R0 MtxDma0;Matrox Dma Manager (0);C:\WINDOWS\system32\drivers\MtxDma0.sys [2002-07-09 23:33]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 14:49]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 05:27]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28]
S3 DoradoPC;Conexant VGA Camera;C:\WINDOWS\system32\DRIVERS\drdvid40.sys [2001-12-16 19:33]
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys [2006-04-17 18:13]
S3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys []
S3 sgiul50;sgiul50;C:\WINDOWS\system32\DRIVERS\sgiulnt5.sys [2001-08-17 12:51]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 16:02]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;C:\Program Files\Ufasoft\Sniffer\usft_sn4.sys []
S3 USB-100;SMC Compact USB to Ethernet converter;C:\WINDOWS\system32\DRIVERS\SMC2208.SYS [2003-04-03 00:21]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-20 01:10:01 C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job"
- C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE
"2008-03-06 07:00:00 C:\WINDOWS\Tasks\Tune-up Application Start.job"
"2008-03-20 01:39:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{3238FA5A-B1EB-4855-987F-502E04ED310C}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 18:31:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-03-19 18:40:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-20 01:40:12
.
2008-03-19 10:00:28 --- E O F ---

Deckard's System Scanner v20071014.68
Run by Michael Greene on 2008-03-19 18:55:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Michael Greene.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:57 PM, on 3/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Michael Greene\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MICHAE~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\SYSTEM32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\SYSTEM32\mouse_configurator.win
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Coast to Coast AM] C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Policies\Explorer\Run: [csnob.exe] C:\WINDOWS\system\csnob.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Timex Data Link USB Launcher.lnk = C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O15 - Trusted Zone: *.morwillsearch.com
O16 - DPF: ConferenceRoom Java Client - http://pix.sexyads.net:8080/java/cr.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanc...instmodule.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/inst...l/pinstall.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://61.60.112.230/activex/AMC.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-306.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcophotocenter.com/CostcoUpload.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/act...CamControl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O20 - Winlogon Notify: efccbcc - efccbcc.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\SYSTEM32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe

--
End of file - 12966 bytes

-- Files created between 2008-02-19 and 2008-03-19 -----------------------------

2008-03-19 18:25:00 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-19 18:25:00 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-19 18:25:00 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-19 18:25:00 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-19 18:21:41 0 dr-hs---- C:\cmdcons
2008-03-19 18:21:24 0 d-------- C:\WINDOWS\setupupd
2008-03-19 15:42:12 0 d-------- C:\WINDOWS\ERUNT
2008-03-17 18:46:42 0 d-------- C:\ie-spyad_zo
2008-03-06 23:34:05 0 d-------- C:\WINDOWS\Prefetch
2008-03-01 03

54 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-29 22:57:47 0 d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-02-29 22:56:40 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-02-29 22:56:31 0 d-------- C:\Documents and Settings\Michael Greene\Application Data\Panda Software
2008-02-29 22:56:27 0 d-------- C:\WINDOWS\system32\PAV
2008-02-29 22:56:10 0 d-------- C:\Program Files\Panda Security
2008-02-29 22:47:44 0 d-------- C:\Program Files\Common Files\Panda Software
2008-02-25 20:13:54 1597 --a------ C:\WINDOWS\mozver.dat
2008-02-25 19:51:04 0 d-------- C:\Program Files\SpywareBlaster
2008-02-25 18:28:01 0 d-------- C:\Program Files\Enigma Software Group
2008-02-25 00:29:06 0 d-------- C:\Documents and Settings\Michael Greene\.housecall6.6
2008-02-25 00:17:34 0 d-------- C:\Program Files\Trend Micro
2008-02-24 23:54:13 0 d-------- C:\NVIDIA
2008-02-24 22:07:25 0 dr-h----- C:\Documents and Settings\Michael Greene\Recent
2008-02-24 21:42:39 0 d-------- C:\VundoFix Backups
2008-02-24 21:42:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-24 21:42:23 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-24 21:42:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Anvsoft
2008-02-23 20:27:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

-- Find3M Report ---------------------------------------------------------------

2008-03-19 18:26:14 0 d-------- C:\Program Files\Common Files
2008-03-17 16:41:59 0 d-------- C:\Program Files\mobile PhoneTools
2008-03-17 16:38:04 0 d-------- C:\Program Files\Google
2008-03-17 16:36:50 0 d-------- C:\Program Files\Common Files\LightScribe
2008-03-17 16:36:12 0 d-------- C:\Program Files\Coast to Coast AM Media Center
2008-03-16 19:14:25 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-03-09 18:47:39 0 d-------- C:\Program Files\AtomTime Pro
2008-03-07 18:10:01 2111496 --ah----- C:\Documents and Settings\Michael Greene\Application Data\IconCache.db
2008-03-06 23:38:43 28144 --a------ C:\Documents and Settings\Michael Greene\Application Data\GDIPFONTCACHEV1.DAT
2008-03-06 23:24:58 23388 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-29 23:53:50 5883064 --a------ C:\Program Files\DPSS0303.ZIP
2008-02-29 22:56:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-25 19:37:09 0 d-------- C:\Program Files\LimeWire
2008-02-25 18:52:53 0 d-------- C:\Documents and Settings\Michael Greene\Application Data\Mozilla
2008-02-25 00:51:30 715 --a------ C:\Documents and Settings\Michael Greene\Application Data\DSS_Wallpaper.ini
2008-02-24 23:50:01 0 d-------- C:\Program Files\SystemRequirementsLab
2008-02-24 21:42:37 0 d-------- C:\Documents and Settings\Michael Greene\Application Data\Lavasoft
2008-02-24 21:41:30 0 d-------- C:\Program Files\Common Files\Ahead
2008-02-24 21:41:20 0 d-------- C:\Program Files\AviSynth 2.5
2008-02-24 21:41:18 0 d-------- C:\Program Files\RegistryFix
2008-02-24 21:39:32 0 d-------- C:\Program Files\DVD slideshow GUI
2008-02-24 21:39:28 0 d-------- C:\Program Files\GetASFStream
2008-02-24 21:37:19 0 d-------- C:\Program Files\Picasa2
2008-02-24 21:37:09 0 d-------- C:\Program Files\Lavasoft
2008-02-20 19:37:21 0 d-------- C:\Documents and Settings\Michael Greene\Application Data\Ahead
2008-02-16 20:51:39 0 d-------- C:\Program Files\Nero
2008-02-16 20:45:43 0 d-------- C:\Program Files\Common Files\Nero
2008-02-16 16:43:27 0 d-------- C:\Documents and Settings\Michael Greene\Application Data\Media Player Classic
2008-02-16 16:36:19 0 d-------- C:\Program Files\Replay Converter
2008-02-14 00:41:31 0 --a------ C:\WINDOWS\system32\Biport
2008-02-13 04:20:15 1424 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-11 23:43:09 36352 --a------ C:\Documents and Settings\Michael Greene\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-02-08 23:05:47 0 d-------- C:\Program Files\RealArcade
2008-02-08 01:53:53 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-06 00:41:09 0 d-------- C:\Program Files\URLSnooper2
2008-01-20 10:59:12 46 --a------ C:\WINDOWS\system32\DonationCoder_urlsnooper_InstallInfo.dat
2008-01-20 10:59:12 0 d-------- C:\Documents and Settings\Michael Greene\Application Data\DonationCoder
2008-01-19 06:32:19 0 d-------- C:\Documents and Settings\Michael Greene\Application Data\Move Networks

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [06/26/2003 11:35 AM]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [05/25/2004 09:16 AM]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [07/20/2004 09:34 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/01/2006 03:07 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [04/10/2006 09:19 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/15/2005 08:23 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 02:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 02:41 AM C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 02:41 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/30/2006 09:49 PM]
"Coast to Coast AM"="C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe" [06/08/2005 11:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/20/2007 11:04 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" []

C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [7/20/2007 10:57:16 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 1:15:54 AM]
Timex Data Link USB Launcher.lnk - C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe [1/1/2006 7:22:01 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"csnob.exe"=C:\WINDOWS\system\csnob.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 02/15/2007 08:02 PM 50736 C:\WINDOWS\SYSTEM32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbcc]
efccbcc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timex Data Link USB Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timex Data Link USB Launcher.lnk
backup=C:\WINDOWS\pss\Timex Data Link USB Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Palm Registration.lnk]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Palm Registration.lnk
backup=C:\WINDOWS\pss\Palm Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Reboot.exe]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Reboot.exe
backup=C:\WINDOWS\pss\Reboot.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Screenshot Utility.lnk]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Screenshot Utility.lnk
backup=C:\WINDOWS\pss\Screenshot Utility.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aCr3RWJpX]
prismsno.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert]
C:\Program Files\AdwareAlert\adwarealert.Exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
"C:\Program Files\AutoUpdate\AutoUpdate.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe465e73a]
Rundll32.exe "C:\WINDOWS\system32\igcvqlvu.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
C:\Program Files\BullsEye Network\bin\bargains.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\VCMnet11.exe]
C:\WINDOWS\VCMnet11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\canoenc]
C:\WINDOWS\canoenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup]
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAS Client]
"C:\Program Files\Cas\Client\casclient.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfgmgr52]
RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\checkrun]
C:\windows\system32\eliteuhe32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMAPP]
"C:\Program Files\CMAPP\Client\cmappclient.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer]
"C:\Program Files\Microsoft Plus! Digital Media Edition\Dancer\Dancer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dwridll]
C:\WINDOWS\dwridll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e756d4a6]
rundll32.exe "C:\WINDOWS\system32\xutgejtk.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjdll]
C:\WINDOWS\eddjdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjenc]
C:\WINDOWS\eddjenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgoldll]
C:\WINDOWS\fgoldll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgolenc]
C:\WINDOWS\fgolenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup 4.0]
"C:\PROGRA~1\NOVOSOFT\HANDYB~1\hbagent.exe" -logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE New Window Maximizer]
C:\Program Files\IE New Window Maximizer\iemaximizer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Israfel]
C:\WINDOWS\SYSTEM32\Israfel.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
C:\WINDOWS\system32\JMRaidTool.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KavSvc]
C:\WINDOWS\system32\pnphma.exe reg_run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel32]
C:\WINDOWS\SYSTEM32\Kernel32.win

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lu38clae]
C:\WINDOWS\system32\lu38clae.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\Money Express.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
"C:\Program Files\Microsoft Money\System\Activation.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyApplication]
C:\Program Files\SlideShow\wpchng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch]
C:\Program Files\NaviSearch\bin\nls.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]
C:\Program Files\NetZero\exec.exe regrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NGServer]
C:\Program Files\Symantec\Ghost\ngserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqdll]
C:\WINDOWS\ozdqdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqenc]
C:\WINDOWS\ozdqenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder]
C:\Program Files\PCPitstop\Optimize\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pidfdll]
C:\WINDOWS\pidfdll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivacyScanner]
C:\Program Files\Privacy Champion\pscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSof1]
C:\WINDOWS\system32\PSof1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\richup]
C:\WINDOWS\system32\richup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rn8T36l]
qashlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker]
C:\WINDOWS\system32\khooker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sysnet]
C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\sysnet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The Phil Hendrie Show]
C:\Program Files\Phil Hendrie Media Center\Phil Hendrie Media Center.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfdll]
C:\WINDOWS\tkbfdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfenc]
C:\WINDOWS\tkbfenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBouncer]
C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vidctrl]
C:\WINDOWS\system32\vidctrl\vidctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WallpaperSS]
C:\Program Files\WallpaperSS\WallpaperSS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\mobile PhoneTools\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsync]
C:\WINDOWS\system32\babpon.exe reg_run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]
C:\Program Files\winupdates\winupdates.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WootAgent]
C:\Program Files\Woot Agent\WootAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ycbyenc]
C:\WINDOWS\ycbyenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YCentral]
c:\progra~1\yahoo!\YCentral\YahooCentral.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrdll]
C:\WINDOWS\yfzrdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrenc]
C:\WINDOWS\yfzrenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yykvenc]
C:\WINDOWS\yykvenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]
C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwdll]
C:\WINDOWS\zztwdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwenc]
C:\WINDOWS\zztwenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RioMSC"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

-- End of Deckard's System Scanner: finished at 2008-03-19 18:56:08 ------------

mikeyg98 · 03-19-2008, 07:58 PM

SDFix: Version 1.159

Run by Administrator on Wed 03/19/2008 at 03:59 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url - Deleted
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url - Deleted
C:\Program Files\Setup.exe - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 17:17:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000051
"TracesSuccessful"=dword:00000009

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Palm\\Hotsync.exe"="C:\\Program Files\\Palm\\Hotsync.exe:*:Enabled:HotSync Manager"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_server.exe"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_server.exe:*:Disabled:Musicmatchr Music Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\FlightGear\\bin\\win32\\fgfs.exe"="C:\\Program Files\\FlightGear\\bin\\win32\\fgfs.exe:*:Enabled:fgfs"
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\\Program Files\\SecondLife\\SecondLife.exe"="C:\\Program Files\\SecondLife\\SecondLife.exe:*:Enabled:Second Life"
"C:\\Program Files\\SecondLife\\SLVoice.exe"="C:\\Program Files\\SecondLife\\SLVoice.exe:*:Enabled:SLVoice"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Documents and Settings\\Michael Greene\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\Michael Greene\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 4 Feb 2005 194 ..SH. --- "C:\AUTOEXEC.BAK"
Mon 11 Jul 2005 3,112,968 ...H. --- "C:\amanda tem\setup.exe"
Thu 21 Feb 2008 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Tue 21 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Sun 7 Oct 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 11 Dec 2006 0 A.SH. --- "C:\WINDOWS\DRM\Cache\Indiv02.tmp"
Sun 21 Jul 2002 418,816 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\All.exe"
Thu 18 Jul 2002 390,144 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\Change.exe"
Thu 18 Jul 2002 574,464 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\CheckPath.exe"
Mon 19 Aug 2002 430,592 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\Counter.exe"
Mon 22 Jul 2002 390,656 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\DelFolders.exe"
Fri 22 Nov 2002 399,872 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\DirectSetup.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\RegClean.exe"
Fri 19 Jul 2002 388,608 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\Regexe.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\RunRegexe.exe"
Sun 14 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 7 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT4.tmp"
Sun 2 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52e811b9b8a98e903e9af1663dd13485\BIT4.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT3.tmp"
Sun 2 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\771350e502329b319ea4189fe126f571\BIT3.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT4.tmp"
Fri 7 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT3.tmp"
Sun 4 Dec 2005 27,648 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Templates\~WRL0001.tmp"
Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL0003.tmp"
Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL1772.tmp"
Mon 16 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL1851.tmp"
Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL2215.tmp"
Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL2695.tmp"
Sat 21 Jul 2007 1,101,824 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\cooper garry's wedding fishing\SIV53.tmp"
Tue 22 Aug 2006 1,978,368 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\jun07\SIV9D.tmp"
Mon 10 Sep 2007 1,640 ..SH. --- "C:\Documents and Settings\Michael Greene\Application Data\Roxio\Dragon\DiscInfoCache\SONY_____DVD_RW_DRU-530A__2.1a_300_DICV018_DRGV2050108.TMP"
Fri 2 Nov 2007 2,172 A.SH. --- "C:\Documents and Settings\Michael Greene\Application Data\Roxio\Dragon\DiscInfoCache\SONY_____DVD_RW_DRU-530A__2.1a_100_DICV018_DRGV2050108.TMP"
Wed 6 Jul 2005 1,409,024 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\102NIKON\102NIKON\SIV3F.tmp"
Wed 6 Jul 2005 557,056 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\102NIKON\102NIKON\SIV42.tmp"
Wed 6 Jul 2005 1,409,024 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\cruise\102NIKON\102NIKON\SIV3F.tmp"
Wed 6 Jul 2005 557,056 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\cruise\102NIKON\102NIKON\SIV42.tmp"
Thu 22 Jun 2006 2,461,696 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\jun07\DCIM\100NIKON\SIV39.tmp"
Tue 6 Jun 2006 827,392 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\jun07\DCIM\100NIKON\SIV55.tmp"

Finished!

ComboFix 08-03-18.1 - Michael Greene 2008-03-19 18:25:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1424 [GMT -7:00]
Running from: C:\Documents and Settings\Michael Greene\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\cmapp
C:\Program Files\cmapp\Client\hf.txt
C:\Program Files\cmapp\Client\rf.txt
C:\Program Files\cmapp\Client\sf.txt
C:\Program Files\cmapp\Client\Uninstall.exe
C:\Program Files\cmapp\cmappstub.exe
C:\Program Files\Common Files\uninstall information
C:\Program Files\winupdates
C:\Program Files\winupdates\a.zip
C:\WINDOWS\BMe465e73a.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\start.exe
C:\WINDOWS\SYSTEM32\adnwyvie.ini
C:\WINDOWS\system32\albxjodg.dll
C:\WINDOWS\system32\asdmjtim.dll
C:\WINDOWS\SYSTEM32\bptcllyu.ini
C:\WINDOWS\system32\bxyuaonk.dll
C:\WINDOWS\system32\cvywfklc.dll
C:\WINDOWS\SYSTEM32\djeukusu.ini
C:\WINDOWS\system32\edaqelrk.dll
C:\WINDOWS\SYSTEM32\egjlm.ini
C:\WINDOWS\SYSTEM32\egjlm.ini2
C:\WINDOWS\system32\fmvdihvk.dll
C:\WINDOWS\system32\fsdfdeyn.dll
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\gwajljhn.dll
C:\WINDOWS\system32\hbvvhhju.dll
C:\WINDOWS\system32\hmfeapee.dll
C:\WINDOWS\system32\iapkbtps.dll
C:\WINDOWS\SYSTEM32\inqhtdla.ini
C:\WINDOWS\system32\iqnmdrrl.dll
C:\WINDOWS\system32\iwiicvpa.dll
C:\WINDOWS\system32\ixuegpyk.dll
C:\WINDOWS\SYSTEM32\jlmdvkgd.ini
C:\WINDOWS\SYSTEM32\jovhpwxj.ini
C:\WINDOWS\system32\jqlxqwjt.dll
C:\WINDOWS\system32\kdrvsudx.dll
C:\WINDOWS\SYSTEM32\ktjegtux.ini
C:\WINDOWS\SYSTEM32\laodyemv.ini
C:\WINDOWS\SYSTEM32\lrrdmnqi.ini
C:\WINDOWS\system32\lvdbcmer.dll
C:\WINDOWS\system32\makxmthy.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\mitjmdsa.ini
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\SYSTEM32\mmhhuswo.ini
C:\WINDOWS\system32\nisjsprp.dll
C:\WINDOWS\SYSTEM32\nutxlmne.ini
C:\WINDOWS\system32\oekvfsxo.dll
C:\WINDOWS\system32\oxrlbdeq.dll
C:\WINDOWS\system32\pbjkpkqi.dll
C:\WINDOWS\system32\pubntywb.dll
C:\WINDOWS\system32\qgwphfko.dll
C:\WINDOWS\SYSTEM32\qobhppso.ini
C:\WINDOWS\system32\qufkmyiu.dll
C:\WINDOWS\system32\qwsaahim.dll
C:\WINDOWS\SYSTEM32\rnpsgojr.ini
C:\WINDOWS\SYSTEM32\spnjgglu.ini
C:\WINDOWS\SYSTEM32\sptbkpai.ini
C:\WINDOWS\SYSTEM32\srclfebv.ini
C:\WINDOWS\system32\srysdmdw.dll
C:\WINDOWS\system32\tvrfhgru.dll
C:\WINDOWS\SYSTEM32\tvyxendx.ini
C:\WINDOWS\system32\uabkhenj.dll
C:\WINDOWS\SYSTEM32\ugrmphgf.ini
C:\WINDOWS\SYSTEM32\uhmamesi.ini
C:\WINDOWS\SYSTEM32\utxnnthj.ini
C:\WINDOWS\system32\uunfxkmf.dll
C:\WINDOWS\system32\vhuyflsi.dll
C:\WINDOWS\system32\vovidxkr.dll
C:\WINDOWS\system32\wjceaals.dll
C:\WINDOWS\system32\wjvpkuua.dll
C:\WINDOWS\system32\wovfinjo.dll
C:\WINDOWS\SYSTEM32\wqgdmxol.ini
C:\WINDOWS\SYSTEM32\xddgtsbm.ini
C:\WINDOWS\SYSTEM32\xeegjhvf.ini
C:\WINDOWS\SYSTEM32\xituejkj.ini
C:\WINDOWS\system32\xutgejtk.dll
C:\WINDOWS\system32\ydrvxvmh.dll
C:\WINDOWS\SYSTEM32\ylqmsxim.ini
C:\WINDOWS\system32\yqugwtdv.dll
C:\WINDOWS\Web\default.htt

.
((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.

2008-03-19 17:18 . 2008-03-19 17:18 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-03-19 15:42 . 2008-03-19 15:42 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-19 15:36 . 2008-03-19 17:26 <DIR> d-------- C:\SDFix
2008-03-17 23:14 . 2008-03-18 23:15 2,104,562 ---hs---- C:\WINDOWS\SYSTEM32\fhyaouro.ini
2008-03-17 18:46 . 2008-03-17 18:46 <DIR> d-------- C:\ie-spyad_zo
2008-03-16 23:14 . 2008-03-16 23:14 1,367,267 ---hs---- C:\WINDOWS\SYSTEM32\oihsbyot.ini
2008-03-15 23:18 . 2008-03-16 14:08 1,366,743 ---hs---- C:\WINDOWS\SYSTEM32\skvxnofm.ini
2008-03-06 23:29 . 2004-08-04 05:00 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\hwxjpn.dll
2008-03-06 23:28 . 2004-05-13 01:39 876,653 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\fp4awel.dll
2008-03-06 23:26 . 2008-03-06 23:26 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2008-03-06 22:40 . 2004-08-04 05:00 1,086,058 -ra------ C:\WINDOWS\SET79.tmp
2008-03-06 22:40 . 2004-08-04 05:00 1,042,903 -ra------ C:\WINDOWS\SET76.tmp
2008-03-06 22:40 . 2004-08-04 05:00 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2008-03-06 22:40 . 2004-08-04 05:00 24,661 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\spxcoins.dll
2008-03-06 22:40 . 2004-08-04 05:00 13,753 -ra------ C:\WINDOWS\SET85.tmp
2008-03-06 22:40 . 2004-08-04 05:00 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll
2008-03-06 22:40 . 2004-08-04 05:00 13,312 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\irclass.dll
2008-03-06 18:25 . 2007-12-10 15:24 159,458 --a------ C:\WINDOWS\SYSTEM32\nvapps.nvb
2008-03-06 18:20 . 2008-03-08 00:21 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-03-01 03:07 . 2008-03-17 15:35 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-03-01 03:06 . 2008-03-17 17:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-03-01 03:06 . 2008-03-17 15:35 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-03-01 03:06 . 2008-03-17 15:35 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-02-29 23:01 . 2008-02-29 23:04 197,009,408 --a------ C:\B.tmp
2008-02-29 22:57 . 2008-02-29 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-02-29 22:56 . 2008-02-29 23:01 <DIR> d-------- C:\WINDOWS\SYSTEM32\PAV
2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Program Files\Panda Security
2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Documents and Settings\Michael Greene\Application Data\Panda Software
2008-02-29 22:56 . 2007-09-28 14:24 83,896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pavdrv51.sys
2008-02-29 22:56 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\SYSTEM32\pavcpl.cpl
2008-02-29 22:56 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\SYSTEM32\avldr.dll
2008-02-29 22:56 . 2008-02-29 22:56 248 --a------ C:\WINDOWS\SYSTEM32\PavCPL.dat
2008-02-29 22:53 . 2007-07-12 14:49 178,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PavProc.sys
2008-02-29 22:53 . 2007-05-23 16:40 38,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ShlDrv51.sys
2008-02-29 22:48 . 2008-02-29 22:48 170 --a------ C:\WINDOWS\AvDetected.ini
2008-02-29 22:47 . 2008-02-29 22:53 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-02-26 02:37 . 2008-02-26 02:37 <DIR> d-------- C:\Deckard
2008-02-25 20:13 . 2008-03-11 20:31 1,597 --a------ C:\WINDOWS\mozver.dat
2008-02-25 19:51 . 2008-03-17 18:42 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-25 18:28 . 2008-02-25 18:28 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-25 01:48 . 2007-08-01 23:47 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-02-25 00:51 . 2008-02-25 00:51 1,966,134 --a------ C:\WINDOWS\wall.bmp
2008-02-25 00:29 . 2008-02-25 01:48 <DIR> d-------- C:\Documents and Settings\Michael Greene\.housecall6.6
2008-02-25 00:17 . 2008-02-25 00:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-24 23:54 . 2008-02-24 23:54 <DIR> d-------- C:\NVIDIA
2008-02-24 23:54 . 2007-12-05 03:53 356,352 --a------ C:\WINDOWS\SYSTEM32\NVUNINST.EXE
2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\VundoFix Backups
2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-24 21:42 . 2008-03-17 18:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Anvsoft
2008-02-23 21:37 . 2008-02-23 21:37 0 --a------ C:\WINDOWS\SYSTEM32\efccbcc.dll.vir
2008-02-23 20:27 . 2008-02-23 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-20 18:13 . 2008-02-20 18:13 11 -ra------ C:\WINDOWS\amunres.lsl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 23:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-17 23:41 --------- d-----w C:\Program Files\mobile PhoneTools
2008-03-17 23:38 --------- d-----w C:\Program Files\Google
2008-03-17 23:36 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-03-17 23:36 --------- d-----w C:\Program Files\Coast to Coast AM Media Center
2008-03-10 01:47 --------- d-----w C:\Program Files\AtomTime Pro
2008-03-07 06:38 28,144 ----a-w C:\Documents and Settings\Michael Greene\Application Data\GDIPFONTCACHEV1.DAT
2008-03-01 07:49 5,751,849 ----a-w C:\WINDOWS\JAVA\Packages\6rr9np7x.zip
2008-03-01 07:49 5,749,283 ----a-w C:\WINDOWS\JAVA\Packages\a9flzxvh.zip
2008-03-01 06:53 5,883,064 ----a-w C:\Program Files\DPSS0303.ZIP
2008-03-01 05:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 02:37 --------- d-----w C:\Program Files\LimeWire
2008-02-25 06:50 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-02-25 05:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-25 04:42 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Lavasoft
2008-02-25 04:41 --------- d-----w C:\Program Files\RegistryFix
2008-02-25 04:41 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-25 04:41 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-25 04:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-25 04:39 --------- d-----w C:\Program Files\GetASFStream
2008-02-25 04:39 --------- d-----w C:\Program Files\DVD slideshow GUI
2008-02-25 04:37 --------- d-----w C:\Program Files\Picasa2
2008-02-25 04:37 --------- d-----w C:\Program Files\Lavasoft
2008-02-21 02:37 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Ahead
2008-02-17 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-02-17 03:51 --------- d-----w C:\Program Files\Nero
2008-02-17 03:45 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-16 23:43 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Media Player Classic
2008-02-16 23:36 --------- d-----w C:\Program Files\Replay Converter
2008-02-09 06:05 --------- d-----w C:\Program Files\RealArcade
2008-02-08 08:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-06 07:41 --------- d-----w C:\Program Files\URLSnooper2
2008-01-20 17:59 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\DonationCoder
2008-01-20 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\DonationCoder
2007-08-25 07:00 250 ------w C:\Documents and Settings\Michael Greene\jobq.dat
2007-06-04 21:13 3,655,608 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-06-04 21:13 25,990,392 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2006-10-03 08:00 24,192 ------w C:\Documents and Settings\Michael Greene\usbsermptxp.sys
2006-10-03 08:00 22,768 ------w C:\Documents and Settings\Michael Greene\usbsermpt.sys
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2005-02-06 16:27 122 ------w C:\Documents and Settings\Michael Greene\Application Data\fusioncache.dat
2005-02-05 04:02 271 --sh--w C:\Program Files\desktop.ini
2005-02-05 04:02 23,357 ---ha-w C:\Program Files\folder.htt
2004-07-18 05:55 460,728 ----a-w C:\WINDOWS\FONTS\SET496.tmp
2004-07-18 05:55 383,140 ----a-w C:\WINDOWS\FONTS\SET495.tmp
2004-07-18 05:55 355,436 ----a-w C:\WINDOWS\FONTS\SET494.tmp
2004-07-17 18:39 409,280 ----a-w C:\WINDOWS\FONTS\SET493.tmp
2004-07-17 18:39 398,372 ----a-w C:\WINDOWS\FONTS\SET492.tmp
2004-07-17 18:39 367,112 ----a-w C:\WINDOWS\FONTS\SET49A.tmp
2004-07-17 18:39 352,224 ----a-w C:\WINDOWS\FONTS\SET499.tmp
2004-07-17 18:39 171,792 ----a-w C:\WINDOWS\FONTS\SET490.tmp
2004-07-17 18:39 155,068 ----a-w C:\WINDOWS\FONTS\SET497.tmp
2004-07-17 18:39 134,108 ----a-w C:\WINDOWS\FONTS\SET491.tmp
2004-07-17 18:39 127,596 ----a-w C:\WINDOWS\FONTS\SET498.tmp
2003-02-08 11:50 8,707 ----a-w C:\Program Files\Readme.rtf
2003-02-08 11:50 2,418 ----a-w C:\Program Files\Readme.txt
2003-01-12 19:41 3,392 ----a-w C:\WINDOWS\inf\OTHER\cmiainfo.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
"Coast to Coast AM"="C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe" [2005-06-08 11:00 983040]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-20 23:04 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2003-06-26 11:35 303104]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07 843776]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-15 20:23 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 10:57:16 2913584]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588]
Timex Data Link USB Launcher.lnk - C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe [2006-01-01 19:22:01 40960]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"csnob.exe"= C:\WINDOWS\system\csnob.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\SYSTEM32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbcc]
efccbcc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timex Data Link USB Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timex Data Link USB Launcher.lnk
backup=C:\WINDOWS\pss\Timex Data Link USB Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Palm Registration.lnk]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Palm Registration.lnk
backup=C:\WINDOWS\pss\Palm Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Reboot.exe]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Reboot.exe
backup=C:\WINDOWS\pss\Reboot.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Screenshot Utility.lnk]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Screenshot Utility.lnk
backup=C:\WINDOWS\pss\Screenshot Utility.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aCr3RWJpX]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-09-09 01:18 57344 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert]
C:\Program Files\AdwareAlert\adwarealert.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
C:\Program Files\AutoUpdate\AutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe465e73a]
C:\WINDOWS\system32\igcvqlvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
C:\Program Files\BullsEye Network\bin\bargains.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\VCMnet11.exe]
C:\WINDOWS\VCMnet11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\canoenc]
C:\WINDOWS\canoenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup]
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAS Client]
C:\Program Files\Cas\Client\casclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfgmgr52]
C:\WINDOWS\cfgmgr52.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\checkrun]
C:\windows\system32\eliteuhe32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMAPP]
C:\Program Files\CMAPP\Client\cmappclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer]
--a------ 2003-07-24 00:05 395264 C:\Program Files\Microsoft Plus! Digital Media Edition\Dancer\Dancer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dwridll]
C:\WINDOWS\dwridll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e756d4a6]
C:\WINDOWS\system32\xutgejtk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjdll]
C:\WINDOWS\eddjdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjenc]
C:\WINDOWS\eddjenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgoldll]
C:\WINDOWS\fgoldll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgolenc]
C:\WINDOWS\fgolenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup 4.0]
C:\PROGRA~1\NOVOSOFT\HANDYB~1\hbagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2001-11-19 06:27 196608 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE New Window Maximizer]
--a------ 2005-02-08 23:06 356352 C:\Program Files\IE New Window Maximizer\iemaximizer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2004-04-14 15:04 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Israfel]
C:\WINDOWS\SYSTEM32\Israfel.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-03-20 17:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
C:\WINDOWS\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KavSvc]
C:\WINDOWS\system32\pnphma.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel32]
C:\WINDOWS\SYSTEM32\Kernel32.win

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lu38clae]
C:\WINDOWS\system32\lu38clae.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
C:\Program Files\Microsoft Money\System\Activation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyApplication]
--a------ 2006-04-29 06:37 2841600 C:\Program Files\SlideShow\wpchng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2007-10-29 18:14 323216 C:\Program Files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch]
C:\Program Files\NaviSearch\bin\nls.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]
C:\Program Files\NetZero\exec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NGServer]
C:\Program Files\Symantec\Ghost\ngserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqdll]
C:\WINDOWS\ozdqdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqenc]
C:\WINDOWS\ozdqenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2004-04-14 14:46 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder]
C:\Program Files\PCPitstop\Optimize\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pidfdll]
C:\WINDOWS\pidfdll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivacyScanner]
C:\Program Files\Privacy Champion\pscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSof1]
C:\WINDOWS\system32\PSof1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-11-15 20:23 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\richup]
C:\WINDOWS\system32\richup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rn8T36l]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker]
C:\WINDOWS\system32\khooker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
--a------ 2002-07-12 03:15 106496 C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-10-14 10:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-20 23:04 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sysnet]
C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\sysnet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The Phil Hendrie Show]
C:\Program Files\Phil Hendrie Media Center\Phil Hendrie Media Center.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfdll]
C:\WINDOWS\tkbfdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfenc]
C:\WINDOWS\tkbfenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBouncer]
C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vidctrl]
C:\WINDOWS\system32\vidctrl\vidctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WallpaperSS]
C:\Program Files\WallpaperSS\WallpaperSS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\mobile PhoneTools\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsync]
C:\WINDOWS\system32\babpon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]
C:\Program Files\winupdates\winupdates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WootAgent]
C:\Program Files\Woot Agent\WootAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ycbyenc]
C:\WINDOWS\ycbyenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YCentral]
--a------ 2005-12-06 17:37 409112 c:\progra~1\yahoo!\YCentral\YahooCentral.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrdll]
C:\WINDOWS\yfzrdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrenc]
C:\WINDOWS\yfzrenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yykvenc]
C:\WINDOWS\yykvenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]
C:\Program Files\Zinio\ZinioDeliveryManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwdll]
C:\WINDOWS\zztwdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwenc]
C:\WINDOWS\zztwenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RioMSC"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Palm\\Hotsync.exe"=
"C:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\SecondLife\\SecondLife.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1755:TCP"= 1755:TCP:yahoo.com
"14237:TCP"= 14237:TCP:hotsync
"14238:UDP"= 14238:UDP:hotsync

R0 MtxDma0;Matrox Dma Manager (0);C:\WINDOWS\system32\drivers\MtxDma0.sys [2002-07-09 23:33]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 14:49]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 05:27]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28]
S3 DoradoPC;Conexant VGA Camera;C:\WINDOWS\system32\DRIVERS\drdvid40.sys [2001-12-16 19:33]
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys [2006-04-17 18:13]
S3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys []
S3 sgiul50;sgiul50;C:\WINDOWS\system32\DRIVERS\sgiulnt5.sys [2001-08-17 12:51]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 16:02]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;C:\Program Files\Ufasoft\Sniffer\usft_sn4.sys []
S3 USB-100;SMC Compact USB to Ethernet converter;C:\WINDOWS\system32\DRIVERS\SMC2208.SYS [2003-04-03 00:21]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-20 01:10:01 C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job"
- C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE
"2008-03-06 07:00:00 C:\WINDOWS\Tasks\Tune-up Application Start.job"
"2008-03-20 01:39:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{3238FA5A-B1EB-4855-987F-502E04ED310C}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 18:31:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-03-19 18:40:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-20 01:40:12
.
2008-03-19 10:00:28 --- E O F ---

Deckard's System Scanner v20071014.68
Run by Michael Greene on 2008-03-19 18:55:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Michael Greene.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:57 PM, on 3/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Michael Greene\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MICHAE~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\SYSTEM32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\SYSTEM32\mouse_configurator.win
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Coast to Coast AM] C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Policies\Explorer\Run: [csnob.exe] C:\WINDOWS\system\csnob.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Timex Data Link USB Launcher.lnk = C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O15 - Trusted Zone: *.morwillsearch.com
O16 - DPF: ConferenceRoom Java Client - http://pix.sexyads.net:8080/java/cr.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanc...instmodule.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/inst...l/pinstall.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://61.60.112.230/activex/AMC.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-306.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcophotocenter.com/CostcoUpload.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/act...CamControl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O20 - Winlogon Notify: efccbcc - efccbcc.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\SYSTEM32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe

--
End of file - 12966 bytes

-- Files created between 2008-02-19 and 2008-03-19 -----------------------------

2008-03-19 18:25:00 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-19 18:25:00 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-19 18:25:00 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-19 18:25:00 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-19 18:21:41 0 dr-hs---- C:\cmdcons
2008-03-19 18:21:24 0 d-------- C:\WINDOWS\setupupd
2008-03-19 15:42:12 0 d-------- C:\WINDOWS\ERUNT
2008-03-17 18:46:42 0 d-------- C:\ie-spyad_zo
2008-03-06 23:34:05 0 d-------- C:\WINDOWS\Prefetch
2008-03-01 03

54 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-29 22:57:47 0 d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-02-29 22:56:40 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-02-29 22:56:31 0 d-------- C:\Documents and Settings\Michael Greene\Application Data\Panda Software
2008-02-29 22:56:27 0 d-------- C:\WINDOWS\system32\PAV
2008-02-29 22:56:10 0 d-------- C:\Program Files\Panda Security
2008-02-29 22:47:44 0 d-------- C:\Program Files\Common Files\Panda Software
2008-02-25 20:13:54 1597 --a------ C:\WINDOWS\mozver.dat
2008-02-25 19:51:04 0 d-------- C:\Program Files\SpywareBlaster
2008-02-25 18:28:01 0 d-------- C:\Program Files\Enigma Software Group
2008-02-25 00:29:06 0 d-------- C:\Documents and Settings\Michael Greene\.housecall6.6
2008-02-25 00:17:34 0 d-------- C:\Program Files\Trend Micro
2008-02-24 23:54:13 0 d-------- C:\NVIDIA
2008-02-24 22:07:25 0 dr-h----- C:\Documents and Settings\Michael Greene\Recent
2008-02-24 21:42:39 0 d-------- C:\VundoFix Backups
2008-02-24 21:42:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-24 21:42:23 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-24 21:42:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Anvsoft
2008-02-23 20:27:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

-- Find3M Report ---------------------------------------------------------------

2008-03-19 18:26:14 0 d-------- C:\Program Files\Common Files
2008-03-17 16:41:59 0 d-------- C:\Program Files\mobile PhoneTools
2008-03-17 16:38:04 0 d-------- C:\Program Files\Google
2008-03-17 16:36:50 0 d-------- C:\Program Files\Common Files\LightScribe
2008-03-17 16:36:12 0 d-------- C:\Program Files\Coast to Coast AM Media Center
2008-03-16 19:14:25 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-03-09 18:47:39 0 d-------- C:\Program Files\AtomTime Pro
2008-03-07 18:10:01 2111496 --ah----- C:\Documents and Settings\Michael Greene\Application Data\IconCache.db
2008-03-06 23:38:43 28144 --a------ C:\Documents and Settings\Michael Greene\Application Data\GDIPFONTCACHEV1.DAT
2008-03-06 23:24:58 23388 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-29 23:53:50 5883064 --a------ C:\Program Files\DPSS0303.ZIP
2008-02-29 22:56:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-25 19:37:09 0 d-------- C:\Program Files\LimeWire
2008-02-25 18:52:53 0 d-------- C:\Documents and Settings\Michael Greene\Application Data\Mozilla
2008-02-25 00:51:30 715 --a------ C:\Documents and Settings\Michael Greene\Application Data\DSS_Wallpaper.ini
2008-02-24 23:50:01 0 d-------- C:\Program Files\SystemRequirementsLab
2008-02-24 21:42:37 0 d-------- C:\Documents and Settings\Michael Greene\Application Data\Lavasoft
2008-02-24 21:41:30 0 d-------- C:\Program Files\Common Files\Ahead
2008-02-24 21:41:20 0 d-------- C:\Program Files\AviSynth 2.5
2008-02-24 21:41:18 0 d-------- C:\Program Files\RegistryFix
2008-02-24 21:39:32 0 d-------- C:\Program Files\DVD slideshow GUI
2008-02-24 21:39:28 0 d-------- C:\Program Files\GetASFStream
2008-02-24 21:37:19 0 d-------- C:\Program Files\Picasa2
2008-02-24 21:37:09 0 d-------- C:\Program Files\Lavasoft
2008-02-20 19:37:21 0 d-------- C:\Documents and Settings\Michael Greene\Application Data\Ahead
2008-02-16 20:51:39 0 d-------- C:\Program Files\Nero
2008-02-16 20:45:43 0 d-------- C:\Program Files\Common Files\Nero
2008-02-16 16:43:27 0 d-------- C:\Documents and Settings\Michael Greene\Application Data\Media Player Classic
2008-02-16 16:36:19 0 d-------- C:\Program Files\Replay Converter
2008-02-14 00:41:31 0 --a------ C:\WINDOWS\system32\Biport
2008-02-13 04:20:15 1424 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-11 23:43:09 36352 --a------ C:\Documents and Settings\Michael Greene\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-02-08 23:05:47 0 d-------- C:\Program Files\RealArcade
2008-02-08 01:53:53 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-06 00:41:09 0 d-------- C:\Program Files\URLSnooper2
2008-01-20 10:59:12 46 --a------ C:\WINDOWS\system32\DonationCoder_urlsnooper_InstallInfo.dat
2008-01-20 10:59:12 0 d-------- C:\Documents and Settings\Michael Greene\Application Data\DonationCoder
2008-01-19 06:32:19 0 d-------- C:\Documents and Settings\Michael Greene\Application Data\Move Networks

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [06/26/2003 11:35 AM]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [05/25/2004 09:16 AM]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [07/20/2004 09:34 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/01/2006 03:07 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [04/10/2006 09:19 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/15/2005 08:23 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 02:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 02:41 AM C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 02:41 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/30/2006 09:49 PM]
"Coast to Coast AM"="C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe" [06/08/2005 11:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/20/2007 11:04 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" []

C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [7/20/2007 10:57:16 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 1:15:54 AM]
Timex Data Link USB Launcher.lnk - C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe [1/1/2006 7:22:01 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"csnob.exe"=C:\WINDOWS\system\csnob.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 02/15/2007 08:02 PM 50736 C:\WINDOWS\SYSTEM32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbcc]
efccbcc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timex Data Link USB Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timex Data Link USB Launcher.lnk
backup=C:\WINDOWS\pss\Timex Data Link USB Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Palm Registration.lnk]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Palm Registration.lnk
backup=C:\WINDOWS\pss\Palm Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Reboot.exe]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Reboot.exe
backup=C:\WINDOWS\pss\Reboot.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Screenshot Utility.lnk]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Screenshot Utility.lnk
backup=C:\WINDOWS\pss\Screenshot Utility.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aCr3RWJpX]
prismsno.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert]
C:\Program Files\AdwareAlert\adwarealert.Exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
"C:\Program Files\AutoUpdate\AutoUpdate.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe465e73a]
Rundll32.exe "C:\WINDOWS\system32\igcvqlvu.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
C:\Program Files\BullsEye Network\bin\bargains.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\VCMnet11.exe]
C:\WINDOWS\VCMnet11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\canoenc]
C:\WINDOWS\canoenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup]
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAS Client]
"C:\Program Files\Cas\Client\casclient.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfgmgr52]
RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\checkrun]
C:\windows\system32\eliteuhe32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMAPP]
"C:\Program Files\CMAPP\Client\cmappclient.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer]
"C:\Program Files\Microsoft Plus! Digital Media Edition\Dancer\Dancer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dwridll]
C:\WINDOWS\dwridll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e756d4a6]
rundll32.exe "C:\WINDOWS\system32\xutgejtk.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjdll]
C:\WINDOWS\eddjdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjenc]
C:\WINDOWS\eddjenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgoldll]
C:\WINDOWS\fgoldll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgolenc]
C:\WINDOWS\fgolenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup 4.0]
"C:\PROGRA~1\NOVOSOFT\HANDYB~1\hbagent.exe" -logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE New Window Maximizer]
C:\Program Files\IE New Window Maximizer\iemaximizer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Israfel]
C:\WINDOWS\SYSTEM32\Israfel.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
C:\WINDOWS\system32\JMRaidTool.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KavSvc]
C:\WINDOWS\system32\pnphma.exe reg_run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel32]
C:\WINDOWS\SYSTEM32\Kernel32.win

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lu38clae]
C:\WINDOWS\system32\lu38clae.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\Money Express.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
"C:\Program Files\Microsoft Money\System\Activation.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyApplication]
C:\Program Files\SlideShow\wpchng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch]
C:\Program Files\NaviSearch\bin\nls.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]
C:\Program Files\NetZero\exec.exe regrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NGServer]
C:\Program Files\Symantec\Ghost\ngserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqdll]
C:\WINDOWS\ozdqdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqenc]
C:\WINDOWS\ozdqenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder]
C:\Program Files\PCPitstop\Optimize\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pidfdll]
C:\WINDOWS\pidfdll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivacyScanner]
C:\Program Files\Privacy Champion\pscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSof1]
C:\WINDOWS\system32\PSof1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\richup]
C:\WINDOWS\system32\richup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rn8T36l]
qashlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker]
C:\WINDOWS\system32\khooker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sysnet]
C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\sysnet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The Phil Hendrie Show]
C:\Program Files\Phil Hendrie Media Center\Phil Hendrie Media Center.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfdll]
C:\WINDOWS\tkbfdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfenc]
C:\WINDOWS\tkbfenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBouncer]
C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vidctrl]
C:\WINDOWS\system32\vidctrl\vidctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WallpaperSS]
C:\Program Files\WallpaperSS\WallpaperSS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\mobile PhoneTools\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsync]
C:\WINDOWS\system32\babpon.exe reg_run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]
C:\Program Files\winupdates\winupdates.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WootAgent]
C:\Program Files\Woot Agent\WootAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ycbyenc]
C:\WINDOWS\ycbyenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YCentral]
c:\progra~1\yahoo!\YCentral\YahooCentral.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrdll]
C:\WINDOWS\yfzrdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrenc]
C:\WINDOWS\yfzrenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yykvenc]
C:\WINDOWS\yykvenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]
C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwdll]
C:\WINDOWS\zztwdll.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwenc]
C:\WINDOWS\zztwenc.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RioMSC"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

-- End of Deckard's System Scanner: finished at 2008-03-19 18:56:08 ------------

mikeyg98 · 03-19-2008, 07:59 PM

SDFix: Version 1.159

Run by Administrator on Wed 03/19/2008 at 03:59 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url - Deleted
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url - Deleted
C:\Program Files\Setup.exe - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 17:17:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000051
"TracesSuccessful"=dword:00000009

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Palm\\Hotsync.exe"="C:\\Program Files\\Palm\\Hotsync.exe:*:Enabled:HotSync Manager"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_server.exe"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_server.exe:*:Disabled:Musicmatchr Music Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\FlightGear\\bin\\win32\\fgfs.exe"="C:\\Program Files\\FlightGear\\bin\\win32\\fgfs.exe:*:Enabled:fgfs"
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\\Program Files\\SecondLife\\SecondLife.exe"="C:\\Program Files\\SecondLife\\SecondLife.exe:*:Enabled:Second Life"
"C:\\Program Files\\SecondLife\\SLVoice.exe"="C:\\Program Files\\SecondLife\\SLVoice.exe:*:Enabled:SLVoice"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Documents and Settings\\Michael Greene\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\Michael Greene\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 4 Feb 2005 194 ..SH. --- "C:\AUTOEXEC.BAK"
Mon 11 Jul 2005 3,112,968 ...H. --- "C:\amanda tem\setup.exe"
Thu 21 Feb 2008 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Tue 21 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Sun 7 Oct 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 11 Dec 2006 0 A.SH. --- "C:\WINDOWS\DRM\Cache\Indiv02.tmp"
Sun 21 Jul 2002 418,816 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\All.exe"
Thu 18 Jul 2002 390,144 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\Change.exe"
Thu 18 Jul 2002 574,464 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\CheckPath.exe"
Mon 19 Aug 2002 430,592 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\Counter.exe"
Mon 22 Jul 2002 390,656 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\DelFolders.exe"
Fri 22 Nov 2002 399,872 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\DirectSetup.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\RegClean.exe"
Fri 19 Jul 2002 388,608 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\Regexe.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\RunRegexe.exe"
Sun 14 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 7 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT4.tmp"
Sun 2 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52e811b9b8a98e903e9af1663dd13485\BIT4.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT3.tmp"
Sun 2 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\771350e502329b319ea4189fe126f571\BIT3.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT4.tmp"
Fri 7 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT3.tmp"
Sun 4 Dec 2005 27,648 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Templates\~WRL0001.tmp"
Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL0003.tmp"
Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL1772.tmp"
Mon 16 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL1851.tmp"
Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL2215.tmp"
Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL2695.tmp"
Sat 21 Jul 2007 1,101,824 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\cooper garry's wedding fishing\SIV53.tmp"
Tue 22 Aug 2006 1,978,368 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\jun07\SIV9D.tmp"
Mon 10 Sep 2007 1,640 ..SH. --- "C:\Documents and Settings\Michael Greene\Application Data\Roxio\Dragon\DiscInfoCache\SONY_____DVD_RW_DRU-530A__2.1a_300_DICV018_DRGV2050108.TMP"
Fri 2 Nov 2007 2,172 A.SH. --- "C:\Documents and Settings\Michael Greene\Application Data\Roxio\Dragon\DiscInfoCache\SONY_____DVD_RW_DRU-530A__2.1a_100_DICV018_DRGV2050108.TMP"
Wed 6 Jul 2005 1,409,024 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\102NIKON\102NIKON\SIV3F.tmp"
Wed 6 Jul 2005 557,056 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\102NIKON\102NIKON\SIV42.tmp"
Wed 6 Jul 2005 1,409,024 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\cruise\102NIKON\102NIKON\SIV3F.tmp"
Wed 6 Jul 2005 557,056 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\cruise\102NIKON\102NIKON\SIV42.tmp"
Thu 22 Jun 2006 2,461,696 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\jun07\DCIM\100NIKON\SIV39.tmp"
Tue 6 Jun 2006 827,392 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\jun07\DCIM\100NIKON\SIV55.tmp"

Finished!

ComboFix 08-03-18.1 - Michael Greene 2008-03-19 18:25:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1424 [GMT -7:00]
Running from: C:\Documents and Settings\Michael Greene\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\cmapp
C:\Program Files\cmapp\Client\hf.txt
C:\Program Files\cmapp\Client\rf.txt
C:\Program Files\cmapp\Client\sf.txt
C:\Program Files\cmapp\Client\Uninstall.exe
C:\Program Files\cmapp\cmappstub.exe
C:\Program Files\Common Files\uninstall information
C:\Program Files\winupdates
C:\Program Files\winupdates\a.zip
C:\WINDOWS\BMe465e73a.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\start.exe
C:\WINDOWS\SYSTEM32\adnwyvie.ini
C:\WINDOWS\system32\albxjodg.dll
C:\WINDOWS\system32\asdmjtim.dll
C:\WINDOWS\SYSTEM32\bptcllyu.ini
C:\WINDOWS\system32\bxyuaonk.dll
C:\WINDOWS\system32\cvywfklc.dll
C:\WINDOWS\SYSTEM32\djeukusu.ini
C:\WINDOWS\system32\edaqelrk.dll
C:\WINDOWS\SYSTEM32\egjlm.ini
C:\WINDOWS\SYSTEM32\egjlm.ini2
C:\WINDOWS\system32\fmvdihvk.dll
C:\WINDOWS\system32\fsdfdeyn.dll
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\gwajljhn.dll
C:\WINDOWS\system32\hbvvhhju.dll
C:\WINDOWS\system32\hmfeapee.dll
C:\WINDOWS\system32\iapkbtps.dll
C:\WINDOWS\SYSTEM32\inqhtdla.ini
C:\WINDOWS\system32\iqnmdrrl.dll
C:\WINDOWS\system32\iwiicvpa.dll
C:\WINDOWS\system32\ixuegpyk.dll
C:\WINDOWS\SYSTEM32\jlmdvkgd.ini
C:\WINDOWS\SYSTEM32\jovhpwxj.ini
C:\WINDOWS\system32\jqlxqwjt.dll
C:\WINDOWS\system32\kdrvsudx.dll
C:\WINDOWS\SYSTEM32\ktjegtux.ini
C:\WINDOWS\SYSTEM32\laodyemv.ini
C:\WINDOWS\SYSTEM32\lrrdmnqi.ini
C:\WINDOWS\system32\lvdbcmer.dll
C:\WINDOWS\system32\makxmthy.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\mitjmdsa.ini
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\SYSTEM32\mmhhuswo.ini
C:\WINDOWS\system32\nisjsprp.dll
C:\WINDOWS\SYSTEM32\nutxlmne.ini
C:\WINDOWS\system32\oekvfsxo.dll
C:\WINDOWS\system32\oxrlbdeq.dll
C:\WINDOWS\system32\pbjkpkqi.dll
C:\WINDOWS\system32\pubntywb.dll
C:\WINDOWS\system32\qgwphfko.dll
C:\WINDOWS\SYSTEM32\qobhppso.ini
C:\WINDOWS\system32\qufkmyiu.dll
C:\WINDOWS\system32\qwsaahim.dll
C:\WINDOWS\SYSTEM32\rnpsgojr.ini
C:\WINDOWS\SYSTEM32\spnjgglu.ini
C:\WINDOWS\SYSTEM32\sptbkpai.ini
C:\WINDOWS\SYSTEM32\srclfebv.ini
C:\WINDOWS\system32\srysdmdw.dll
C:\WINDOWS\system32\tvrfhgru.dll
C:\WINDOWS\SYSTEM32\tvyxendx.ini
C:\WINDOWS\system32\uabkhenj.dll
C:\WINDOWS\SYSTEM32\ugrmphgf.ini
C:\WINDOWS\SYSTEM32\uhmamesi.ini
C:\WINDOWS\SYSTEM32\utxnnthj.ini
C:\WINDOWS\system32\uunfxkmf.dll
C:\WINDOWS\system32\vhuyflsi.dll
C:\WINDOWS\system32\vovidxkr.dll
C:\WINDOWS\system32\wjceaals.dll
C:\WINDOWS\system32\wjvpkuua.dll
C:\WINDOWS\system32\wovfinjo.dll
C:\WINDOWS\SYSTEM32\wqgdmxol.ini
C:\WINDOWS\SYSTEM32\xddgtsbm.ini
C:\WINDOWS\SYSTEM32\xeegjhvf.ini
C:\WINDOWS\SYSTEM32\xituejkj.ini
C:\WINDOWS\system32\xutgejtk.dll
C:\WINDOWS\system32\ydrvxvmh.dll
C:\WINDOWS\SYSTEM32\ylqmsxim.ini
C:\WINDOWS\system32\yqugwtdv.dll
C:\WINDOWS\Web\default.htt

.
((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.

2008-03-19 17:18 . 2008-03-19 17:18 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-03-19 15:42 . 2008-03-19 15:42 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-19 15:36 . 2008-03-19 17:26 <DIR> d-------- C:\SDFix
2008-03-17 23:14 . 2008-03-18 23:15 2,104,562 ---hs---- C:\WINDOWS\SYSTEM32\fhyaouro.ini
2008-03-17 18:46 . 2008-03-17 18:46 <DIR> d-------- C:\ie-spyad_zo
2008-03-16 23:14 . 2008-03-16 23:14 1,367,267 ---hs---- C:\WINDOWS\SYSTEM32\oihsbyot.ini
2008-03-15 23:18 . 2008-03-16 14:08 1,366,743 ---hs---- C:\WINDOWS\SYSTEM32\skvxnofm.ini
2008-03-06 23:29 . 2004-08-04 05:00 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\hwxjpn.dll
2008-03-06 23:28 . 2004-05-13 01:39 876,653 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\fp4awel.dll
2008-03-06 23:26 . 2008-03-06 23:26 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2008-03-06 22:40 . 2004-08-04 05:00 1,086,058 -ra------ C:\WINDOWS\SET79.tmp
2008-03-06 22:40 . 2004-08-04 05:00 1,042,903 -ra------ C:\WINDOWS\SET76.tmp
2008-03-06 22:40 . 2004-08-04 05:00 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2008-03-06 22:40 . 2004-08-04 05:00 24,661 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\spxcoins.dll
2008-03-06 22:40 . 2004-08-04 05:00 13,753 -ra------ C:\WINDOWS\SET85.tmp
2008-03-06 22:40 . 2004-08-04 05:00 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll
2008-03-06 22:40 . 2004-08-04 05:00 13,312 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\irclass.dll
2008-03-06 18:25 . 2007-12-10 15:24 159,458 --a------ C:\WINDOWS\SYSTEM32\nvapps.nvb
2008-03-06 18:20 . 2008-03-08 00:21 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-03-01 03:07 . 2008-03-17 15:35 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-03-01 03:06 . 2008-03-17 17:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-03-01 03:06 . 2008-03-17 15:35 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-03-01 03:06 . 2008-03-17 15:35 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-02-29 23:01 . 2008-02-29 23:04 197,009,408 --a------ C:\B.tmp
2008-02-29 22:57 . 2008-02-29 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-02-29 22:56 . 2008-02-29 23:01 <DIR> d-------- C:\WINDOWS\SYSTEM32\PAV
2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Program Files\Panda Security
2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Documents and Settings\Michael Greene\Application Data\Panda Software
2008-02-29 22:56 . 2007-09-28 14:24 83,896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pavdrv51.sys
2008-02-29 22:56 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\SYSTEM32\pavcpl.cpl
2008-02-29 22:56 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\SYSTEM32\avldr.dll
2008-02-29 22:56 . 2008-02-29 22:56 248 --a------ C:\WINDOWS\SYSTEM32\PavCPL.dat
2008-02-29 22:53 . 2007-07-12 14:49 178,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PavProc.sys
2008-02-29 22:53 . 2007-05-23 16:40 38,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ShlDrv51.sys
2008-02-29 22:48 . 2008-02-29 22:48 170 --a------ C:\WINDOWS\AvDetected.ini
2008-02-29 22:47 . 2008-02-29 22:53 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-02-26 02:37 . 2008-02-26 02:37 <DIR> d-------- C:\Deckard
2008-02-25 20:13 . 2008-03-11 20:31 1,597 --a------ C:\WINDOWS\mozver.dat
2008-02-25 19:51 . 2008-03-17 18:42 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-25 18:28 . 2008-02-25 18:28 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-25 01:48 . 2007-08-01 23:47 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-02-25 00:51 . 2008-02-25 00:51 1,966,134 --a------ C:\WINDOWS\wall.bmp
2008-02-25 00:29 . 2008-02-25 01:48 <DIR> d-------- C:\Documents and Settings\Michael Greene\.housecall6.6
2008-02-25 00:17 . 2008-02-25 00:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-24 23:54 . 2008-02-24 23:54 <DIR> d-------- C:\NVIDIA
2008-02-24 23:54 . 2007-12-05 03:53 356,352 --a------ C:\WINDOWS\SYSTEM32\NVUNINST.EXE
2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\VundoFix Backups
2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-24 21:42 . 2008-03-17 18:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Anvsoft
2008-02-23 21:37 . 2008-02-23 21:37 0 --a------ C:\WINDOWS\SYSTEM32\efccbcc.dll.vir
2008-02-23 20:27 . 2008-02-23 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-20 18:13 . 2008-02-20 18:13 11 -ra------ C:\WINDOWS\amunres.lsl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 23:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-17 23:41 --------- d-----w C:\Program Files\mobile PhoneTools
2008-03-17 23:38 --------- d-----w C:\Program Files\Google
2008-03-17 23:36 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-03-17 23:36 --------- d-----w C:\Program Files\Coast to Coast AM Media Center
2008-03-10 01:47 --------- d-----w C:\Program Files\AtomTime Pro
2008-03-07 06:38 28,144 ----a-w C:\Documents and Settings\Michael Greene\Application Data\GDIPFONTCACHEV1.DAT
2008-03-01 07:49 5,751,849 ----a-w C:\WINDOWS\JAVA\Packages\6rr9np7x.zip
2008-03-01 07:49 5,749,283 ----a-w C:\WINDOWS\JAVA\Packages\a9flzxvh.zip
2008-03-01 06:53 5,883,064 ----a-w C:\Program Files\DPSS0303.ZIP
2008-03-01 05:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 02:37 --------- d-----w C:\Program Files\LimeWire
2008-02-25 06:50 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-02-25 05:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-25 04:42 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Lavasoft
2008-02-25 04:41 --------- d-----w C:\Program Files\RegistryFix
2008-02-25 04:41 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-25 04:41 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-25 04:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-25 04:39 --------- d-----w C:\Program Files\GetASFStream
2008-02-25 04:39 --------- d-----w C:\Program Files\DVD slideshow GUI
2008-02-25 04:37 --------- d-----w C:\Program Files\Picasa2
2008-02-25 04:37 --------- d-----w C:\Program Files\Lavasoft
2008-02-21 02:37 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Ahead
2008-02-17 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-02-17 03:51 --------- d-----w C:\Program Files\Nero
2008-02-17 03:45 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-16 23:43 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Media Player Classic
2008-02-16 23:36 --------- d-----w C:\Program Files\Replay Converter
2008-02-09 06:05 --------- d-----w C:\Program Files\RealArcade
2008-02-08 08:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-06 07:41 --------- d-----w C:\Program Files\URLSnooper2
2008-01-20 17:59 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\DonationCoder
2008-01-20 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\DonationCoder
2007-08-25 07:00 250 ------w C:\Documents and Settings\Michael Greene\jobq.dat
2007-06-04 21:13 3,655,608 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-06-04 21:13 25,990,392 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2006-10-03 08:00 24,192 ------w C:\Documents and Settings\Michael Greene\usbsermptxp.sys
2006-10-03 08:00 22,768 ------w C:\Documents and Settings\Michael Greene\usbsermpt.sys
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2005-02-06 16:27 122 ------w C:\Documents and Settings\Michael Greene\Application Data\fusioncache.dat
2005-02-05 04:02 271 --sh--w C:\Program Files\desktop.ini
2005-02-05 04:02 23,357 ---ha-w C:\Program Files\folder.htt
2004-07-18 05:55 460,728 ----a-w C:\WINDOWS\FONTS\SET496.tmp
2004-07-18 05:55 383,140 ----a-w C:\WINDOWS\FONTS\SET495.tmp
2004-07-18 05:55 355,436 ----a-w C:\WINDOWS\FONTS\SET494.tmp
2004-07-17 18:39 409,280 ----a-w C:\WINDOWS\FONTS\SET493.tmp
2004-07-17 18:39 398,372 ----a-w C:\WINDOWS\FONTS\SET492.tmp
2004-07-17 18:39 367,112 ----a-w C:\WINDOWS\FONTS\SET49A.tmp
2004-07-17 18:39 352,224 ----a-w C:\WINDOWS\FONTS\SET499.tmp
2004-07-17 18:39 171,792 ----a-w C:\WINDOWS\FONTS\SET490.tmp
2004-07-17 18:39 155,068 ----a-w C:\WINDOWS\FONTS\SET497.tmp
2004-07-17 18:39 134,108 ----a-w C:\WINDOWS\FONTS\SET491.tmp
2004-07-17 18:39 127,596 ----a-w C:\WINDOWS\FONTS\SET498.tmp
2003-02-08 11:50 8,707 ----a-w C:\Program Files\Readme.rtf
2003-02-08 11:50 2,418 ----a-w C:\Program Files\Readme.txt
2003-01-12 19:41 3,392 ----a-w C:\WINDOWS\inf\OTHER\cmiainfo.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
"Coast to Coast AM"="C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe" [2005-06-08 11:00 983040]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-20 23:04 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2003-06-26 11:35 303104]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07 843776]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-15 20:23 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 10:57:16 2913584]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588]
Timex Data Link USB Launcher.lnk - C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe [2006-01-01 19:22:01 40960]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"csnob.exe"= C:\WINDOWS\system\csnob.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\SYSTEM32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbcc]
efccbcc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timex Data Link USB Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timex Data Link USB Launcher.lnk
backup=C:\WINDOWS\pss\Timex Data Link USB Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Palm Registration.lnk]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Palm Registration.lnk
backup=C:\WINDOWS\pss\Palm Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Reboot.exe]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Reboot.exe
backup=C:\WINDOWS\pss\Reboot.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Screenshot Utility.lnk]
path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Screenshot Utility.lnk
backup=C:\WINDOWS\pss\Screenshot Utility.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aCr3RWJpX]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-09-09 01:18 57344 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert]
C:\Program Files\AdwareAlert\adwarealert.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
C:\Program Files\AutoUpdate\AutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe465e73a]
C:\WINDOWS\system32\igcvqlvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
C:\Program Files\BullsEye Network\bin\bargains.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\VCMnet11.exe]
C:\WINDOWS\VCMnet11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\canoenc]
C:\WINDOWS\canoenc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup]
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAS Client]
C:\Program Files\Cas\Client\casclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\s

03-19-2008, 04:24 PM	#2 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,404 OS: XP Pro SP3	Re: IE hijacks and spyware ads Please download SDFix from here and save it to your desktop Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). Post that log in your next reply. ================================= Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer. Please visit this webpage for download links, and instructions for running the tool When the tool is finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log so that we can continue to do any further cleaning that your system may require. Caution: Never run and remove files with Combofix unless supervised by a security analyst. __________________ Eddy

03-19-2008, 07:50 PM	#3 (permalink)
mikeyg98 Registered User Join Date: Feb 2008 Posts: 12 OS: XP SP2	Re: IE hijacks and spyware ads SDFix: Version 1.159 Run by Administrator on Wed 03/19/2008 at 03:59 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url - Deleted C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url - Deleted C:\Program Files\Setup.exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-19 17:17:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000051 "TracesSuccessful"=dword:00000009 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe::Enabled:Yahoo! Messenger" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe::Enabled:Internet Explorer" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe::Enabled:Yahoo! FT Server" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe::Enabled:Yahoo! Messenger" "C:\\Program Files\\Palm\\Hotsync.exe"="C:\\Program Files\\Palm\\Hotsync.exe::Enabled:HotSync Manager" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe::Disabled:LimeWire" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe::Disabled:LimeWire swarmed installer" "C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_server.exe"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_server.exe::Disabled:Musicmatchr Music Server" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\FlightGear\\bin\\win32\\fgfs.exe"="C:\\Program Files\\FlightGear\\bin\\win32\\fgfs.exe::Enabled:fgfs" "C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe::Enabled:Dreamweaver MX 2004" "C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe::Enabled:BearShare" "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe::Enabled:Logitech Harmony Remote Software 7" "C:\\Program Files\\SecondLife\\SecondLife.exe"="C:\\Program Files\\SecondLife\\SecondLife.exe::Enabled:Second Life" "C:\\Program Files\\SecondLife\\SLVoice.exe"="C:\\Program Files\\SecondLife\\SLVoice.exe::Enabled:SLVoice" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe::Enabled:æTorrent" "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe::Enabled:Nero ProductSetup" "C:\\Documents and Settings\\Michael Greene\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\Michael Greene\\Local Settings\\Temp\\Nero Web\\SetupXu.exe::Enabled:Nero ProductSetup" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe::Enabled:Logitech Harmony Remote Software 7" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Fri 4 Feb 2005 194 ..SH. --- "C:\AUTOEXEC.BAK" Mon 11 Jul 2005 3,112,968 ...H. --- "C:\amanda tem\setup.exe" Thu 21 Feb 2008 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe" Tue 21 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll" Sun 7 Oct 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Mon 11 Dec 2006 0 A.SH. --- "C:\WINDOWS\DRM\Cache\Indiv02.tmp" Sun 21 Jul 2002 418,816 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\All.exe" Thu 18 Jul 2002 390,144 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\Change.exe" Thu 18 Jul 2002 574,464 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\CheckPath.exe" Mon 19 Aug 2002 430,592 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\Counter.exe" Mon 22 Jul 2002 390,656 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\DelFolders.exe" Fri 22 Nov 2002 399,872 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\DirectSetup.exe" Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\RegClean.exe" Fri 19 Jul 2002 388,608 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\Regexe.exe" Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\RunRegexe.exe" Sun 14 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Fri 7 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT4.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52e811b9b8a98e903e9af1663dd13485\BIT4.tmp" Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT3.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\771350e502329b319ea4189fe126f571\BIT3.tmp" Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT4.tmp" Fri 7 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT3.tmp" Sun 4 Dec 2005 27,648 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Templates\~WRL0001.tmp" Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL0003.tmp" Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL1772.tmp" Mon 16 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL1851.tmp" Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL2215.tmp" Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL2695.tmp" Sat 21 Jul 2007 1,101,824 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\cooper garry's wedding fishing\SIV53.tmp" Tue 22 Aug 2006 1,978,368 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\jun07\SIV9D.tmp" Mon 10 Sep 2007 1,640 ..SH. --- "C:\Documents and Settings\Michael Greene\Application Data\Roxio\Dragon\DiscInfoCache\SONY_____DVD_RW_DRU-530A__2.1a_300_DICV018_DRGV2050108.TMP" Fri 2 Nov 2007 2,172 A.SH. --- "C:\Documents and Settings\Michael Greene\Application Data\Roxio\Dragon\DiscInfoCache\SONY_____DVD_RW_DRU-530A__2.1a_100_DICV018_DRGV2050108.TMP" Wed 6 Jul 2005 1,409,024 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\102NIKON\102NIKON\SIV3F.tmp" Wed 6 Jul 2005 557,056 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\102NIKON\102NIKON\SIV42.tmp" Wed 6 Jul 2005 1,409,024 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\cruise\102NIKON\102NIKON\SIV3F.tmp" Wed 6 Jul 2005 557,056 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\cruise\102NIKON\102NIKON\SIV42.tmp" Thu 22 Jun 2006 2,461,696 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\jun07\DCIM\100NIKON\SIV39.tmp" Tue 6 Jun 2006 827,392 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\jun07\DCIM\100NIKON\SIV55.tmp" Finished! ComboFix 08-03-18.1 - Michael Greene 2008-03-19 18:25:59.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1424 [GMT -7:00] Running from: C:\Documents and Settings\Michael Greene\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\cmapp C:\Program Files\cmapp\Client\hf.txt C:\Program Files\cmapp\Client\rf.txt C:\Program Files\cmapp\Client\sf.txt C:\Program Files\cmapp\Client\Uninstall.exe C:\Program Files\cmapp\cmappstub.exe C:\Program Files\Common Files\uninstall information C:\Program Files\winupdates C:\Program Files\winupdates\a.zip C:\WINDOWS\BMe465e73a.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\start.exe C:\WINDOWS\SYSTEM32\adnwyvie.ini C:\WINDOWS\system32\albxjodg.dll C:\WINDOWS\system32\asdmjtim.dll C:\WINDOWS\SYSTEM32\bptcllyu.ini C:\WINDOWS\system32\bxyuaonk.dll C:\WINDOWS\system32\cvywfklc.dll C:\WINDOWS\SYSTEM32\djeukusu.ini C:\WINDOWS\system32\edaqelrk.dll C:\WINDOWS\SYSTEM32\egjlm.ini C:\WINDOWS\SYSTEM32\egjlm.ini2 C:\WINDOWS\system32\fmvdihvk.dll C:\WINDOWS\system32\fsdfdeyn.dll C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\gwajljhn.dll C:\WINDOWS\system32\hbvvhhju.dll C:\WINDOWS\system32\hmfeapee.dll C:\WINDOWS\system32\iapkbtps.dll C:\WINDOWS\SYSTEM32\inqhtdla.ini C:\WINDOWS\system32\iqnmdrrl.dll C:\WINDOWS\system32\iwiicvpa.dll C:\WINDOWS\system32\ixuegpyk.dll C:\WINDOWS\SYSTEM32\jlmdvkgd.ini C:\WINDOWS\SYSTEM32\jovhpwxj.ini C:\WINDOWS\system32\jqlxqwjt.dll C:\WINDOWS\system32\kdrvsudx.dll C:\WINDOWS\SYSTEM32\ktjegtux.ini C:\WINDOWS\SYSTEM32\laodyemv.ini C:\WINDOWS\SYSTEM32\lrrdmnqi.ini C:\WINDOWS\system32\lvdbcmer.dll C:\WINDOWS\system32\makxmthy.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\SYSTEM32\mitjmdsa.ini C:\WINDOWS\system32\mljge.dll C:\WINDOWS\SYSTEM32\mmhhuswo.ini C:\WINDOWS\system32\nisjsprp.dll C:\WINDOWS\SYSTEM32\nutxlmne.ini C:\WINDOWS\system32\oekvfsxo.dll C:\WINDOWS\system32\oxrlbdeq.dll C:\WINDOWS\system32\pbjkpkqi.dll C:\WINDOWS\system32\pubntywb.dll C:\WINDOWS\system32\qgwphfko.dll C:\WINDOWS\SYSTEM32\qobhppso.ini C:\WINDOWS\system32\qufkmyiu.dll C:\WINDOWS\system32\qwsaahim.dll C:\WINDOWS\SYSTEM32\rnpsgojr.ini C:\WINDOWS\SYSTEM32\spnjgglu.ini C:\WINDOWS\SYSTEM32\sptbkpai.ini C:\WINDOWS\SYSTEM32\srclfebv.ini C:\WINDOWS\system32\srysdmdw.dll C:\WINDOWS\system32\tvrfhgru.dll C:\WINDOWS\SYSTEM32\tvyxendx.ini C:\WINDOWS\system32\uabkhenj.dll C:\WINDOWS\SYSTEM32\ugrmphgf.ini C:\WINDOWS\SYSTEM32\uhmamesi.ini C:\WINDOWS\SYSTEM32\utxnnthj.ini C:\WINDOWS\system32\uunfxkmf.dll C:\WINDOWS\system32\vhuyflsi.dll C:\WINDOWS\system32\vovidxkr.dll C:\WINDOWS\system32\wjceaals.dll C:\WINDOWS\system32\wjvpkuua.dll C:\WINDOWS\system32\wovfinjo.dll C:\WINDOWS\SYSTEM32\wqgdmxol.ini C:\WINDOWS\SYSTEM32\xddgtsbm.ini C:\WINDOWS\SYSTEM32\xeegjhvf.ini C:\WINDOWS\SYSTEM32\xituejkj.ini C:\WINDOWS\system32\xutgejtk.dll C:\WINDOWS\system32\ydrvxvmh.dll C:\WINDOWS\SYSTEM32\ylqmsxim.ini C:\WINDOWS\system32\yqugwtdv.dll C:\WINDOWS\Web\default.htt . ((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 ))))))))))))))))))))))))))))))) . 2008-03-19 17:18 . 2008-03-19 17:18 <DIR> d-------- C:\WINDOWS\LastGood.Tmp 2008-03-19 15:42 . 2008-03-19 15:42 <DIR> d-------- C:\WINDOWS\ERUNT 2008-03-19 15:36 . 2008-03-19 17:26 <DIR> d-------- C:\SDFix 2008-03-17 23:14 . 2008-03-18 23:15 2,104,562 ---hs---- C:\WINDOWS\SYSTEM32\fhyaouro.ini 2008-03-17 18:46 . 2008-03-17 18:46 <DIR> d-------- C:\ie-spyad_zo 2008-03-16 23:14 . 2008-03-16 23:14 1,367,267 ---hs---- C:\WINDOWS\SYSTEM32\oihsbyot.ini 2008-03-15 23:18 . 2008-03-16 14:08 1,366,743 ---hs---- C:\WINDOWS\SYSTEM32\skvxnofm.ini 2008-03-06 23:29 . 2004-08-04 05:00 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\hwxjpn.dll 2008-03-06 23:28 . 2004-05-13 01:39 876,653 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\fp4awel.dll 2008-03-06 23:26 . 2008-03-06 23:26 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest 2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest 2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest 2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest 2008-03-06 22:40 . 2004-08-04 05:00 1,086,058 -ra------ C:\WINDOWS\SET79.tmp 2008-03-06 22:40 . 2004-08-04 05:00 1,042,903 -ra------ C:\WINDOWS\SET76.tmp 2008-03-06 22:40 . 2004-08-04 05:00 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll 2008-03-06 22:40 . 2004-08-04 05:00 24,661 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\spxcoins.dll 2008-03-06 22:40 . 2004-08-04 05:00 13,753 -ra------ C:\WINDOWS\SET85.tmp 2008-03-06 22:40 . 2004-08-04 05:00 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll 2008-03-06 22:40 . 2004-08-04 05:00 13,312 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\irclass.dll 2008-03-06 18:25 . 2007-12-10 15:24 159,458 --a------ C:\WINDOWS\SYSTEM32\nvapps.nvb 2008-03-06 18:20 . 2008-03-08 00:21 1,355 --a------ C:\WINDOWS\imsins.BAK 2008-03-01 03:07 . 2008-03-17 15:35 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico 2008-03-01 03:06 . 2008-03-17 17:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan 2008-03-01 03:06 . 2008-03-17 15:35 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico 2008-03-01 03:06 . 2008-03-17 15:35 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico 2008-02-29 23:01 . 2008-02-29 23:04 197,009,408 --a------ C:\B.tmp 2008-02-29 22:57 . 2008-02-29 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel 2008-02-29 22:56 . 2008-02-29 23:01 <DIR> d-------- C:\WINDOWS\SYSTEM32\PAV 2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Program Files\Panda Security 2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Documents and Settings\Michael Greene\Application Data\Panda Software 2008-02-29 22:56 . 2007-09-28 14:24 83,896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pavdrv51.sys 2008-02-29 22:56 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\SYSTEM32\pavcpl.cpl 2008-02-29 22:56 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\SYSTEM32\avldr.dll 2008-02-29 22:56 . 2008-02-29 22:56 248 --a------ C:\WINDOWS\SYSTEM32\PavCPL.dat 2008-02-29 22:53 . 2007-07-12 14:49 178,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PavProc.sys 2008-02-29 22:53 . 2007-05-23 16:40 38,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ShlDrv51.sys 2008-02-29 22:48 . 2008-02-29 22:48 170 --a------ C:\WINDOWS\AvDetected.ini 2008-02-29 22:47 . 2008-02-29 22:53 <DIR> d-------- C:\Program Files\Common Files\Panda Software 2008-02-26 02:37 . 2008-02-26 02:37 <DIR> d-------- C:\Deckard 2008-02-25 20:13 . 2008-03-11 20:31 1,597 --a------ C:\WINDOWS\mozver.dat 2008-02-25 19:51 . 2008-03-17 18:42 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-02-25 18:28 . 2008-02-25 18:28 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-02-25 01:48 . 2007-08-01 23:47 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys 2008-02-25 00:51 . 2008-02-25 00:51 1,966,134 --a------ C:\WINDOWS\wall.bmp 2008-02-25 00:29 . 2008-02-25 01:48 <DIR> d-------- C:\Documents and Settings\Michael Greene\.housecall6.6 2008-02-25 00:17 . 2008-02-25 00:17 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-24 23:54 . 2008-02-24 23:54 <DIR> d-------- C:\NVIDIA 2008-02-24 23:54 . 2007-12-05 03:53 356,352 --a------ C:\WINDOWS\SYSTEM32\NVUNINST.EXE 2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\VundoFix Backups 2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-24 21:42 . 2008-03-17 18:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Anvsoft 2008-02-23 21:37 . 2008-02-23 21:37 0 --a------ C:\WINDOWS\SYSTEM32\efccbcc.dll.vir 2008-02-23 20:27 . 2008-02-23 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-20 18:13 . 2008-02-20 18:13 11 -ra------ C:\WINDOWS\amunres.lsl . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-17 23:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-17 23:41 --------- d-----w C:\Program Files\mobile PhoneTools 2008-03-17 23:38 --------- d-----w C:\Program Files\Google 2008-03-17 23:36 --------- d-----w C:\Program Files\Common Files\LightScribe 2008-03-17 23:36 --------- d-----w C:\Program Files\Coast to Coast AM Media Center 2008-03-10 01:47 --------- d-----w C:\Program Files\AtomTime Pro 2008-03-07 06:38 28,144 ----a-w C:\Documents and Settings\Michael Greene\Application Data\GDIPFONTCACHEV1.DAT 2008-03-01 07:49 5,751,849 ----a-w C:\WINDOWS\JAVA\Packages\6rr9np7x.zip 2008-03-01 07:49 5,749,283 ----a-w C:\WINDOWS\JAVA\Packages\a9flzxvh.zip 2008-03-01 06:53 5,883,064 ----a-w C:\Program Files\DPSS0303.ZIP 2008-03-01 05:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-26 02:37 --------- d-----w C:\Program Files\LimeWire 2008-02-25 06:50 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-02-25 05:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-25 04:42 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Lavasoft 2008-02-25 04:41 --------- d-----w C:\Program Files\RegistryFix 2008-02-25 04:41 --------- d-----w C:\Program Files\Common Files\Ahead 2008-02-25 04:41 --------- d-----w C:\Program Files\AviSynth 2.5 2008-02-25 04:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-02-25 04:39 --------- d-----w C:\Program Files\GetASFStream 2008-02-25 04:39 --------- d-----w C:\Program Files\DVD slideshow GUI 2008-02-25 04:37 --------- d-----w C:\Program Files\Picasa2 2008-02-25 04:37 --------- d-----w C:\Program Files\Lavasoft 2008-02-21 02:37 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Ahead 2008-02-17 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe 2008-02-17 03:51 --------- d-----w C:\Program Files\Nero 2008-02-17 03:45 --------- d-----w C:\Program Files\Common Files\Nero 2008-02-16 23:43 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Media Player Classic 2008-02-16 23:36 --------- d-----w C:\Program Files\Replay Converter 2008-02-09 06:05 --------- d-----w C:\Program Files\RealArcade 2008-02-08 08:53 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-06 07:41 --------- d-----w C:\Program Files\URLSnooper2 2008-01-20 17:59 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\DonationCoder 2008-01-20 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\DonationCoder 2007-08-25 07:00 250 ------w C:\Documents and Settings\Michael Greene\jobq.dat 2007-06-04 21:13 3,655,608 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe 2007-06-04 21:13 25,990,392 ----a-w C:\Program Files\FLV PlayerRCSetup.exe 2006-10-03 08:00 24,192 ------w C:\Documents and Settings\Michael Greene\usbsermptxp.sys 2006-10-03 08:00 22,768 ------w C:\Documents and Settings\Michael Greene\usbsermpt.sys 2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe 2005-02-06 16:27 122 ------w C:\Documents and Settings\Michael Greene\Application Data\fusioncache.dat 2005-02-05 04:02 271 --sh--w C:\Program Files\desktop.ini 2005-02-05 04:02 23,357 ---ha-w C:\Program Files\folder.htt 2004-07-18 05:55 460,728 ----a-w C:\WINDOWS\FONTS\SET496.tmp 2004-07-18 05:55 383,140 ----a-w C:\WINDOWS\FONTS\SET495.tmp 2004-07-18 05:55 355,436 ----a-w C:\WINDOWS\FONTS\SET494.tmp 2004-07-17 18:39 409,280 ----a-w C:\WINDOWS\FONTS\SET493.tmp 2004-07-17 18:39 398,372 ----a-w C:\WINDOWS\FONTS\SET492.tmp 2004-07-17 18:39 367,112 ----a-w C:\WINDOWS\FONTS\SET49A.tmp 2004-07-17 18:39 352,224 ----a-w C:\WINDOWS\FONTS\SET499.tmp 2004-07-17 18:39 171,792 ----a-w C:\WINDOWS\FONTS\SET490.tmp 2004-07-17 18:39 155,068 ----a-w C:\WINDOWS\FONTS\SET497.tmp 2004-07-17 18:39 134,108 ----a-w C:\WINDOWS\FONTS\SET491.tmp 2004-07-17 18:39 127,596 ----a-w C:\WINDOWS\FONTS\SET498.tmp 2003-02-08 11:50 8,707 ----a-w C:\Program Files\Readme.rtf 2003-02-08 11:50 2,418 ----a-w C:\Program Files\Readme.txt 2003-01-12 19:41 3,392 ----a-w C:\WINDOWS\inf\OTHER\cmiainfo.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776] "Coast to Coast AM"="C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe" [2005-06-08 11:00 983040] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-20 23:04 68856] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2003-06-26 11:35 303104] "SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07 843776] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-15 20:23 155648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 10:57:16 2913584] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588] Timex Data Link USB Launcher.lnk - C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe [2006-01-01 19:22:01 40960] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] "csnob.exe"= C:\WINDOWS\system\csnob.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\SYSTEM32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbcc] efccbcc.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli scecli [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timex Data Link USB Launcher.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timex Data Link USB Launcher.lnk backup=C:\WINDOWS\pss\Timex Data Link USB Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Palm Registration.lnk] path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Palm Registration.lnk backup=C:\WINDOWS\pss\Palm Registration.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Reboot.exe] path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Reboot.exe backup=C:\WINDOWS\pss\Reboot.exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Screenshot Utility.lnk] path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Screenshot Utility.lnk backup=C:\WINDOWS\pss\Screenshot Utility.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aCr3RWJpX] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-09-09 01:18 57344 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater] C:\Program Files\AutoUpdate\AutoUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe465e73a] C:\WINDOWS\system32\igcvqlvu.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\canoenc] C:\WINDOWS\canoenc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAS Client] C:\Program Files\Cas\Client\casclient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfgmgr52] C:\WINDOWS\cfgmgr52.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\checkrun] C:\windows\system32\eliteuhe32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMAPP] C:\Program Files\CMAPP\Client\cmappclient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer] --a------ 2003-07-24 00:05 395264 C:\Program Files\Microsoft Plus! Digital Media Edition\Dancer\Dancer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dwridll] C:\WINDOWS\dwridll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e756d4a6] C:\WINDOWS\system32\xutgejtk.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjdll] C:\WINDOWS\eddjdll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjenc] C:\WINDOWS\eddjenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgoldll] C:\WINDOWS\fgoldll.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgolenc] C:\WINDOWS\fgolenc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup 4.0] C:\PROGRA~1\NOVOSOFT\HANDYB~1\hbagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] --a------ 2001-11-19 06:27 196608 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE New Window Maximizer] --a------ 2005-02-08 23:06 356352 C:\Program Files\IE New Window Maximizer\iemaximizer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] --a------ 2004-04-14 15:04 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Israfel] C:\WINDOWS\SYSTEM32\Israfel.vbs [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] --a------ 2006-03-20 17:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KavSvc] C:\WINDOWS\system32\pnphma.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel32] C:\WINDOWS\SYSTEM32\Kernel32.win [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lu38clae] C:\WINDOWS\system32\lu38clae.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0] C:\Program Files\Microsoft Money\System\Activation.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyApplication] --a------ 2006-04-29 06:37 2841600 C:\Program Files\SlideShow\wpchng.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell] --a------ 2007-10-29 18:14 323216 C:\Program Files\Napster\napster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray] C:\Program Files\NetZero\exec.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NGServer] C:\Program Files\Symantec\Ghost\ngserver.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqdll] C:\WINDOWS\ozdqdll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqenc] C:\WINDOWS\ozdqenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] --a------ 2004-04-14 14:46 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pidfdll] C:\WINDOWS\pidfdll.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivacyScanner] C:\Program Files\Privacy Champion\pscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSof1] C:\WINDOWS\system32\PSof1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2005-11-15 20:23 155648 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\richup] C:\WINDOWS\system32\richup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rn8T36l] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker] C:\WINDOWS\system32\khooker.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG] --a------ 2002-07-12 03:15 106496 C:\WINDOWS\SiSUSBrg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] -ra------ 2003-10-14 10:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-09-20 23:04 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sysnet] C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\sysnet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The Phil Hendrie Show] C:\Program Files\Phil Hendrie Media Center\Phil Hendrie Media Center.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfdll] C:\WINDOWS\tkbfdll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfenc] C:\WINDOWS\tkbfenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WallpaperSS] C:\Program Files\WallpaperSS\WallpaperSS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsync] C:\WINDOWS\system32\babpon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates] C:\Program Files\winupdates\winupdates.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WootAgent] C:\Program Files\Woot Agent\WootAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ycbyenc] C:\WINDOWS\ycbyenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YCentral] --a------ 2005-12-06 17:37 409112 c:\progra~1\yahoo!\YCentral\YahooCentral.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrdll] C:\WINDOWS\yfzrdll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrenc] C:\WINDOWS\yfzrenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yykvenc] C:\WINDOWS\yykvenc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwdll] C:\WINDOWS\zztwdll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwenc] C:\WINDOWS\zztwenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RioMSC"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Palm\\Hotsync.exe"= "C:\\StubInstaller.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"= "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "C:\\Program Files\\SecondLife\\SecondLife.exe"= "C:\\Program Files\\SecondLife\\SLVoice.exe"= "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1755:TCP"= 1755:TCP:yahoo.com "14237:TCP"= 14237:TCP:hotsync "14238:UDP"= 14238:UDP:hotsync R0 MtxDma0;Matrox Dma Manager (0);C:\WINDOWS\system32\drivers\MtxDma0.sys [2002-07-09 23:33] R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40] R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 14:49] R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15] R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 05:27] R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28] S3 DoradoPC;Conexant VGA Camera;C:\WINDOWS\system32\DRIVERS\drdvid40.sys [2001-12-16 19:33] S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys [2006-04-17 18:13] S3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [] S3 sgiul50;sgiul50;C:\WINDOWS\system32\DRIVERS\sgiulnt5.sys [2001-08-17 12:51] S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 16:02] S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;C:\Program Files\Ufasoft\Sniffer\usft_sn4.sys [] S3 USB-100;SMC Compact USB to Ethernet converter;C:\WINDOWS\system32\DRIVERS\SMC2208.SYS [2003-04-03 00:21] . Contents of the 'Scheduled Tasks' folder "2008-03-20 01:10:01 C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job" - C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE "2008-03-06 07:00:00 C:\WINDOWS\Tasks\Tune-up Application Start.job" "2008-03-20 01:39:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{3238FA5A-B1EB-4855-987F-502E04ED310C}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-19 18:31:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\WINDOWS\SYSTEM32\Brmfrmps.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe . ************************************************************************ . Completion time: 2008-03-19 18:40:22 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-20 01:40:12 . 2008-03-19 10:00:28 --- E O F --- ComboFix 08-03-18.1 - Michael Greene 2008-03-19 18:25:59.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1424 [GMT -7:00] Running from: C:\Documents and Settings\Michael Greene\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\cmapp C:\Program Files\cmapp\Client\hf.txt C:\Program Files\cmapp\Client\rf.txt C:\Program Files\cmapp\Client\sf.txt C:\Program Files\cmapp\Client\Uninstall.exe C:\Program Files\cmapp\cmappstub.exe C:\Program Files\Common Files\uninstall information C:\Program Files\winupdates C:\Program Files\winupdates\a.zip C:\WINDOWS\BMe465e73a.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\start.exe C:\WINDOWS\SYSTEM32\adnwyvie.ini C:\WINDOWS\system32\albxjodg.dll C:\WINDOWS\system32\asdmjtim.dll C:\WINDOWS\SYSTEM32\bptcllyu.ini C:\WINDOWS\system32\bxyuaonk.dll C:\WINDOWS\system32\cvywfklc.dll C:\WINDOWS\SYSTEM32\djeukusu.ini C:\WINDOWS\system32\edaqelrk.dll C:\WINDOWS\SYSTEM32\egjlm.ini C:\WINDOWS\SYSTEM32\egjlm.ini2 C:\WINDOWS\system32\fmvdihvk.dll C:\WINDOWS\system32\fsdfdeyn.dll C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\gwajljhn.dll C:\WINDOWS\system32\hbvvhhju.dll C:\WINDOWS\system32\hmfeapee.dll C:\WINDOWS\system32\iapkbtps.dll C:\WINDOWS\SYSTEM32\inqhtdla.ini C:\WINDOWS\system32\iqnmdrrl.dll C:\WINDOWS\system32\iwiicvpa.dll C:\WINDOWS\system32\ixuegpyk.dll C:\WINDOWS\SYSTEM32\jlmdvkgd.ini C:\WINDOWS\SYSTEM32\jovhpwxj.ini C:\WINDOWS\system32\jqlxqwjt.dll C:\WINDOWS\system32\kdrvsudx.dll C:\WINDOWS\SYSTEM32\ktjegtux.ini C:\WINDOWS\SYSTEM32\laodyemv.ini C:\WINDOWS\SYSTEM32\lrrdmnqi.ini C:\WINDOWS\system32\lvdbcmer.dll C:\WINDOWS\system32\makxmthy.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\SYSTEM32\mitjmdsa.ini C:\WINDOWS\system32\mljge.dll C:\WINDOWS\SYSTEM32\mmhhuswo.ini C:\WINDOWS\system32\nisjsprp.dll C:\WINDOWS\SYSTEM32\nutxlmne.ini C:\WINDOWS\system32\oekvfsxo.dll C:\WINDOWS\system32\oxrlbdeq.dll C:\WINDOWS\system32\pbjkpkqi.dll C:\WINDOWS\system32\pubntywb.dll C:\WINDOWS\system32\qgwphfko.dll C:\WINDOWS\SYSTEM32\qobhppso.ini C:\WINDOWS\system32\qufkmyiu.dll C:\WINDOWS\system32\qwsaahim.dll C:\WINDOWS\SYSTEM32\rnpsgojr.ini C:\WINDOWS\SYSTEM32\spnjgglu.ini C:\WINDOWS\SYSTEM32\sptbkpai.ini C:\WINDOWS\SYSTEM32\srclfebv.ini C:\WINDOWS\system32\srysdmdw.dll C:\WINDOWS\system32\tvrfhgru.dll C:\WINDOWS\SYSTEM32\tvyxendx.ini C:\WINDOWS\system32\uabkhenj.dll C:\WINDOWS\SYSTEM32\ugrmphgf.ini C:\WINDOWS\SYSTEM32\uhmamesi.ini C:\WINDOWS\SYSTEM32\utxnnthj.ini C:\WINDOWS\system32\uunfxkmf.dll C:\WINDOWS\system32\vhuyflsi.dll C:\WINDOWS\system32\vovidxkr.dll C:\WINDOWS\system32\wjceaals.dll C:\WINDOWS\system32\wjvpkuua.dll C:\WINDOWS\system32\wovfinjo.dll C:\WINDOWS\SYSTEM32\wqgdmxol.ini C:\WINDOWS\SYSTEM32\xddgtsbm.ini C:\WINDOWS\SYSTEM32\xeegjhvf.ini C:\WINDOWS\SYSTEM32\xituejkj.ini C:\WINDOWS\system32\xutgejtk.dll C:\WINDOWS\system32\ydrvxvmh.dll C:\WINDOWS\SYSTEM32\ylqmsxim.ini C:\WINDOWS\system32\yqugwtdv.dll C:\WINDOWS\Web\default.htt . ((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 ))))))))))))))))))))))))))))))) . 2008-03-19 17:18 . 2008-03-19 17:18 <DIR> d-------- C:\WINDOWS\LastGood.Tmp 2008-03-19 15:42 . 2008-03-19 15:42 <DIR> d-------- C:\WINDOWS\ERUNT 2008-03-19 15:36 . 2008-03-19 17:26 <DIR> d-------- C:\SDFix 2008-03-17 23:14 . 2008-03-18 23:15 2,104,562 ---hs---- C:\WINDOWS\SYSTEM32\fhyaouro.ini 2008-03-17 18:46 . 2008-03-17 18:46 <DIR> d-------- C:\ie-spyad_zo 2008-03-16 23:14 . 2008-03-16 23:14 1,367,267 ---hs---- C:\WINDOWS\SYSTEM32\oihsbyot.ini 2008-03-15 23:18 . 2008-03-16 14:08 1,366,743 ---hs---- C:\WINDOWS\SYSTEM32\skvxnofm.ini 2008-03-06 23:29 . 2004-08-04 05:00 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\hwxjpn.dll 2008-03-06 23:28 . 2004-05-13 01:39 876,653 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\fp4awel.dll 2008-03-06 23:26 . 2008-03-06 23:26 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest 2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest 2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest 2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest 2008-03-06 22:40 . 2004-08-04 05:00 1,086,058 -ra------ C:\WINDOWS\SET79.tmp 2008-03-06 22:40 . 2004-08-04 05:00 1,042,903 -ra------ C:\WINDOWS\SET76.tmp 2008-03-06 22:40 . 2004-08-04 05:00 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll 2008-03-06 22:40 . 2004-08-04 05:00 24,661 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\spxcoins.dll 2008-03-06 22:40 . 2004-08-04 05:00 13,753 -ra------ C:\WINDOWS\SET85.tmp 2008-03-06 22:40 . 2004-08-04 05:00 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll 2008-03-06 22:40 . 2004-08-04 05:00 13,312 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\irclass.dll 2008-03-06 18:25 . 2007-12-10 15:24 159,458 --a------ C:\WINDOWS\SYSTEM32\nvapps.nvb 2008-03-06 18:20 . 2008-03-08 00:21 1,355 --a------ C:\WINDOWS\imsins.BAK 2008-03-01 03:07 . 2008-03-17 15:35 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico 2008-03-01 03:06 . 2008-03-17 17:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan 2008-03-01 03:06 . 2008-03-17 15:35 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico 2008-03-01 03:06 . 2008-03-17 15:35 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico 2008-02-29 23:01 . 2008-02-29 23:04 197,009,408 --a------ C:\B.tmp 2008-02-29 22:57 . 2008-02-29 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel 2008-02-29 22:56 . 2008-02-29 23:01 <DIR> d-------- C:\WINDOWS\SYSTEM32\PAV 2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Program Files\Panda Security 2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Documents and Settings\Michael Greene\Application Data\Panda Software 2008-02-29 22:56 . 2007-09-28 14:24 83,896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pavdrv51.sys 2008-02-29 22:56 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\SYSTEM32\pavcpl.cpl 2008-02-29 22:56 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\SYSTEM32\avldr.dll 2008-02-29 22:56 . 2008-02-29 22:56 248 --a------ C:\WINDOWS\SYSTEM32\PavCPL.dat 2008-02-29 22:53 . 2007-07-12 14:49 178,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PavProc.sys 2008-02-29 22:53 . 2007-05-23 16:40 38,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ShlDrv51.sys 2008-02-29 22:48 . 2008-02-29 22:48 170 --a------ C:\WINDOWS\AvDetected.ini 2008-02-29 22:47 . 2008-02-29 22:53 <DIR> d-------- C:\Program Files\Common Files\Panda Software 2008-02-26 02:37 . 2008-02-26 02:37 <DIR> d-------- C:\Deckard 2008-02-25 20:13 . 2008-03-11 20:31 1,597 --a------ C:\WINDOWS\mozver.dat 2008-02-25 19:51 . 2008-03-17 18:42 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-02-25 18:28 . 2008-02-25 18:28 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-02-25 01:48 . 2007-08-01 23:47 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys 2008-02-25 00:51 . 2008-02-25 00:51 1,966,134 --a------ C:\WINDOWS\wall.bmp 2008-02-25 00:29 . 2008-02-25 01:48 <DIR> d-------- C:\Documents and Settings\Michael Greene\.housecall6.6 2008-02-25 00:17 . 2008-02-25 00:17 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-24 23:54 . 2008-02-24 23:54 <DIR> d-------- C:\NVIDIA 2008-02-24 23:54 . 2007-12-05 03:53 356,352 --a------ C:\WINDOWS\SYSTEM32\NVUNINST.EXE 2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\VundoFix Backups 2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-24 21:42 . 2008-03-17 18:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Anvsoft 2008-02-23 21:37 . 2008-02-23 21:37 0 --a------ C:\WINDOWS\SYSTEM32\efccbcc.dll.vir 2008-02-23 20:27 . 2008-02-23 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-20 18:13 . 2008-02-20 18:13 11 -ra------ C:\WINDOWS\amunres.lsl . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-17 23:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-17 23:41 --------- d-----w C:\Program Files\mobile PhoneTools 2008-03-17 23:38 --------- d-----w C:\Program Files\Google 2008-03-17 23:36 --------- d-----w C:\Program Files\Common Files\LightScribe 2008-03-17 23:36 --------- d-----w C:\Program Files\Coast to Coast AM Media Center 2008-03-10 01:47 --------- d-----w C:\Program Files\AtomTime Pro 2008-03-07 06:38 28,144 ----a-w C:\Documents and Settings\Michael Greene\Application Data\GDIPFONTCACHEV1.DAT 2008-03-01 07:49 5,751,849 ----a-w C:\WINDOWS\JAVA\Packages\6rr9np7x.zip 2008-03-01 07:49 5,749,283 ----a-w C:\WINDOWS\JAVA\Packages\a9flzxvh.zip 2008-03-01 06:53 5,883,064 ----a-w C:\Program Files\DPSS0303.ZIP 2008-03-01 05:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-26 02:37 --------- d-----w C:\Program Files\LimeWire 2008-02-25 06:50 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-02-25 05:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-25 04:42 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Lavasoft 2008-02-25 04:41 --------- d-----w C:\Program Files\RegistryFix 2008-02-25 04:41 --------- d-----w C:\Program Files\Common Files\Ahead 2008-02-25 04:41 --------- d-----w C:\Program Files\AviSynth 2.5 2008-02-25 04:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-02-25 04:39 --------- d-----w C:\Program Files\GetASFStream 2008-02-25 04:39 --------- d-----w C:\Program Files\DVD slideshow GUI 2008-02-25 04:37 --------- d-----w C:\Program Files\Picasa2 2008-02-25 04:37 --------- d-----w C:\Program Files\Lavasoft 2008-02-21 02:37 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Ahead 2008-02-17 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe 2008-02-17 03:51 --------- d-----w C:\Program Files\Nero 2008-02-17 03:45 --------- d-----w C:\Program Files\Common Files\Nero 2008-02-16 23:43 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Media Player Classic 2008-02-16 23:36 --------- d-----w C:\Program Files\Replay Converter 2008-02-09 06:05 --------- d-----w C:\Program Files\RealArcade 2008-02-08 08:53 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-06 07:41 --------- d-----w C:\Program Files\URLSnooper2 2008-01-20 17:59 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\DonationCoder 2008-01-20 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\DonationCoder 2007-08-25 07:00 250 ------w C:\Documents and Settings\Michael Greene\jobq.dat 2007-06-04 21:13 3,655,608 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe 2007-06-04 21:13 25,990,392 ----a-w C:\Program Files\FLV PlayerRCSetup.exe 2006-10-03 08:00 24,192 ------w C:\Documents and Settings\Michael Greene\usbsermptxp.sys 2006-10-03 08:00 22,768 ------w C:\Documents and Settings\Michael Greene\usbsermpt.sys 2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe 2005-02-06 16:27 122 ------w C:\Documents and Settings\Michael Greene\Application Data\fusioncache.dat 2005-02-05 04:02 271 --sh--w C:\Program Files\desktop.ini 2005-02-05 04:02 23,357 ---ha-w C:\Program Files\folder.htt 2004-07-18 05:55 460,728 ----a-w C:\WINDOWS\FONTS\SET496.tmp 2004-07-18 05:55 383,140 ----a-w C:\WINDOWS\FONTS\SET495.tmp 2004-07-18 05:55 355,436 ----a-w C:\WINDOWS\FONTS\SET494.tmp 2004-07-17 18:39 409,280 ----a-w C:\WINDOWS\FONTS\SET493.tmp 2004-07-17 18:39 398,372 ----a-w C:\WINDOWS\FONTS\SET492.tmp 2004-07-17 18:39 367,112 ----a-w C:\WINDOWS\FONTS\SET49A.tmp 2004-07-17 18:39 352,224 ----a-w C:\WINDOWS\FONTS\SET499.tmp 2004-07-17 18:39 171,792 ----a-w C:\WINDOWS\FONTS\SET490.tmp 2004-07-17 18:39 155,068 ----a-w C:\WINDOWS\FONTS\SET497.tmp 2004-07-17 18:39 134,108 ----a-w C:\WINDOWS\FONTS\SET491.tmp 2004-07-17 18:39 127,596 ----a-w C:\WINDOWS\FONTS\SET498.tmp 2003-02-08 11:50 8,707 ----a-w C:\Program Files\Readme.rtf 2003-02-08 11:50 2,418 ----a-w C:\Program Files\Readme.txt 2003-01-12 19:41 3,392 ----a-w C:\WINDOWS\inf\OTHER\cmiainfo.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776] "Coast to Coast AM"="C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe" [2005-06-08 11:00 983040] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-20 23:04 68856] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2003-06-26 11:35 303104] "SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07 843776] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-15 20:23 155648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 10:57:16 2913584] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588] Timex Data Link USB Launcher.lnk - C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe [2006-01-01 19:22:01 40960] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] "csnob.exe"= C:\WINDOWS\system\csnob.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\SYSTEM32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbcc] efccbcc.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli scecli [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timex Data Link USB Launcher.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timex Data Link USB Launcher.lnk backup=C:\WINDOWS\pss\Timex Data Link USB Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Palm Registration.lnk] path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Palm Registration.lnk backup=C:\WINDOWS\pss\Palm Registration.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Reboot.exe] path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Reboot.exe backup=C:\WINDOWS\pss\Reboot.exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Screenshot Utility.lnk] path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Screenshot Utility.lnk backup=C:\WINDOWS\pss\Screenshot Utility.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aCr3RWJpX] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-09-09 01:18 57344 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater] C:\Program Files\AutoUpdate\AutoUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe465e73a] C:\WINDOWS\system32\igcvqlvu.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\canoenc] C:\WINDOWS\canoenc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAS Client] C:\Program Files\Cas\Client\casclient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfgmgr52] C:\WINDOWS\cfgmgr52.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\checkrun] C:\windows\system32\eliteuhe32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMAPP] C:\Program Files\CMAPP\Client\cmappclient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer] --a------ 2003-07-24 00:05 395264 C:\Program Files\Microsoft Plus! Digital Media Edition\Dancer\Dancer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dwridll] C:\WINDOWS\dwridll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e756d4a6] C:\WINDOWS\system32\xutgejtk.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjdll] C:\WINDOWS\eddjdll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjenc] C:\WINDOWS\eddjenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgoldll] C:\WINDOWS\fgoldll.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgolenc] C:\WINDOWS\fgolenc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup 4.0] C:\PROGRA~1\NOVOSOFT\HANDYB~1\hbagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] --a------ 2001-11-19 06:27 196608 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE New Window Maximizer] --a------ 2005-02-08 23:06 356352 C:\Program Files\IE New Window Maximizer\iemaximizer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] --a------ 2004-04-14 15:04 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Israfel] C:\WINDOWS\SYSTEM32\Israfel.vbs [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] --a------ 2006-03-20 17:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KavSvc] C:\WINDOWS\system32\pnphma.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel32] C:\WINDOWS\SYSTEM32\Kernel32.win [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lu38clae] C:\WINDOWS\system32\lu38clae.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0] C:\Program Files\Microsoft Money\System\Activation.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyApplication] --a------ 2006-04-29 06:37 2841600 C:\Program Files\SlideShow\wpchng.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell] --a------ 2007-10-29 18:14 323216 C:\Program Files\Napster\napster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray] C:\Program Files\NetZero\exec.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NGServer] C:\Program Files\Symantec\Ghost\ngserver.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqdll] C:\WINDOWS\ozdqdll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqenc] C:\WINDOWS\ozdqenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] --a------ 2004-04-14 14:46 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pidfdll] C:\WINDOWS\pidfdll.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivacyScanner] C:\Program Files\Privacy Champion\pscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSof1] C:\WINDOWS\system32\PSof1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2005-11-15 20:23 155648 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\richup] C:\WINDOWS\system32\richup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rn8T36l] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker] C:\WINDOWS\system32\khooker.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG] --a------ 2002-07-12 03:15 106496 C:\WINDOWS\SiSUSBrg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] -ra------ 2003-10-14 10:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-09-20 23:04 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sysnet] C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\sysnet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The Phil Hendrie Show] C:\Program Files\Phil Hendrie Media Center\Phil Hendrie Media Center.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfdll] C:\WINDOWS\tkbfdll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfenc] C:\WINDOWS\tkbfenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WallpaperSS] C:\Program Files\WallpaperSS\WallpaperSS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsync] C:\WINDOWS\system32\babpon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates] C:\Program Files\winupdates\winupdates.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WootAgent] C:\Program Files\Woot Agent\WootAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ycbyenc] C:\WINDOWS\ycbyenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YCentral] --a------ 2005-12-06 17:37 409112 c:\progra~1\yahoo!\YCentral\YahooCentral.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrdll] C:\WINDOWS\yfzrdll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrenc] C:\WINDOWS\yfzrenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yykvenc] C:\WINDOWS\yykvenc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwdll] C:\WINDOWS\zztwdll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwenc] C:\WINDOWS\zztwenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RioMSC"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Palm\\Hotsync.exe"= "C:\\StubInstaller.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"= "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "C:\\Program Files\\SecondLife\\SecondLife.exe"= "C:\\Program Files\\SecondLife\\SLVoice.exe"= "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1755:TCP"= 1755:TCP:yahoo.com "14237:TCP"= 14237:TCP:hotsync "14238:UDP"= 14238:UDP:hotsync R0 MtxDma0;Matrox Dma Manager (0);C:\WINDOWS\system32\drivers\MtxDma0.sys [2002-07-09 23:33] R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40] R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 14:49] R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15] R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 05:27] R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28] S3 DoradoPC;Conexant VGA Camera;C:\WINDOWS\system32\DRIVERS\drdvid40.sys [2001-12-16 19:33] S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys [2006-04-17 18:13] S3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [] S3 sgiul50;sgiul50;C:\WINDOWS\system32\DRIVERS\sgiulnt5.sys [2001-08-17 12:51] S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 16:02] S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;C:\Program Files\Ufasoft\Sniffer\usft_sn4.sys [] S3 USB-100;SMC Compact USB to Ethernet converter;C:\WINDOWS\system32\DRIVERS\SMC2208.SYS [2003-04-03 00:21] . Contents of the 'Scheduled Tasks' folder "2008-03-20 01:10:01 C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job" - C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE "2008-03-06 07:00:00 C:\WINDOWS\Tasks\Tune-up Application Start.job" "2008-03-20 01:39:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{3238FA5A-B1EB-4855-987F-502E04ED310C}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-19 18:31:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\WINDOWS\SYSTEM32\Brmfrmps.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe . ************************************************************************ . Completion time: 2008-03-19 18:40:22 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-20 01:40:12 . 2008-03-19 10:00:28 --- E O F ---

03-19-2008, 07:50 PM	#4 (permalink)
mikeyg98 Registered User Join Date: Feb 2008 Posts: 12 OS: XP SP2	Re: IE hijacks and spyware ads SDFix: Version 1.159 Run by Administrator on Wed 03/19/2008 at 03:59 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url - Deleted C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url - Deleted C:\Program Files\Setup.exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-19 17:17:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000051 "TracesSuccessful"=dword:00000009 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe::Enabled:Yahoo! Messenger" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe::Enabled:Internet Explorer" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe::Enabled:Yahoo! FT Server" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe::Enabled:Yahoo! Messenger" "C:\\Program Files\\Palm\\Hotsync.exe"="C:\\Program Files\\Palm\\Hotsync.exe::Enabled:HotSync Manager" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe::Disabled:LimeWire" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe::Disabled:LimeWire swarmed installer" "C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_server.exe"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_server.exe::Disabled:Musicmatchr Music Server" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\FlightGear\\bin\\win32\\fgfs.exe"="C:\\Program Files\\FlightGear\\bin\\win32\\fgfs.exe::Enabled:fgfs" "C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe::Enabled:Dreamweaver MX 2004" "C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe::Enabled:BearShare" "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe::Enabled:Logitech Harmony Remote Software 7" "C:\\Program Files\\SecondLife\\SecondLife.exe"="C:\\Program Files\\SecondLife\\SecondLife.exe::Enabled:Second Life" "C:\\Program Files\\SecondLife\\SLVoice.exe"="C:\\Program Files\\SecondLife\\SLVoice.exe::Enabled:SLVoice" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe::Enabled:æTorrent" "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe::Enabled:Nero ProductSetup" "C:\\Documents and Settings\\Michael Greene\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\Michael Greene\\Local Settings\\Temp\\Nero Web\\SetupXu.exe::Enabled:Nero ProductSetup" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe::Enabled:Logitech Harmony Remote Software 7" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Fri 4 Feb 2005 194 ..SH. --- "C:\AUTOEXEC.BAK" Mon 11 Jul 2005 3,112,968 ...H. --- "C:\amanda tem\setup.exe" Thu 21 Feb 2008 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe" Tue 21 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll" Sun 7 Oct 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Mon 11 Dec 2006 0 A.SH. --- "C:\WINDOWS\DRM\Cache\Indiv02.tmp" Sun 21 Jul 2002 418,816 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\All.exe" Thu 18 Jul 2002 390,144 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\Change.exe" Thu 18 Jul 2002 574,464 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\CheckPath.exe" Mon 19 Aug 2002 430,592 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\Counter.exe" Mon 22 Jul 2002 390,656 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\DelFolders.exe" Fri 22 Nov 2002 399,872 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\DirectSetup.exe" Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\RegClean.exe" Fri 19 Jul 2002 388,608 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\Regexe.exe" Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\SYSTEM32\Tools\RunRegexe.exe" Sun 14 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Fri 7 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT4.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52e811b9b8a98e903e9af1663dd13485\BIT4.tmp" Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT3.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\771350e502329b319ea4189fe126f571\BIT3.tmp" Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT4.tmp" Fri 7 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT3.tmp" Sun 4 Dec 2005 27,648 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Templates\~WRL0001.tmp" Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL0003.tmp" Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL1772.tmp" Mon 16 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL1851.tmp" Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL2215.tmp" Thu 26 Jan 2006 19,456 ...H. --- "C:\Documents and Settings\Michael Greene\Application Data\Microsoft\Word\~WRL2695.tmp" Sat 21 Jul 2007 1,101,824 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\cooper garry's wedding fishing\SIV53.tmp" Tue 22 Aug 2006 1,978,368 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\jun07\SIV9D.tmp" Mon 10 Sep 2007 1,640 ..SH. --- "C:\Documents and Settings\Michael Greene\Application Data\Roxio\Dragon\DiscInfoCache\SONY_____DVD_RW_DRU-530A__2.1a_300_DICV018_DRGV2050108.TMP" Fri 2 Nov 2007 2,172 A.SH. --- "C:\Documents and Settings\Michael Greene\Application Data\Roxio\Dragon\DiscInfoCache\SONY_____DVD_RW_DRU-530A__2.1a_100_DICV018_DRGV2050108.TMP" Wed 6 Jul 2005 1,409,024 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\102NIKON\102NIKON\SIV3F.tmp" Wed 6 Jul 2005 557,056 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\102NIKON\102NIKON\SIV42.tmp" Wed 6 Jul 2005 1,409,024 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\cruise\102NIKON\102NIKON\SIV3F.tmp" Wed 6 Jul 2005 557,056 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\cruise\102NIKON\102NIKON\SIV42.tmp" Thu 22 Jun 2006 2,461,696 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\jun07\DCIM\100NIKON\SIV39.tmp" Tue 6 Jun 2006 827,392 ..SH. --- "C:\Documents and Settings\Michael Greene\My Documents\My Pictures\jun07\DCIM\100NIKON\SIV55.tmp" Finished! ComboFix 08-03-18.1 - Michael Greene 2008-03-19 18:25:59.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1424 [GMT -7:00] Running from: C:\Documents and Settings\Michael Greene\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\cmapp C:\Program Files\cmapp\Client\hf.txt C:\Program Files\cmapp\Client\rf.txt C:\Program Files\cmapp\Client\sf.txt C:\Program Files\cmapp\Client\Uninstall.exe C:\Program Files\cmapp\cmappstub.exe C:\Program Files\Common Files\uninstall information C:\Program Files\winupdates C:\Program Files\winupdates\a.zip C:\WINDOWS\BMe465e73a.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\start.exe C:\WINDOWS\SYSTEM32\adnwyvie.ini C:\WINDOWS\system32\albxjodg.dll C:\WINDOWS\system32\asdmjtim.dll C:\WINDOWS\SYSTEM32\bptcllyu.ini C:\WINDOWS\system32\bxyuaonk.dll C:\WINDOWS\system32\cvywfklc.dll C:\WINDOWS\SYSTEM32\djeukusu.ini C:\WINDOWS\system32\edaqelrk.dll C:\WINDOWS\SYSTEM32\egjlm.ini C:\WINDOWS\SYSTEM32\egjlm.ini2 C:\WINDOWS\system32\fmvdihvk.dll C:\WINDOWS\system32\fsdfdeyn.dll C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\gwajljhn.dll C:\WINDOWS\system32\hbvvhhju.dll C:\WINDOWS\system32\hmfeapee.dll C:\WINDOWS\system32\iapkbtps.dll C:\WINDOWS\SYSTEM32\inqhtdla.ini C:\WINDOWS\system32\iqnmdrrl.dll C:\WINDOWS\system32\iwiicvpa.dll C:\WINDOWS\system32\ixuegpyk.dll C:\WINDOWS\SYSTEM32\jlmdvkgd.ini C:\WINDOWS\SYSTEM32\jovhpwxj.ini C:\WINDOWS\system32\jqlxqwjt.dll C:\WINDOWS\system32\kdrvsudx.dll C:\WINDOWS\SYSTEM32\ktjegtux.ini C:\WINDOWS\SYSTEM32\laodyemv.ini C:\WINDOWS\SYSTEM32\lrrdmnqi.ini C:\WINDOWS\system32\lvdbcmer.dll C:\WINDOWS\system32\makxmthy.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\SYSTEM32\mitjmdsa.ini C:\WINDOWS\system32\mljge.dll C:\WINDOWS\SYSTEM32\mmhhuswo.ini C:\WINDOWS\system32\nisjsprp.dll C:\WINDOWS\SYSTEM32\nutxlmne.ini C:\WINDOWS\system32\oekvfsxo.dll C:\WINDOWS\system32\oxrlbdeq.dll C:\WINDOWS\system32\pbjkpkqi.dll C:\WINDOWS\system32\pubntywb.dll C:\WINDOWS\system32\qgwphfko.dll C:\WINDOWS\SYSTEM32\qobhppso.ini C:\WINDOWS\system32\qufkmyiu.dll C:\WINDOWS\system32\qwsaahim.dll C:\WINDOWS\SYSTEM32\rnpsgojr.ini C:\WINDOWS\SYSTEM32\spnjgglu.ini C:\WINDOWS\SYSTEM32\sptbkpai.ini C:\WINDOWS\SYSTEM32\srclfebv.ini C:\WINDOWS\system32\srysdmdw.dll C:\WINDOWS\system32\tvrfhgru.dll C:\WINDOWS\SYSTEM32\tvyxendx.ini C:\WINDOWS\system32\uabkhenj.dll C:\WINDOWS\SYSTEM32\ugrmphgf.ini C:\WINDOWS\SYSTEM32\uhmamesi.ini C:\WINDOWS\SYSTEM32\utxnnthj.ini C:\WINDOWS\system32\uunfxkmf.dll C:\WINDOWS\system32\vhuyflsi.dll C:\WINDOWS\system32\vovidxkr.dll C:\WINDOWS\system32\wjceaals.dll C:\WINDOWS\system32\wjvpkuua.dll C:\WINDOWS\system32\wovfinjo.dll C:\WINDOWS\SYSTEM32\wqgdmxol.ini C:\WINDOWS\SYSTEM32\xddgtsbm.ini C:\WINDOWS\SYSTEM32\xeegjhvf.ini C:\WINDOWS\SYSTEM32\xituejkj.ini C:\WINDOWS\system32\xutgejtk.dll C:\WINDOWS\system32\ydrvxvmh.dll C:\WINDOWS\SYSTEM32\ylqmsxim.ini C:\WINDOWS\system32\yqugwtdv.dll C:\WINDOWS\Web\default.htt . ((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 ))))))))))))))))))))))))))))))) . 2008-03-19 17:18 . 2008-03-19 17:18 <DIR> d-------- C:\WINDOWS\LastGood.Tmp 2008-03-19 15:42 . 2008-03-19 15:42 <DIR> d-------- C:\WINDOWS\ERUNT 2008-03-19 15:36 . 2008-03-19 17:26 <DIR> d-------- C:\SDFix 2008-03-17 23:14 . 2008-03-18 23:15 2,104,562 ---hs---- C:\WINDOWS\SYSTEM32\fhyaouro.ini 2008-03-17 18:46 . 2008-03-17 18:46 <DIR> d-------- C:\ie-spyad_zo 2008-03-16 23:14 . 2008-03-16 23:14 1,367,267 ---hs---- C:\WINDOWS\SYSTEM32\oihsbyot.ini 2008-03-15 23:18 . 2008-03-16 14:08 1,366,743 ---hs---- C:\WINDOWS\SYSTEM32\skvxnofm.ini 2008-03-06 23:29 . 2004-08-04 05:00 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\hwxjpn.dll 2008-03-06 23:28 . 2004-05-13 01:39 876,653 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\fp4awel.dll 2008-03-06 23:26 . 2008-03-06 23:26 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest 2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest 2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest 2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest 2008-03-06 22:40 . 2004-08-04 05:00 1,086,058 -ra------ C:\WINDOWS\SET79.tmp 2008-03-06 22:40 . 2004-08-04 05:00 1,042,903 -ra------ C:\WINDOWS\SET76.tmp 2008-03-06 22:40 . 2004-08-04 05:00 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll 2008-03-06 22:40 . 2004-08-04 05:00 24,661 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\spxcoins.dll 2008-03-06 22:40 . 2004-08-04 05:00 13,753 -ra------ C:\WINDOWS\SET85.tmp 2008-03-06 22:40 . 2004-08-04 05:00 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll 2008-03-06 22:40 . 2004-08-04 05:00 13,312 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\irclass.dll 2008-03-06 18:25 . 2007-12-10 15:24 159,458 --a------ C:\WINDOWS\SYSTEM32\nvapps.nvb 2008-03-06 18:20 . 2008-03-08 00:21 1,355 --a------ C:\WINDOWS\imsins.BAK 2008-03-01 03:07 . 2008-03-17 15:35 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico 2008-03-01 03:06 . 2008-03-17 17:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan 2008-03-01 03:06 . 2008-03-17 15:35 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico 2008-03-01 03:06 . 2008-03-17 15:35 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico 2008-02-29 23:01 . 2008-02-29 23:04 197,009,408 --a------ C:\B.tmp 2008-02-29 22:57 . 2008-02-29 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel 2008-02-29 22:56 . 2008-02-29 23:01 <DIR> d-------- C:\WINDOWS\SYSTEM32\PAV 2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Program Files\Panda Security 2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Documents and Settings\Michael Greene\Application Data\Panda Software 2008-02-29 22:56 . 2007-09-28 14:24 83,896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pavdrv51.sys 2008-02-29 22:56 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\SYSTEM32\pavcpl.cpl 2008-02-29 22:56 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\SYSTEM32\avldr.dll 2008-02-29 22:56 . 2008-02-29 22:56 248 --a------ C:\WINDOWS\SYSTEM32\PavCPL.dat 2008-02-29 22:53 . 2007-07-12 14:49 178,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PavProc.sys 2008-02-29 22:53 . 2007-05-23 16:40 38,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ShlDrv51.sys 2008-02-29 22:48 . 2008-02-29 22:48 170 --a------ C:\WINDOWS\AvDetected.ini 2008-02-29 22:47 . 2008-02-29 22:53 <DIR> d-------- C:\Program Files\Common Files\Panda Software 2008-02-26 02:37 . 2008-02-26 02:37 <DIR> d-------- C:\Deckard 2008-02-25 20:13 . 2008-03-11 20:31 1,597 --a------ C:\WINDOWS\mozver.dat 2008-02-25 19:51 . 2008-03-17 18:42 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-02-25 18:28 . 2008-02-25 18:28 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-02-25 01:48 . 2007-08-01 23:47 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys 2008-02-25 00:51 . 2008-02-25 00:51 1,966,134 --a------ C:\WINDOWS\wall.bmp 2008-02-25 00:29 . 2008-02-25 01:48 <DIR> d-------- C:\Documents and Settings\Michael Greene\.housecall6.6 2008-02-25 00:17 . 2008-02-25 00:17 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-24 23:54 . 2008-02-24 23:54 <DIR> d-------- C:\NVIDIA 2008-02-24 23:54 . 2007-12-05 03:53 356,352 --a------ C:\WINDOWS\SYSTEM32\NVUNINST.EXE 2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\VundoFix Backups 2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-24 21:42 . 2008-03-17 18:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Anvsoft 2008-02-23 21:37 . 2008-02-23 21:37 0 --a------ C:\WINDOWS\SYSTEM32\efccbcc.dll.vir 2008-02-23 20:27 . 2008-02-23 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-20 18:13 . 2008-02-20 18:13 11 -ra------ C:\WINDOWS\amunres.lsl . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-17 23:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-17 23:41 --------- d-----w C:\Program Files\mobile PhoneTools 2008-03-17 23:38 --------- d-----w C:\Program Files\Google 2008-03-17 23:36 --------- d-----w C:\Program Files\Common Files\LightScribe 2008-03-17 23:36 --------- d-----w C:\Program Files\Coast to Coast AM Media Center 2008-03-10 01:47 --------- d-----w C:\Program Files\AtomTime Pro 2008-03-07 06:38 28,144 ----a-w C:\Documents and Settings\Michael Greene\Application Data\GDIPFONTCACHEV1.DAT 2008-03-01 07:49 5,751,849 ----a-w C:\WINDOWS\JAVA\Packages\6rr9np7x.zip 2008-03-01 07:49 5,749,283 ----a-w C:\WINDOWS\JAVA\Packages\a9flzxvh.zip 2008-03-01 06:53 5,883,064 ----a-w C:\Program Files\DPSS0303.ZIP 2008-03-01 05:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-26 02:37 --------- d-----w C:\Program Files\LimeWire 2008-02-25 06:50 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-02-25 05:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-25 04:42 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Lavasoft 2008-02-25 04:41 --------- d-----w C:\Program Files\RegistryFix 2008-02-25 04:41 --------- d-----w C:\Program Files\Common Files\Ahead 2008-02-25 04:41 --------- d-----w C:\Program Files\AviSynth 2.5 2008-02-25 04:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-02-25 04:39 --------- d-----w C:\Program Files\GetASFStream 2008-02-25 04:39 --------- d-----w C:\Program Files\DVD slideshow GUI 2008-02-25 04:37 --------- d-----w C:\Program Files\Picasa2 2008-02-25 04:37 --------- d-----w C:\Program Files\Lavasoft 2008-02-21 02:37 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Ahead 2008-02-17 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe 2008-02-17 03:51 --------- d-----w C:\Program Files\Nero 2008-02-17 03:45 --------- d-----w C:\Program Files\Common Files\Nero 2008-02-16 23:43 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Media Player Classic 2008-02-16 23:36 --------- d-----w C:\Program Files\Replay Converter 2008-02-09 06:05 --------- d-----w C:\Program Files\RealArcade 2008-02-08 08:53 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-06 07:41 --------- d-----w C:\Program Files\URLSnooper2 2008-01-20 17:59 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\DonationCoder 2008-01-20 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\DonationCoder 2007-08-25 07:00 250 ------w C:\Documents and Settings\Michael Greene\jobq.dat 2007-06-04 21:13 3,655,608 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe 2007-06-04 21:13 25,990,392 ----a-w C:\Program Files\FLV PlayerRCSetup.exe 2006-10-03 08:00 24,192 ------w C:\Documents and Settings\Michael Greene\usbsermptxp.sys 2006-10-03 08:00 22,768 ------w C:\Documents and Settings\Michael Greene\usbsermpt.sys 2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe 2005-02-06 16:27 122 ------w C:\Documents and Settings\Michael Greene\Application Data\fusioncache.dat 2005-02-05 04:02 271 --sh--w C:\Program Files\desktop.ini 2005-02-05 04:02 23,357 ---ha-w C:\Program Files\folder.htt 2004-07-18 05:55 460,728 ----a-w C:\WINDOWS\FONTS\SET496.tmp 2004-07-18 05:55 383,140 ----a-w C:\WINDOWS\FONTS\SET495.tmp 2004-07-18 05:55 355,436 ----a-w C:\WINDOWS\FONTS\SET494.tmp 2004-07-17 18:39 409,280 ----a-w C:\WINDOWS\FONTS\SET493.tmp 2004-07-17 18:39 398,372 ----a-w C:\WINDOWS\FONTS\SET492.tmp 2004-07-17 18:39 367,112 ----a-w C:\WINDOWS\FONTS\SET49A.tmp 2004-07-17 18:39 352,224 ----a-w C:\WINDOWS\FONTS\SET499.tmp 2004-07-17 18:39 171,792 ----a-w C:\WINDOWS\FONTS\SET490.tmp 2004-07-17 18:39 155,068 ----a-w C:\WINDOWS\FONTS\SET497.tmp 2004-07-17 18:39 134,108 ----a-w C:\WINDOWS\FONTS\SET491.tmp 2004-07-17 18:39 127,596 ----a-w C:\WINDOWS\FONTS\SET498.tmp 2003-02-08 11:50 8,707 ----a-w C:\Program Files\Readme.rtf 2003-02-08 11:50 2,418 ----a-w C:\Program Files\Readme.txt 2003-01-12 19:41 3,392 ----a-w C:\WINDOWS\inf\OTHER\cmiainfo.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776] "Coast to Coast AM"="C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe" [2005-06-08 11:00 983040] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-20 23:04 68856] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2003-06-26 11:35 303104] "SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07 843776] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-15 20:23 155648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 10:57:16 2913584] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588] Timex Data Link USB Launcher.lnk - C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe [2006-01-01 19:22:01 40960] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] "csnob.exe"= C:\WINDOWS\system\csnob.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\SYSTEM32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbcc] efccbcc.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli scecli [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timex Data Link USB Launcher.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timex Data Link USB Launcher.lnk backup=C:\WINDOWS\pss\Timex Data Link USB Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Palm Registration.lnk] path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Palm Registration.lnk backup=C:\WINDOWS\pss\Palm Registration.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Reboot.exe] path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Reboot.exe backup=C:\WINDOWS\pss\Reboot.exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Screenshot Utility.lnk] path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Screenshot Utility.lnk backup=C:\WINDOWS\pss\Screenshot Utility.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aCr3RWJpX] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-09-09 01:18 57344 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater] C:\Program Files\AutoUpdate\AutoUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe465e73a] C:\WINDOWS\system32\igcvqlvu.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\canoenc] C:\WINDOWS\canoenc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAS Client] C:\Program Files\Cas\Client\casclient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfgmgr52] C:\WINDOWS\cfgmgr52.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\checkrun] C:\windows\system32\eliteuhe32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMAPP] C:\Program Files\CMAPP\Client\cmappclient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer] --a------ 2003-07-24 00:05 395264 C:\Program Files\Microsoft Plus! Digital Media Edition\Dancer\Dancer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dwridll] C:\WINDOWS\dwridll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e756d4a6] C:\WINDOWS\system32\xutgejtk.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjdll] C:\WINDOWS\eddjdll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjenc] C:\WINDOWS\eddjenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgoldll] C:\WINDOWS\fgoldll.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgolenc] C:\WINDOWS\fgolenc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup 4.0] C:\PROGRA~1\NOVOSOFT\HANDYB~1\hbagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] --a------ 2001-11-19 06:27 196608 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE New Window Maximizer] --a------ 2005-02-08 23:06 356352 C:\Program Files\IE New Window Maximizer\iemaximizer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] --a------ 2004-04-14 15:04 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Israfel] C:\WINDOWS\SYSTEM32\Israfel.vbs [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] --a------ 2006-03-20 17:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KavSvc] C:\WINDOWS\system32\pnphma.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel32] C:\WINDOWS\SYSTEM32\Kernel32.win [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lu38clae] C:\WINDOWS\system32\lu38clae.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0] C:\Program Files\Microsoft Money\System\Activation.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyApplication] --a------ 2006-04-29 06:37 2841600 C:\Program Files\SlideShow\wpchng.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell] --a------ 2007-10-29 18:14 323216 C:\Program Files\Napster\napster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray] C:\Program Files\NetZero\exec.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NGServer] C:\Program Files\Symantec\Ghost\ngserver.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqdll] C:\WINDOWS\ozdqdll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqenc] C:\WINDOWS\ozdqenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] --a------ 2004-04-14 14:46 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pidfdll] C:\WINDOWS\pidfdll.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivacyScanner] C:\Program Files\Privacy Champion\pscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSof1] C:\WINDOWS\system32\PSof1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2005-11-15 20:23 155648 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\richup] C:\WINDOWS\system32\richup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rn8T36l] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker] C:\WINDOWS\system32\khooker.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG] --a------ 2002-07-12 03:15 106496 C:\WINDOWS\SiSUSBrg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] -ra------ 2003-10-14 10:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-09-20 23:04 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sysnet] C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\sysnet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The Phil Hendrie Show] C:\Program Files\Phil Hendrie Media Center\Phil Hendrie Media Center.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfdll] C:\WINDOWS\tkbfdll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfenc] C:\WINDOWS\tkbfenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WallpaperSS] C:\Program Files\WallpaperSS\WallpaperSS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsync] C:\WINDOWS\system32\babpon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates] C:\Program Files\winupdates\winupdates.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WootAgent] C:\Program Files\Woot Agent\WootAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ycbyenc] C:\WINDOWS\ycbyenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YCentral] --a------ 2005-12-06 17:37 409112 c:\progra~1\yahoo!\YCentral\YahooCentral.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrdll] C:\WINDOWS\yfzrdll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrenc] C:\WINDOWS\yfzrenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yykvenc] C:\WINDOWS\yykvenc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwdll] C:\WINDOWS\zztwdll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwenc] C:\WINDOWS\zztwenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RioMSC"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Palm\\Hotsync.exe"= "C:\\StubInstaller.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"= "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "C:\\Program Files\\SecondLife\\SecondLife.exe"= "C:\\Program Files\\SecondLife\\SLVoice.exe"= "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1755:TCP"= 1755:TCP:yahoo.com "14237:TCP"= 14237:TCP:hotsync "14238:UDP"= 14238:UDP:hotsync R0 MtxDma0;Matrox Dma Manager (0);C:\WINDOWS\system32\drivers\MtxDma0.sys [2002-07-09 23:33] R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40] R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 14:49] R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15] R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 05:27] R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28] S3 DoradoPC;Conexant VGA Camera;C:\WINDOWS\system32\DRIVERS\drdvid40.sys [2001-12-16 19:33] S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys [2006-04-17 18:13] S3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [] S3 sgiul50;sgiul50;C:\WINDOWS\system32\DRIVERS\sgiulnt5.sys [2001-08-17 12:51] S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 16:02] S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;C:\Program Files\Ufasoft\Sniffer\usft_sn4.sys [] S3 USB-100;SMC Compact USB to Ethernet converter;C:\WINDOWS\system32\DRIVERS\SMC2208.SYS [2003-04-03 00:21] . Contents of the 'Scheduled Tasks' folder "2008-03-20 01:10:01 C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job" - C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE "2008-03-06 07:00:00 C:\WINDOWS\Tasks\Tune-up Application Start.job" "2008-03-20 01:39:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{3238FA5A-B1EB-4855-987F-502E04ED310C}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-19 18:31:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\WINDOWS\SYSTEM32\Brmfrmps.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe . ************************************************************************ . Completion time: 2008-03-19 18:40:22 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-20 01:40:12 . 2008-03-19 10:00:28 --- E O F --- ComboFix 08-03-18.1 - Michael Greene 2008-03-19 18:25:59.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1424 [GMT -7:00] Running from: C:\Documents and Settings\Michael Greene\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\cmapp C:\Program Files\cmapp\Client\hf.txt C:\Program Files\cmapp\Client\rf.txt C:\Program Files\cmapp\Client\sf.txt C:\Program Files\cmapp\Client\Uninstall.exe C:\Program Files\cmapp\cmappstub.exe C:\Program Files\Common Files\uninstall information C:\Program Files\winupdates C:\Program Files\winupdates\a.zip C:\WINDOWS\BMe465e73a.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\start.exe C:\WINDOWS\SYSTEM32\adnwyvie.ini C:\WINDOWS\system32\albxjodg.dll C:\WINDOWS\system32\asdmjtim.dll C:\WINDOWS\SYSTEM32\bptcllyu.ini C:\WINDOWS\system32\bxyuaonk.dll C:\WINDOWS\system32\cvywfklc.dll C:\WINDOWS\SYSTEM32\djeukusu.ini C:\WINDOWS\system32\edaqelrk.dll C:\WINDOWS\SYSTEM32\egjlm.ini C:\WINDOWS\SYSTEM32\egjlm.ini2 C:\WINDOWS\system32\fmvdihvk.dll C:\WINDOWS\system32\fsdfdeyn.dll C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\gwajljhn.dll C:\WINDOWS\system32\hbvvhhju.dll C:\WINDOWS\system32\hmfeapee.dll C:\WINDOWS\system32\iapkbtps.dll C:\WINDOWS\SYSTEM32\inqhtdla.ini C:\WINDOWS\system32\iqnmdrrl.dll C:\WINDOWS\system32\iwiicvpa.dll C:\WINDOWS\system32\ixuegpyk.dll C:\WINDOWS\SYSTEM32\jlmdvkgd.ini C:\WINDOWS\SYSTEM32\jovhpwxj.ini C:\WINDOWS\system32\jqlxqwjt.dll C:\WINDOWS\system32\kdrvsudx.dll C:\WINDOWS\SYSTEM32\ktjegtux.ini C:\WINDOWS\SYSTEM32\laodyemv.ini C:\WINDOWS\SYSTEM32\lrrdmnqi.ini C:\WINDOWS\system32\lvdbcmer.dll C:\WINDOWS\system32\makxmthy.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\SYSTEM32\mitjmdsa.ini C:\WINDOWS\system32\mljge.dll C:\WINDOWS\SYSTEM32\mmhhuswo.ini C:\WINDOWS\system32\nisjsprp.dll C:\WINDOWS\SYSTEM32\nutxlmne.ini C:\WINDOWS\system32\oekvfsxo.dll C:\WINDOWS\system32\oxrlbdeq.dll C:\WINDOWS\system32\pbjkpkqi.dll C:\WINDOWS\system32\pubntywb.dll C:\WINDOWS\system32\qgwphfko.dll C:\WINDOWS\SYSTEM32\qobhppso.ini C:\WINDOWS\system32\qufkmyiu.dll C:\WINDOWS\system32\qwsaahim.dll C:\WINDOWS\SYSTEM32\rnpsgojr.ini C:\WINDOWS\SYSTEM32\spnjgglu.ini C:\WINDOWS\SYSTEM32\sptbkpai.ini C:\WINDOWS\SYSTEM32\srclfebv.ini C:\WINDOWS\system32\srysdmdw.dll C:\WINDOWS\system32\tvrfhgru.dll C:\WINDOWS\SYSTEM32\tvyxendx.ini C:\WINDOWS\system32\uabkhenj.dll C:\WINDOWS\SYSTEM32\ugrmphgf.ini C:\WINDOWS\SYSTEM32\uhmamesi.ini C:\WINDOWS\SYSTEM32\utxnnthj.ini C:\WINDOWS\system32\uunfxkmf.dll C:\WINDOWS\system32\vhuyflsi.dll C:\WINDOWS\system32\vovidxkr.dll C:\WINDOWS\system32\wjceaals.dll C:\WINDOWS\system32\wjvpkuua.dll C:\WINDOWS\system32\wovfinjo.dll C:\WINDOWS\SYSTEM32\wqgdmxol.ini C:\WINDOWS\SYSTEM32\xddgtsbm.ini C:\WINDOWS\SYSTEM32\xeegjhvf.ini C:\WINDOWS\SYSTEM32\xituejkj.ini C:\WINDOWS\system32\xutgejtk.dll C:\WINDOWS\system32\ydrvxvmh.dll C:\WINDOWS\SYSTEM32\ylqmsxim.ini C:\WINDOWS\system32\yqugwtdv.dll C:\WINDOWS\Web\default.htt . ((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 ))))))))))))))))))))))))))))))) . 2008-03-19 17:18 . 2008-03-19 17:18 <DIR> d-------- C:\WINDOWS\LastGood.Tmp 2008-03-19 15:42 . 2008-03-19 15:42 <DIR> d-------- C:\WINDOWS\ERUNT 2008-03-19 15:36 . 2008-03-19 17:26 <DIR> d-------- C:\SDFix 2008-03-17 23:14 . 2008-03-18 23:15 2,104,562 ---hs---- C:\WINDOWS\SYSTEM32\fhyaouro.ini 2008-03-17 18:46 . 2008-03-17 18:46 <DIR> d-------- C:\ie-spyad_zo 2008-03-16 23:14 . 2008-03-16 23:14 1,367,267 ---hs---- C:\WINDOWS\SYSTEM32\oihsbyot.ini 2008-03-15 23:18 . 2008-03-16 14:08 1,366,743 ---hs---- C:\WINDOWS\SYSTEM32\skvxnofm.ini 2008-03-06 23:29 . 2004-08-04 05:00 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\hwxjpn.dll 2008-03-06 23:28 . 2004-05-13 01:39 876,653 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\fp4awel.dll 2008-03-06 23:26 . 2008-03-06 23:26 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest 2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest 2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest 2008-03-06 23:25 . 2008-03-06 23:25 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest 2008-03-06 22:40 . 2004-08-04 05:00 1,086,058 -ra------ C:\WINDOWS\SET79.tmp 2008-03-06 22:40 . 2004-08-04 05:00 1,042,903 -ra------ C:\WINDOWS\SET76.tmp 2008-03-06 22:40 . 2004-08-04 05:00 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll 2008-03-06 22:40 . 2004-08-04 05:00 24,661 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\spxcoins.dll 2008-03-06 22:40 . 2004-08-04 05:00 13,753 -ra------ C:\WINDOWS\SET85.tmp 2008-03-06 22:40 . 2004-08-04 05:00 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll 2008-03-06 22:40 . 2004-08-04 05:00 13,312 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\irclass.dll 2008-03-06 18:25 . 2007-12-10 15:24 159,458 --a------ C:\WINDOWS\SYSTEM32\nvapps.nvb 2008-03-06 18:20 . 2008-03-08 00:21 1,355 --a------ C:\WINDOWS\imsins.BAK 2008-03-01 03:07 . 2008-03-17 15:35 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico 2008-03-01 03:06 . 2008-03-17 17:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan 2008-03-01 03:06 . 2008-03-17 15:35 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico 2008-03-01 03:06 . 2008-03-17 15:35 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico 2008-02-29 23:01 . 2008-02-29 23:04 197,009,408 --a------ C:\B.tmp 2008-02-29 22:57 . 2008-02-29 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel 2008-02-29 22:56 . 2008-02-29 23:01 <DIR> d-------- C:\WINDOWS\SYSTEM32\PAV 2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Program Files\Panda Security 2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Documents and Settings\Michael Greene\Application Data\Panda Software 2008-02-29 22:56 . 2007-09-28 14:24 83,896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pavdrv51.sys 2008-02-29 22:56 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\SYSTEM32\pavcpl.cpl 2008-02-29 22:56 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\SYSTEM32\avldr.dll 2008-02-29 22:56 . 2008-02-29 22:56 248 --a------ C:\WINDOWS\SYSTEM32\PavCPL.dat 2008-02-29 22:53 . 2007-07-12 14:49 178,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PavProc.sys 2008-02-29 22:53 . 2007-05-23 16:40 38,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ShlDrv51.sys 2008-02-29 22:48 . 2008-02-29 22:48 170 --a------ C:\WINDOWS\AvDetected.ini 2008-02-29 22:47 . 2008-02-29 22:53 <DIR> d-------- C:\Program Files\Common Files\Panda Software 2008-02-26 02:37 . 2008-02-26 02:37 <DIR> d-------- C:\Deckard 2008-02-25 20:13 . 2008-03-11 20:31 1,597 --a------ C:\WINDOWS\mozver.dat 2008-02-25 19:51 . 2008-03-17 18:42 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-02-25 18:28 . 2008-02-25 18:28 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-02-25 01:48 . 2007-08-01 23:47 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys 2008-02-25 00:51 . 2008-02-25 00:51 1,966,134 --a------ C:\WINDOWS\wall.bmp 2008-02-25 00:29 . 2008-02-25 01:48 <DIR> d-------- C:\Documents and Settings\Michael Greene\.housecall6.6 2008-02-25 00:17 . 2008-02-25 00:17 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-24 23:54 . 2008-02-24 23:54 <DIR> d-------- C:\NVIDIA 2008-02-24 23:54 . 2007-12-05 03:53 356,352 --a------ C:\WINDOWS\SYSTEM32\NVUNINST.EXE 2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\VundoFix Backups 2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-24 21:42 . 2008-03-17 18:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-24 21:42 . 2008-02-24 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Anvsoft 2008-02-23 21:37 . 2008-02-23 21:37 0 --a------ C:\WINDOWS\SYSTEM32\efccbcc.dll.vir 2008-02-23 20:27 . 2008-02-23 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-20 18:13 . 2008-02-20 18:13 11 -ra------ C:\WINDOWS\amunres.lsl . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-17 23:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-17 23:41 --------- d-----w C:\Program Files\mobile PhoneTools 2008-03-17 23:38 --------- d-----w C:\Program Files\Google 2008-03-17 23:36 --------- d-----w C:\Program Files\Common Files\LightScribe 2008-03-17 23:36 --------- d-----w C:\Program Files\Coast to Coast AM Media Center 2008-03-10 01:47 --------- d-----w C:\Program Files\AtomTime Pro 2008-03-07 06:38 28,144 ----a-w C:\Documents and Settings\Michael Greene\Application Data\GDIPFONTCACHEV1.DAT 2008-03-01 07:49 5,751,849 ----a-w C:\WINDOWS\JAVA\Packages\6rr9np7x.zip 2008-03-01 07:49 5,749,283 ----a-w C:\WINDOWS\JAVA\Packages\a9flzxvh.zip 2008-03-01 06:53 5,883,064 ----a-w C:\Program Files\DPSS0303.ZIP 2008-03-01 05:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-26 02:37 --------- d-----w C:\Program Files\LimeWire 2008-02-25 06:50 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-02-25 05:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-25 04:42 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Lavasoft 2008-02-25 04:41 --------- d-----w C:\Program Files\RegistryFix 2008-02-25 04:41 --------- d-----w C:\Program Files\Common Files\Ahead 2008-02-25 04:41 --------- d-----w C:\Program Files\AviSynth 2.5 2008-02-25 04:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-02-25 04:39 --------- d-----w C:\Program Files\GetASFStream 2008-02-25 04:39 --------- d-----w C:\Program Files\DVD slideshow GUI 2008-02-25 04:37 --------- d-----w C:\Program Files\Picasa2 2008-02-25 04:37 --------- d-----w C:\Program Files\Lavasoft 2008-02-21 02:37 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Ahead 2008-02-17 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe 2008-02-17 03:51 --------- d-----w C:\Program Files\Nero 2008-02-17 03:45 --------- d-----w C:\Program Files\Common Files\Nero 2008-02-16 23:43 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\Media Player Classic 2008-02-16 23:36 --------- d-----w C:\Program Files\Replay Converter 2008-02-09 06:05 --------- d-----w C:\Program Files\RealArcade 2008-02-08 08:53 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-06 07:41 --------- d-----w C:\Program Files\URLSnooper2 2008-01-20 17:59 --------- d-----w C:\Documents and Settings\Michael Greene\Application Data\DonationCoder 2008-01-20 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\DonationCoder 2007-08-25 07:00 250 ------w C:\Documents and Settings\Michael Greene\jobq.dat 2007-06-04 21:13 3,655,608 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe 2007-06-04 21:13 25,990,392 ----a-w C:\Program Files\FLV PlayerRCSetup.exe 2006-10-03 08:00 24,192 ------w C:\Documents and Settings\Michael Greene\usbsermptxp.sys 2006-10-03 08:00 22,768 ------w C:\Documents and Settings\Michael Greene\usbsermpt.sys 2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe 2005-02-06 16:27 122 ------w C:\Documents and Settings\Michael Greene\Application Data\fusioncache.dat 2005-02-05 04:02 271 --sh--w C:\Program Files\desktop.ini 2005-02-05 04:02 23,357 ---ha-w C:\Program Files\folder.htt 2004-07-18 05:55 460,728 ----a-w C:\WINDOWS\FONTS\SET496.tmp 2004-07-18 05:55 383,140 ----a-w C:\WINDOWS\FONTS\SET495.tmp 2004-07-18 05:55 355,436 ----a-w C:\WINDOWS\FONTS\SET494.tmp 2004-07-17 18:39 409,280 ----a-w C:\WINDOWS\FONTS\SET493.tmp 2004-07-17 18:39 398,372 ----a-w C:\WINDOWS\FONTS\SET492.tmp 2004-07-17 18:39 367,112 ----a-w C:\WINDOWS\FONTS\SET49A.tmp 2004-07-17 18:39 352,224 ----a-w C:\WINDOWS\FONTS\SET499.tmp 2004-07-17 18:39 171,792 ----a-w C:\WINDOWS\FONTS\SET490.tmp 2004-07-17 18:39 155,068 ----a-w C:\WINDOWS\FONTS\SET497.tmp 2004-07-17 18:39 134,108 ----a-w C:\WINDOWS\FONTS\SET491.tmp 2004-07-17 18:39 127,596 ----a-w C:\WINDOWS\FONTS\SET498.tmp 2003-02-08 11:50 8,707 ----a-w C:\Program Files\Readme.rtf 2003-02-08 11:50 2,418 ----a-w C:\Program Files\Readme.txt 2003-01-12 19:41 3,392 ----a-w C:\WINDOWS\inf\OTHER\cmiainfo.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776] "Coast to Coast AM"="C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe" [2005-06-08 11:00 983040] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-20 23:04 68856] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2003-06-26 11:35 303104] "SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07 843776] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-15 20:23 155648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 10:57:16 2913584] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588] Timex Data Link USB Launcher.lnk - C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe [2006-01-01 19:22:01 40960] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] "csnob.exe"= C:\WINDOWS\system\csnob.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\SYSTEM32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbcc] efccbcc.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli scecli [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timex Data Link USB Launcher.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timex Data Link USB Launcher.lnk backup=C:\WINDOWS\pss\Timex Data Link USB Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Palm Registration.lnk] path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Palm Registration.lnk backup=C:\WINDOWS\pss\Palm Registration.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Reboot.exe] path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Reboot.exe backup=C:\WINDOWS\pss\Reboot.exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^Michael Greene^Start Menu^Programs^Startup^Screenshot Utility.lnk] path=C:\Documents and Settings\Michael Greene\Start Menu\Programs\Startup\Screenshot Utility.lnk backup=C:\WINDOWS\pss\Screenshot Utility.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aCr3RWJpX] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-09-09 01:18 57344 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater] C:\Program Files\AutoUpdate\AutoUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe465e73a] C:\WINDOWS\system32\igcvqlvu.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\canoenc] C:\WINDOWS\canoenc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAS Client] C:\Program Files\Cas\Client\casclient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfgmgr52] C:\WINDOWS\cfgmgr52.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\checkrun] C:\windows\system32\eliteuhe32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMAPP] C:\Program Files\CMAPP\Client\cmappclient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer] --a------ 2003-07-24 00:05 395264 C:\Program Files\Microsoft Plus! Digital Media Edition\Dancer\Dancer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dwridll] C:\WINDOWS\dwridll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e756d4a6] C:\WINDOWS\system32\xutgejtk.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjdll] C:\WINDOWS\eddjdll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eddjenc] C:\WINDOWS\eddjenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgoldll] C:\WINDOWS\fgoldll.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fgolenc] C:\WINDOWS\fgolenc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Backup 4.0] C:\PROGRA~1\NOVOSOFT\HANDYB~1\hbagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] --a------ 2001-11-19 06:27 196608 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE New Window Maximizer] --a------ 2005-02-08 23:06 356352 C:\Program Files\IE New Window Maximizer\iemaximizer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] --a------ 2004-04-14 15:04 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Israfel] C:\WINDOWS\SYSTEM32\Israfel.vbs [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] --a------ 2006-03-20 17:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KavSvc] C:\WINDOWS\system32\pnphma.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel32] C:\WINDOWS\SYSTEM32\Kernel32.win [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lu38clae] C:\WINDOWS\system32\lu38clae.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0] C:\Program Files\Microsoft Money\System\Activation.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyApplication] --a------ 2006-04-29 06:37 2841600 C:\Program Files\SlideShow\wpchng.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell] --a------ 2007-10-29 18:14 323216 C:\Program Files\Napster\napster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray] C:\Program Files\NetZero\exec.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NGServer] C:\Program Files\Symantec\Ghost\ngserver.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 02:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqdll] C:\WINDOWS\ozdqdll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozdqenc] C:\WINDOWS\ozdqenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] --a------ 2004-04-14 14:46 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pidfdll] C:\WINDOWS\pidfdll.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivacyScanner] C:\Program Files\Privacy Champion\pscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSof1] C:\WINDOWS\system32\PSof1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2005-11-15 20:23 155648 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\richup] C:\WINDOWS\system32\richup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rn8T36l] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker] C:\WINDOWS\system32\khooker.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG] --a------ 2002-07-12 03:15 106496 C:\WINDOWS\SiSUSBrg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] -ra------ 2003-10-14 10:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-09-20 23:04 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sysnet] C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\sysnet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The Phil Hendrie Show] C:\Program Files\Phil Hendrie Media Center\Phil Hendrie Media Center.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfdll] C:\WINDOWS\tkbfdll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbfenc] C:\WINDOWS\tkbfenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WallpaperSS] C:\Program Files\WallpaperSS\WallpaperSS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsync] C:\WINDOWS\system32\babpon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates] C:\Program Files\winupdates\winupdates.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WootAgent] C:\Program Files\Woot Agent\WootAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ycbyenc] C:\WINDOWS\ycbyenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YCentral] --a------ 2005-12-06 17:37 409112 c:\progra~1\yahoo!\YCentral\YahooCentral.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrdll] C:\WINDOWS\yfzrdll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfzrenc] C:\WINDOWS\yfzrenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yykvenc] C:\WINDOWS\yykvenc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwdll] C:\WINDOWS\zztwdll.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zztwenc] C:\WINDOWS\zztwenc.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RioMSC"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Palm\\Hotsync.exe"= "C:\\StubInstaller.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"= "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "C:\\Program Files\\SecondLife\\SecondLife.exe"= "C:\\Program Files\\SecondLife\\SLVoice.exe"= "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1755:TCP"= 1755:TCP:yahoo.com "14237:TCP"= 14237:TCP:hotsync "14238:UDP"= 14238:UDP:hotsync R0 MtxDma0;Matrox Dma Manager (0);C:\WINDOWS\system32\drivers\MtxDma0.sys [2002-07-09 23:33] R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40] R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 14:49] R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15] R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 05:27] R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28] S3 DoradoPC;Conexant VGA Camera;C:\WINDOWS\system32\DRIVERS\drdvid40.sys [2001-12-16 19:33] S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys [2006-04-17 18:13] S3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [] S3 sgiul50;sgiul50;C:\WINDOWS\system32\DRIVERS\sgiulnt5.sys [2001-08-17 12:51] S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 16:02] S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;C:\Program Files\Ufasoft\Sniffer\usft_sn4.sys [] S3 USB-100;SMC Compact USB to Ethernet converter;C:\WINDOWS\system32\DRIVERS\SMC2208.SYS [2003-04-03 00:21] . Contents of the 'Scheduled Tasks' folder "2008-03-20 01:10:01 C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job" - C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE "2008-03-06 07:00:00 C:\WINDOWS\Tasks\Tune-up Application Start.job" "2008-03-20 01:39:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{3238FA5A-B1EB-4855-987F-502E04ED310C}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-19 18:31:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\WINDOWS\SYSTEM32\Brmfrmps.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe . ************************************************************************ . Completion time: 2008-03-19 18:40:22 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-20 01:40:12 . 2008-03-19 10:00:28 --- E O F ---