Need help with reviewing RSIT Log

sediaz · 06-21-2009, 01:21 AM

I've got something on my system that redirects to ad sites when clicking on a link in search engines.

I had to rename my HiJackThis.exe to get it to run. If I didnt, it just wouldnt run.

The System Restore doesnt work. For some reason after I select the date and get ready to restore the next button does nothing.

McAfee's causes a Blue Screen of Death when I run it, but AVG runs without finding anything.

Can someone review and help me out? The log is a bit overwhelming.

Thanks in advance.

Scott

Logfile of random's system information tool 1.06 (written by random/random)
Run by Scott at 2009-06-21 00

35
Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (6%) free of 95 GB
Total RAM: 2046 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12

37 AM, on 6/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CounterPath\X-Lite\x-lite.exe
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Scott\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Scott.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\X-Lite\x-lite.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://linktrader.cyberspacehq.com
O15 - Trusted Zone: http://support.cyberspacehq.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1143053689638
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1148051276250
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/F...ansferCtrl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E1F6A9E6-B493-4670-9437-2D4B4B8965E0} (CaseMessageBox Control) - http://support.cyberspacehq.com/case...geBoxProj1.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 10617 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1060284298-839522115-1003.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll [2006-11-30 67136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E31CE47F-C268-41ba-897B-B415E613947D}]
Microsoft Web Test Recorder 9.0 Helper - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll [2007-11-08 64088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-11-04 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-09-15 1015808]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2003-09-25 196670]
"SbUsb AudCtrl"=RunDll32 sbusbdll.dll,RCMonitor []
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-07-07 576320]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2006-07-07 600896]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2006-11-30 112216]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-11-17 136768]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-20 1948440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"eyeBeam SIP Client"=C:\Program Files\CounterPath\X-Lite\x-lite.exe [2009-05-05 23179264]
"Google Update"=C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 133104]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-04-14 1957888]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-04-16 24264488]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2004-03-12 3067904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet []

C:\Documents and Settings\Scott\Start Menu\Programs\Startup
Digsby.lnk - C:\Program Files\Digsby\digsby.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-03-08 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-06-20 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\Program Files\DVD Region+CSS Free\DVDShell.dll [2004-10-09 49152]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{3711EEB0-1851-42C2-9ABD-C29470A5035C}"= []
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1143072050\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1143072050\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1143072050\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1143072050\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Red Storm Entertainment\Ghost Recon\GhostRecon.exe"="C:\Program Files\Red Storm Entertainment\Ghost Recon\GhostRecon.exe:*:Enabled:Play Ghost Recon"
"C:\Program Files\ICQ\Icq.exe"="C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ"
"C:\Program Files\snom technology AG\SoftPhone\softphone.exe"="C:\Program Files\snom technology AG\SoftPhone\softphone.exe:*:Enabled:softphone"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\CounterPath\X-Lite\x-lite.exe"="C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\EA GAMES\Ultima Online Samurai Empire\client.exe"="C:\Program Files\EA GAMES\Ultima Online Samurai Empire\client.exe:*:Enabled:client"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe"="C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe:*:Enabled:GRAW"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Joost\xulrunner\tvprunner.exe"="C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner"
"C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager"
"C:\Program Files\Intuit\QuickBooks 2007\QBW32PremierNonprofit.exe"="C:\Program Files\Intuit\QuickBooks 2007\QBW32PremierNonprofit.exe:*:Enabled:QuickBooks Premier - Nonprofit Edition 2007"
"C:\Program Files\Ulead Systems\Ulead PhotoImpact 12\UleadWeb.exe"="C:\Program Files\Ulead Systems\Ulead PhotoImpact 12\UleadWeb.exe:*:Enabled:UleadWeb.exe"
"C:\Program Files\Games\Yu-Gi-Oh\Joey\joey_pc.exe"="C:\Program Files\Games\Yu-Gi-Oh\Joey\joey_pc.exe:*:Enabled:joey_pc"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe"="C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Documents and Settings\Scott\Application Data\U3\0000185E7961725A\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe"="C:\Documents and Settings\Scott\Application Data\U3\0000185E7961725A\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Enabled:Skype"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Scott\Application Data\U3\0000185E25752ED7\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe"="C:\Documents and Settings\Scott\Application Data\U3\0000185E25752ED7\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Enabled:Skype"
"C:\Program Files\Digsby\Digsby.exe"="C:\Program Files\Digsby\Digsby.exe:*:Enabled:Digsby IM"
"C:\Program Files\Motorola\Software Update\msu.exe"="C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu"
"C:\Program Files\UltraVNC\vncviewer.exe"="C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe"
"C:\Program Files\Digsby\lib\digsby-app.exe"="C:\Program Files\Digsby\lib\digsby-app.exe:*:Enabled:Digsby IM"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe"="C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:*:Disabled:CinemaNow Media Manager"
"C:\Program Files\Java\jre1.6.0_05\launch4j-tmp\Stanza.exe"="C:\Program Files\Java\jre1.6.0_05\launch4j-tmp\Stanza.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2009-06-21 00:03:56 ----D---- C:\rsit
2009-06-20 23:02:06 ----D---- C:\Program Files\HijackThis
2009-06-20 10:48:54 ----HD---- C:\$AVG8.VAULT$
2009-06-20 10:28:49 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-06-20 10:28:17 ----D---- C:\Program Files\AVG
2009-06-20 10:28:16 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-06-16 07:28:58 ----D---- C:\Program Files\Common Files\DivX Shared
2009-06-11 21:34:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 21:33:59 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 21:33:21 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2009-06-11 21:28:52 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 21:26:52 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-10 11:53:45 ----D---- C:\Program Files\iPod
2009-06-10 11:53:40 ----D---- C:\Program Files\iTunes
2009-06-05 22:39:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954156_WM9L$
2009-06-05 13:07:56 ----N---- C:\WINDOWS\system32\gdiplus.dll
2009-06-05 13:02:29 ----D---- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2009-06-05 13:02:28 ----D---- C:\Program Files\SmartSound Software
2009-06-05 12:59:18 ----D---- C:\Documents and Settings\All Users\Application Data\QuickTime
2009-06-05 12:58:58 ----A---- C:\WINDOWS\dswplug.ini
2009-06-05 12:58:44 ----A---- C:\WINDOWS\system32\mplaw7.dll
2009-06-05 12:58:44 ----A---- C:\WINDOWS\system32\mplam6.dll
2009-06-05 12:58:44 ----A---- C:\WINDOWS\system32\mplaa6.dll
2009-06-05 12:58:43 ----A---- C:\WINDOWS\system32\cpuinf32.dll
2009-06-05 12:56:33 ----D---- C:\Program Files\Common Files\SONY Digital Images
2009-06-05 12:56:13 ----D---- C:\WINDOWS\system32\windows media
2009-06-05 12:56:02 ----HD---- C:\WINDOWS\msdownld.tmp
2009-06-05 12:55:56 ----D---- C:\Program Files\Windows Media Components
2009-06-05 12:31:43 ----D---- C:\Drivers
2009-06-05 12:31:43 ----A---- C:\WINDOWS\system32\SONYHCY.DLL
2009-06-01 13:46:51 ----D---- C:\Program Files\DVDFab 6
2009-05-27 12:02:00 ----A---- C:\Tempthing.Txt

======List of files/folders modified in the last 1 months======

2009-06-20 23:54:42 ----D---- C:\Program Files\Mozilla Firefox
2009-06-20 23:42:12 ----D---- C:\Documents and Settings\Scott\Application Data\Skype
2009-06-20 23:29:49 ----D---- C:\WINDOWS\Temp
2009-06-20 23:27:20 ----SD---- C:\WINDOWS\Tasks
2009-06-20 23:25:31 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2009-06-20 23:25:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-20 23:19:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-20 23:02:06 ----RD---- C:\Program Files
2009-06-20 20:27:41 ----D---- C:\Documents and Settings\Scott\Application Data\skypePM
2009-06-20 17:34:14 ----D---- C:\WINDOWS\Prefetch
2009-06-20 10:34:57 ----D---- C:\WINDOWS\system32\drivers
2009-06-20 10:34:57 ----D---- C:\WINDOWS\system32
2009-06-20 10:34:57 ----D---- C:\WINDOWS
2009-06-20 10:28:16 ----SHD---- C:\WINDOWS\Installer
2009-06-20 10:28:16 ----SHD---- C:\Config.Msi
2009-06-20 09:14:09 ----D---- C:\QUARANTINE
2009-06-19 21:55:21 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-19 17:47:10 ----D---- C:\Program Files\Trend Micro
2009-06-19 12:28:20 ----D---- C:\WINDOWS\Minidump
2009-06-19 08:13:28 ----D---- C:\Program Files\Internet Explorer
2009-06-18 17:14:54 ----D---- C:\Documents and Settings\Scott\Application Data\Azureus
2009-06-18 09:59:54 ----A---- C:\WINDOWS\st_last_message_text.txt
2009-06-17 21:54:27 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-17 17:40:59 ----A---- C:\WINDOWS\NewsRover.INI
2009-06-16 07:30:01 ----D---- C:\Program Files\DivX
2009-06-16 07:28:58 ----D---- C:\Program Files\Common Files
2009-06-15 22:11:13 ----D---- C:\Program Files\Azureus
2009-06-15 22:01:13 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-06-15 22:00:30 ----HD---- C:\WINDOWS\inf
2009-06-15 12:38:11 ----D---- C:\Program Files\AddWeb7
2009-06-12 08:11:05 ----D---- C:\WINDOWS\system32\wbem
2009-06-12 08:11:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-11 21:35:27 ----A---- C:\WINDOWS\win.ini
2009-06-11 21:34:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-11 21:34:02 ----A---- C:\WINDOWS\imsins.BAK
2009-06-11 21:33:57 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-11 21:33:24 ----D---- C:\Program Files\Windows Desktop Search
2009-06-11 21:27:28 ----D---- C:\WINDOWS\system32\en-US
2009-06-11 21:27:15 ----D---- C:\WINDOWS\ie7updates
2009-06-10 15:09:58 ----D---- C:\Program Files\QuickTime
2009-06-10 11:53:44 ----D---- C:\Program Files\Common Files\Apple
2009-06-10 11:45:16 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-10 11:38:51 ----D---- C:\Program Files\Safari
2009-06-08 19:57:31 ----A---- C:\WINDOWS\RankChecker.ini
2009-06-05 13:20:59 ----D---- C:\Documents and Settings\Scott\Application Data\Ulead Systems
2009-06-05 13:08:01 ----D---- C:\Program Files\Common Files\Ulead Systems
2009-06-05 13:07:15 ----D---- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2009-06-05 13

51 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-05 12:56:26 ----D---- C:\Program Files\Ulead Systems
2009-06-05 12:56:13 ----D---- C:\WINDOWS\RegisteredPackages
2009-06-05 11:42:38 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-06-01 13:47:05 ----D---- C:\Documents and Settings\Scott\Application Data\Vso
2009-06-01 10:14:24 ----D---- C:\Program Files\AddWeb8
2009-06-01 09:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-29 07:32:52 ----D---- C:\Program Files\Digsby
2009-05-25 00:24:06 ----N---- C:\WINDOWS\system32\mssph.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-20 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-20 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-20 108552]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\System32\drivers\EABFiltr.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2006-11-30 52136]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\Drivers\hcmon.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\system32\DRIVERS\strmdisp.sys [2003-05-01 30592]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-05-08 30000]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vnccom;vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [2004-06-26 6016]
R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-08 988672]
R3 CAMCAUD;Conexant AMC 3D Environmental Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2004-11-17 293120]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2004-11-17 280192]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-07-13 223128]
R3 EMCR;EMCR; C:\WINDOWS\System32\DRIVERS\EMCR7SK.sys [2004-09-10 104960]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-12-15 207232]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-11-30 64360]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-11-30 72264]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-11-30 34152]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2006-11-30 168776]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-07-28 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-01-19 10368]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2007-09-15 213696]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-05-08 16304]
R3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2008-10-23 1391104]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\DRIVERS\ctdvda2k.sys [2004-02-03 334880]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-11-24 130352]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-03-12 1638618]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-11-24 178672]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-06-30 21760]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-18 5888]
S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [2003-10-07 67200]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 sbusb;Sound Blaster USB Audio Driver; C:\WINDOWS\system32\DRIVERS\sbusb.sys [2004-08-26 911744]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBIO;USBIO Driver (usbio.sys); C:\WINDOWS\System32\Drivers\usbio.sys [2001-05-07 19805]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;Motorola A1000 USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2006-11-03 22768]
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys [2008-06-26 25600]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vmusb;VMware USB Client Driver; C:\WINDOWS\System32\Drivers\vmusb.sys [2005-12-15 21888]
S3 VSPerfDrv90;Performance Tools Driver 9.0; \??\C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-08 352256]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-20 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE [2006-04-18 102400]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-11-17 104000]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2006-11-30 144960]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2006-11-30 54872]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-03-13 49152]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2008-05-08 223792]
R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2008-05-08 113200]
R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2008-05-08 268848]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2008-05-08 141872]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-03-12 81920]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-11-11 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 OpcEnum;OpcEnum; C:\WINDOWS\system32\OpcEnum.exe [2005-01-20 90112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2006-11-09 65536]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 3004416]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2008-03-18 20480]

-----------------EOF-----------------

tetonbob · 06-22-2009, 12:09 PM

As stated in our pre-posting sticky topic...

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

Quote:

If you have more than one antivirus software installed, leave only ONE and uninstall the others

While this may seem like greater protection, it can cause problems including slowdowns, system hangs or even crashes. This can happen if both AntiVirus applications attempt to access the same file at the same time. This may cause the applications to interfere with each other, or cause the system to lock up. It can also be a drain on system resources, making a machine run slower than it should.

I see you have more than one Anti-Virus program installed, McAfee and AVG. Choose one to keep and uninstall the other.

Any antivirus program must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:

re-install the program -> reboot -> uninstall

If you choose to uninstall McAfee, also do this:

Download the McAfee Removal Tool.

Double click on MCPR.exe to launch it, then Click Run. A window should appear and disappear, this is normal. A new window should popup and begin the uninstall. When prompted to reboot your computer type Y.

AVG has a removal tool which should also be run if you choose to uninstall it

http://www.avg.com/download-tools

Choose the 32bit remover

Run it according to the instructions.

-----------------------------------------------------------------------

Download GMER Rootkit Scanner from here to your desktop.

Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

-----------------------------------------------------

Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop.

-----------------------------------------------------

Please include the following logs in your thread:

Contents of the DDS.txt posted as text in your reply
Attach the Attach.txt to your post by clicking the Manage Attachments button under Additonal Options>Attach Files on the composition page. Browse to where you saved the file, and click Upload.

sediaz · 06-24-2009, 05:53 PM

I hope this is how you wanted it.

Thanks for everything.

Scott

Here is the results of DDS.txt

DDS (Ver_09-05-14.01) - NTFSx86
Run by Scott at 14:31:30.70 on Wed 06/24/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1100 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CounterPath\X-Lite\x-lite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Scott\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Web Test Recorder 9.0 Helper: {e31ce47f-c268-41ba-897b-b415e613947d} - c:\program files\microsoft visual studio 9.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
EB: Web Test Recorder 9.0: {3c7adade-d1e8-45d2-bdcd-7f8d8b99b2a2} - mscoree.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [eyeBeam SIP Client] "c:\program files\counterpath\x-lite\x-lite.exe"
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
StartupFolder: c:\docume~1\scott\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: cyberspacehq.com\linktrader
Trusted Zone: cyberspacehq.com\support
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15015/CTSUEng.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143053689638
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148051276250
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E1F6A9E6-B493-4670-9437-2D4B4B8965E0} - hxxp://support.cyberspacehq.com/case_message_box/CaseMessageBoxProj1.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15021/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\program files\dvd region+css free\DVDShell.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
{3711eeb0-1851-42c2-9abd-c29470a5035c}
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\scott\applic~1\mozilla\firefox\profiles\36q1xgg0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.videotutorialzone.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\documents and settings\scott\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\common files\fluxdvd\apix\NPAPIX.dll
FF - plugin: c:\program files\common files\fluxdvd\browserintegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\common files\mpdrm\NPMPDRM.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAPIX.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMPDRM.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-22 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-20 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-20 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-20 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-20 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1003344]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-5-5 104000]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2007-7-16 6016]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 EMCR;EMCR;c:\windows\system32\drivers\EMCR7SK.sys [2004-9-10 104960]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 MyDNS;Window Net Dns; [x]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-6-26 42112]
S3 OYDB;OYDB;c:\docume~1\scott\locals~1\temp\OYDB.exe [2009-6-22 560000]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [2006-3-31 911744]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\microsoft visual studio 9.0\team tools\performance tools\VSPerfDrv90.sys [2007-9-4 55664]
S3 WSEFHYVK;WSEFHYVK;c:\docume~1\scott\locals~1\temp\WSEFHYVK.exe [2009-6-22 469888]

=============== Created Last 30 ================

2009-06-22 21:10 125,184 -------- c:\windows\system32\drivers\imagesrv.sys
2009-06-22 21:10 5,504 -------- c:\windows\system32\drivers\imagedrv.sys
2009-06-22 21:09 106,496 a------- c:\windows\system32\TwnLib20.dll
2009-06-22 21:09 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-06-22 14:34 <DIR> --d----- C:\~ErdUserProfile.$$$
2009-06-22 12:28 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-22 08:34 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-22 07:59 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-22 07:59 <DIR> --d----- c:\program files\Lavasoft
2009-06-20 10:48 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-06-20 10:28 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-20 10:28 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-20 10:28 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-20 10:28 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-20 10:28 <DIR> --d----- c:\program files\AVG
2009-06-20 10:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-06-19 08:02 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-06-19 08:01 <DIR> --d----- c:\documents and settings\scott\.housecall6.6
2009-06-16 07:28 <DIR> --d----- c:\program files\common files\DivX Shared
2009-06-12 08:11 3,275 a------- c:\windows\system32\wbem\Outlook_01c9eb70015990a2.mof
2009-06-10 11:53 <DIR> --d----- c:\program files\iPod
2009-06-10 11:53 <DIR> --d----- c:\program files\iTunes
2009-06-06 14:47 38,912 ac------ c:\windows\system32\dllcache\avc.sys
2009-06-06 14:47 38,912 a------- c:\windows\system32\drivers\avc.sys
2009-06-06 14:47 48,128 ac------ c:\windows\system32\dllcache\61883.sys
2009-06-06 14:47 48,128 a------- c:\windows\system32\drivers\61883.sys
2009-06-05 13:07 1,645,320 -------- c:\windows\system32\gdiplus.dll
2009-06-05 13:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SmartSound Software Inc
2009-06-05 13:02 <DIR> --d----- c:\program files\SmartSound Software
2009-06-05 12:58 87 a------- c:\windows\dswplug.ini
2009-06-05 12:58 73,728 a------- c:\windows\system32\mplaw7.dll
2009-06-05 12:58 73,728 a------- c:\windows\system32\mplaa6.dll
2009-06-05 12:58 61,440 a------- c:\windows\system32\mplam6.dll
2009-06-05 12:58 19,968 a------- c:\windows\system32\cpuinf32.dll
2009-06-05 12:56 <DIR> --d----- c:\program files\common files\SONY Digital Images
2009-06-05 12:56 <DIR> --d----- c:\windows\system32\windows media
2009-06-05 12:56 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-06-05 12:55 <DIR> --d----- c:\program files\Windows Media Components
2009-06-05 12:31 299,923 a------- c:\windows\system32\drivers\sonyhcs.sys
2009-06-05 12:31 102,220 a------- c:\windows\system32\drivers\sonypvs1.sys
2009-06-05 12:31 53,248 a------- c:\windows\system32\SONYHCY.DLL
2009-06-05 12:31 38,739 a------- c:\windows\system32\drivers\sonyhcc.sys
2009-06-05 12:31 6,097 a------- c:\windows\system32\drivers\sonyhcb.sys
2009-06-05 12:31 3,654 a------- c:\windows\system32\drivers\Sonyhcp.dll
2009-06-05 12:31 <DIR> --d----- C:\Drivers
2009-06-01 13:46 <DIR> --d----- c:\program files\DVDFab 6
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-06-19 17:58 93,635 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-25 00:24 350,208 -------- c:\windows\system32\mssph.dll
2009-05-12 15:12 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 14:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 14:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 14:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 14:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 14:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 14:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 14:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 21:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2008-07-28 13:34 87,608 a------- c:\docume~1\scott\applic~1\inst.exe
2008-07-28 13:34 47,360 a------- c:\docume~1\scott\applic~1\pcouffin.sys
2008-06-26 20:10 25,600 a------- c:\documents and settings\scott\usbsermptxp.sys
2008-06-26 20:10 22,768 a------- c:\documents and settings\scott\usbsermpt.sys
2007-11-19 11:28 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-07-24 13:24 28,706,553 a------- c:\program files\AddWeb7.zip
2007-02-22 14:56 212 ----h--- c:\docume~1\scott\applic~1\srfvdo.dat
2007-01-26 11:08 87,608 a------- c:\docume~1\scott\applic~1\ezpinst.exe
2006-11-03 20:48 92,064 a------- c:\documents and settings\scott\mqdmmdm.sys
2006-11-03 20:48 79,328 a------- c:\documents and settings\scott\mqdmserd.sys
2006-11-03 20:48 66,656 a------- c:\documents and settings\scott\mqdmbus.sys
2006-11-03 20:48 9,232 a------- c:\documents and settings\scott\mqdmmdfl.sys
2006-11-03 20:48 6,208 a------- c:\documents and settings\scott\mqdmcmnt.sys
2006-11-03 20:48 5,936 a------- c:\documents and settings\scott\mqdmwhnt.sys
2006-11-03 20:48 4,048 a------- c:\documents and settings\scott\mqdmcr.sys
2006-03-22 17:07 457 -------- c:\program files\INSTALL.LOG
2008-11-03 19:48 1,213 a--sh--- c:\windows\system32\CIhhPqss.ini2
2009-02-11 21:41 1,056 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-05-23 17:32 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052320080524\index.dat

============= FINISH: 14:34:05.20 ===============

tetonbob · 06-24-2009, 06:29 PM

Good work...now we can remove some malware.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

--------------------------------------------------------------------

* IMPORTANT !!! Place combo-fix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

AVG 8.5
Please open the AVG 8.5 Control Center, by right clicking on the AVG icon on task bar.
- Click on Open AVG Interface.
- Double click on Resident Shield
- Deselect the option to "Enable Resident Shield."
- Save changes, and exit the application.
- To re-enable AVG 8.5, please select "Enable Resident Shield" again.
Double click on combo-fix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.

Click on Yes, to continue scanning for malware.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

sediaz · 06-25-2009, 10:18 AM

Here are the results of the Combofix log file:

ComboFix 09-06-24.05 - Scott 06/25/2009 8:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1456 [GMT -7:00]
Running from: c:\documents and settings\Scott\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Scott\Application Data\EurekaLog
c:\windows\system32\Data
c:\windows\system32\drivers\MSIVXtotlmjkoxxsicongodvwuoeydiprvsae.sys
c:\windows\system32\MSIVXeqicalkxeqwinbgromjehlwtjppawsuo.dll
c:\windows\system32\MSIVXmsxnpneabejsyjlayubvluirujdohucq.dll
c:\documents and settings\Scott\Application Data\EurekaLog\EurekaLog.ini
c:\documents and settings\Scott\Application Data\inst.exe
C:\install.exe
c:\program files\INSTALL.LOG
c:\windows\jestertb.dll
c:\windows\system32\CIhhPqss.ini
c:\windows\system32\CIhhPqss.ini2
c:\windows\system32\drivers\MSIVXtotlmjkoxxsicongodvwuoeydiprvsae.sys
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXeqicalkxeqwinbgromjehlwtjppawsuo.dll
c:\windows\system32\MSIVXmsxnpneabejsyjlayubvluirujdohucq.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys
-------\Legacy_MYDNS
-------\Legacy_NPF
-------\Service_MyDNS

((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-23 04:10 . 2004-03-03 00:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2009-06-23 04:10 . 2004-03-03 00:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2009-06-23 04:09 . 2000-06-26 18:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-06-23 04:09 . 2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-06-23 04:09 . 2009-06-23 04:09 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-22 21:34 . 2009-06-22 21:34 -------- d-----w- C:\~ErdUserProfile.$$$
2009-06-22 19:28 . 2009-06-22 15:19 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-22 15:54 . 2009-06-22 15:54 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-22 15:54 . 2009-06-22 15:54 72704 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-22 15:54 . 2009-06-22 15:54 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-22 15:54 . 2009-06-22 15:54 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-22 15:34 . 2009-06-22 15:08 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-22 15:19 . 2009-06-22 15:19 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-22 15:19 . 2009-06-22 15:19 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-22 15:19 . 2009-06-22 15:19 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-22 15:18 . 2009-06-22 15:18 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-22 15:17 . 2009-06-22 15:17 296800 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-22 15:17 . 2009-06-22 15:17 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-22 15:10 . 2009-06-22 15:10 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-22 15:08 . 2009-06-22 15:08 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-22 15:08 . 2009-06-22 15:08 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-22 15:08 . 2009-06-22 15:08 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-22 15:06 . 2009-06-22 15:06 561016 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-22 15:05 . 2009-06-22 15:05 565096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-22 15:04 . 2009-06-22 15:04 2349384 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-22 15:02 . 2009-06-22 15:02 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-22 15:01 . 2009-06-22 15:01 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-22 14:59 . 2009-06-22 14:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-22 14:59 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-22 14:59 . 2009-06-22 14:59 -------- d-----w- c:\program files\Lavasoft
2009-06-22 14:59 . 2009-06-22 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-21 07:03 . 2009-06-21 07:04 -------- d-----w- C:\rsit
2009-06-20 17:48 . 2009-06-23 19:26 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-20 17:28 . 2009-06-20 17:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-20 17:28 . 2009-06-20 17:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-20 17:28 . 2009-06-20 17:28 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-20 17:28 . 2009-06-20 17:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-20 17:28 . 2009-06-24 16:16 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-20 17:28 . 2009-06-20 17:28 -------- d-----w- c:\program files\AVG
2009-06-20 17:28 . 2009-06-20 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-19 15:02 . 2009-06-19 15:01 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-19 15:01 . 2009-06-19 15:15 -------- d-----w- c:\documents and settings\Scott\.housecall6.6
2009-06-16 14:28 . 2009-06-16 14:29 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-10 18:53 . 2009-06-10 18:53 -------- d-----w- c:\program files\iPod
2009-06-10 18:53 . 2009-06-10 18:54 -------- d-----w- c:\program files\iTunes
2009-06-10 18:41 . 2009-06-10 18:41 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-06 21:47 . 2008-04-13 18:46 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2009-06-06 21:47 . 2008-04-13 18:46 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2009-06-06 21:47 . 2008-04-13 18:46 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2009-06-06 21:47 . 2008-04-13 18:46 48128 ----a-w- c:\windows\system32\drivers\61883.sys
2009-06-05 20:07 . 2004-05-04 18:53 1645320 ------w- c:\windows\system32\gdiplus.dll
2009-06-05 20:02 . 2009-06-05 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-06-05 20:02 . 2009-06-05 20:02 -------- d-----w- c:\program files\SmartSound Software
2009-06-05 19:59 . 2009-06-05 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-06-05 19:58 . 2000-12-23 05:27 73728 ----a-w- c:\windows\system32\mplaw7.dll
2009-06-05 19:58 . 2000-12-23 05:19 61440 ----a-w- c:\windows\system32\mplam6.dll
2009-06-05 19:58 . 2000-12-23 05:19 73728 ----a-w- c:\windows\system32\mplaa6.dll
2009-06-05 19:58 . 2000-12-22 21:11 19968 ----a-w- c:\windows\system32\cpuinf32.dll
2009-06-05 19:56 . 2009-06-05 19:56 -------- d-----w- c:\program files\Common Files\SONY Digital Images
2009-06-05 19:56 . 2009-06-05 19:56 -------- d-----w- c:\windows\system32\windows media
2009-06-05 19:56 . 2009-06-05 19:56 -------- d--h--w- c:\windows\msdownld.tmp
2009-06-05 19:55 . 2009-06-05 19:55 -------- d-----w- c:\program files\Windows Media Components
2009-06-05 19:31 . 2009-06-05 19:31 -------- d-----w- C:\Drivers
2009-06-05 19:31 . 2002-10-16 05:41 102220 ----a-w- c:\windows\system32\drivers\sonypvs1.sys
2009-06-05 19:31 . 2001-11-05 16:23 299923 ----a-w- c:\windows\system32\drivers\sonyhcs.sys
2009-06-05 19:31 . 2001-11-05 16:23 38739 ----a-w- c:\windows\system32\drivers\sonyhcc.sys
2009-06-05 19:31 . 2001-11-05 16:23 6097 ----a-w- c:\windows\system32\drivers\sonyhcb.sys
2009-06-05 19:31 . 2001-07-04 03:39 3654 ----a-w- c:\windows\system32\drivers\Sonyhcp.dll
2009-06-05 19:31 . 2001-07-04 03:33 53248 ----a-w- c:\windows\system32\SONYHCY.DLL
2009-06-01 20:46 . 2009-06-01 20:47 -------- d-----w- c:\program files\DVDFab 6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 16:02 . 2007-11-19 18:20 -------- d-----w- c:\documents and settings\Scott\Application Data\Skype
2009-06-25 16:02 . 2007-11-19 18:28 -------- d-----w- c:\documents and settings\Scott\Application Data\skypePM
2009-06-25 15:55 . 2006-03-23 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2009-06-25 15:55 . 2006-03-23 18:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2009-06-25 14:56 . 2008-05-05 20:56 -------- d-----w- c:\program files\Digsby
2009-06-23 21:59 . 2008-05-05 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-23 21:59 . 2008-05-05 23:18 -------- d-----w- c:\program files\McAfee
2009-06-23 04:09 . 2006-03-22 23:41 -------- d-----w- c:\program files\Ahead
2009-06-23 03:52 . 2008-12-02 18:27 -------- d-----w- c:\program files\RegCure
2009-06-20 00:58 . 2006-03-22 18:23 93635 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-06-20 00:47 . 2006-03-22 22:39 -------- d-----w- c:\program files\Trend Micro
2009-06-19 00:14 . 2006-07-07 04:03 -------- d-----w- c:\documents and settings\Scott\Application Data\Azureus
2009-06-16 14:30 . 2006-07-07 23:24 -------- d-----w- c:\program files\DivX
2009-06-16 05:11 . 2006-07-07 04:03 -------- d-----w- c:\program files\Azureus
2009-06-16 05:01 . 2007-09-22 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-15 19:38 . 2008-06-24 17:43 -------- d-----w- c:\program files\AddWeb7
2009-06-12 04:33 . 2008-12-11 05:23 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-10 22:09 . 2006-06-17 00:46 -------- d-----w- c:\program files\QuickTime
2009-06-10 18:53 . 2007-12-26 00:49 -------- d-----w- c:\program files\Common Files\Apple
2009-06-10 18:38 . 2007-06-12 18:14 -------- d-----w- c:\program files\Safari
2009-06-06 14:58 . 2006-03-22 19:35 46504 ----a-w- c:\documents and settings\Scott\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 20:20 . 2006-04-01 23:58 -------- d-----w- c:\documents and settings\Scott\Application Data\Ulead Systems
2009-06-05 20:08 . 2006-03-23 01:25 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-06-05 20:07 . 2006-03-23 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-06-05 20:06 . 2006-03-22 18:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-05 19:56 . 2006-03-23 01:25 -------- d-----w- c:\program files\Ulead Systems
2009-06-05 18:42 . 2009-03-19 02:14 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 18:42 . 2007-12-26 00:50 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-01 20:47 . 2006-05-06 20:20 -------- d-----w- c:\documents and settings\Scott\Application Data\Vso
2009-06-01 17:14 . 2006-04-13 20:59 -------- d-----w- c:\program files\AddWeb8
2009-05-25 07:24 . 2008-05-27 06:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-12 22:12 . 2006-03-22 19:24 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:32 . 2001-08-18 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-02 00:07 . 2006-03-23 00:49 -------- d-----w- c:\documents and settings\Scott\Application Data\BPFTP
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-30 16:58 . 2006-12-05 17:26 -------- d-----w- c:\program files\Evrsoft First Page 2006
2009-04-29 04:56 . 2004-01-08 23:23 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2001-08-18 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2006-03-22 19:05 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2007-07-24 20:24 . 2007-07-24 20:24 28706553 ----a-w- c:\program files\AddWeb7.zip
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-12 04:41 . 2007-05-29 02:23 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"eyeBeam SIP Client"="c:\program files\CounterPath\X-Lite\x-lite.exe" [2009-05-05 23179264]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-04-16 24264488]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-09-25 196670]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-20 1948440]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-22 518488]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SbUsb AudCtrl"="sbusbdll.dll" - c:\windows\system32\sbusbdll.dll [2004-08-19 97792]

c:\documents and settings\Scott\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files\Digsby\digsby.exe [2008-9-8 137728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-20 17:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBW32PremierNonprofit.exe"=
"c:\\Program Files\\Games\\Yu-Gi-Oh\\Joey\\joey_pc.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Documents and Settings\\Scott\\Application Data\\U3\\0000185E7961725A\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\skype.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Digsby\\Digsby.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Digsby\\lib\\digsby-app.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\launch4j-tmp\\Stanza.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2346:TCP"= 2346:TCP:Ghost Recon
"2347:TCP"= 2347:TCP:Ghost Recon
"2348:TCP"= 2348:TCP:Ghost Recon
"2346:UDP"= 2346:UDP:Ghost Recon
"2347:UDP"= 2347:UDP:Ghost Recon
"5500:TCP"= 5500:TCP:VNC TCP
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/22/2009 8:34 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/20/2009 10:28 AM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/20/2009 10:28 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/20/2009 10:28 AM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1003344]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [7/16/2007 10:09 PM 6016]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EMCR;EMCR;c:\windows\system32\drivers\EMCR7SK.sys [9/10/2004 11:44 AM 104960]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [6/26/2008 8:14 PM 42112]
S3 OYDB;OYDB;c:\docume~1\Scott\LOCALS~1\Temp\OYDB.exe --> c:\docume~1\Scott\LOCALS~1\Temp\OYDB.exe [?]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [3/31/2006 9:18 AM 911744]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [9/4/2007 4:53 PM 55664]
S3 WSEFHYVK;WSEFHYVK;c:\docume~1\Scott\LOCALS~1\Temp\WSEFHYVK.exe --> c:\docume~1\Scott\LOCALS~1\Temp\WSEFHYVK.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:05]

2009-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1060284298-839522115-1003.job
- c:\documents and settings\Scott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 23:09]

2009-06-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: cyberspacehq.com\linktrader
Trusted Zone: cyberspacehq.com\support
DPF: {E1F6A9E6-B493-4670-9437-2D4B4B8965E0} - hxxp://support.cyberspacehq.com/case_message_box/CaseMessageBoxProj1.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 08:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????l?P?r?o??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-1060284298-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C0CB0FB7-6105-1647-645C-29925097B1D8}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"kaekjohppndmljoibemjdo"=hex:66,61,61,62,62,70,63,6d,6f,70,69,62,00,ff
"nabmiijpmobkfniefocgfbpgdgkn"=hex:69,61,6c,6c,70,6f,63,6a,68,62,63,66,6a,62,
69,62,67,61,00,00
"mahkggicjegjaanehjifpcpkej"=hex:6a,61,65,6c,6d,6d,70,65,6a,61,62,64,6e,62,6d,
6f,67,66,64,65,00,f6
"ebflhjbkkmgdcgfejcddghkljbibfimapbmfjaalcb"=hex:66,61,65,6c,61,6e,66,67,67,70,
64,64,00,d6
"dbfjiidjamgbjbhaamllocinipmkilhnmepddigo"=hex:6d,62,65,6b,70,64,6b,61,6f,6d,
69,6c,6d,6d,65,61,6c,6d,6f,6c,65,69,61,6e,6e,69,62,6e,64,62,6b,65,63,68,6a,\
"cbfjiidjamgbjbhaamllocinipbljgldmkeafg"=hex:67,61,62,6e,6d,6f,66,6a,6d,6d,69,
6f,63,65,00,61
"cbfjiidjamgbjbhaamllocinipklgjpdaigoaj"=hex:67,61,62,6e,66,6f,6c,62,68,66,6b,
61,68,6d,00,61
"nabmiijpmobkfniefocggbefkbfk"=hex:6a,61,6c,6c,70,6f,6f,69,6e,6e,6c,69,69,68,
61,62,6a,64,6e,64,00,f3
"mahkggicjegjaanehjjfcphbpg"=hex:6a,61,6c,6c,70,6f,6f,69,6e,6e,6c,69,69,68,61,
62,6a,64,6e,64,00,f3

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C0CB0FB7-6105-1647-645C-29925097B1D8}\InProcServer32*]
"gadkppbhejnkne"=hex:66,61,65,6c,61,6e,66,67,67,70,64,64,00,d6
"ebdklnoniopnolnglniniefimipbaakgpcmoecppie"=hex:6d,62,65,6b,70,64,6b,61,6f,6d,
69,6c,6d,6d,65,61,6c,6d,6f,6c,65,69,61,6e,6e,69,62,6e,64,62,6b,65,63,68,6a,\
"dbdklnoniopnolnglniniefimipblanhojpledgc"=hex:67,61,62,6e,6d,6f,66,6a,6d,6d,
69,6f,63,65,00,61
"dbdklnoniopnolnglniniefimipbgabahjjhicie"=hex:67,61,62,6e,66,6f,6c,62,68,66,
6b,61,68,6d,00,61

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3876)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Digsby\lib\digsby-app.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-06-25 9:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-25 16:12

Pre-Run: 5,808,754,688 bytes free
Post-Run: 5,944,438,784 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
366 --- E O F --- 2009-06-25 14:57

tetonbob · 06-25-2009, 10:40 AM

Looks better, the main infection has been neutralized. Still more work to do. First....

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

Driver::
WSEFHYVK
OYDB
RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C0CB0FB7-6105-1647-645C-29925097B1D8}\InProcServer32*]
[HKEY_USERS\S-1-5-21-1659004503-1060284298-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C0CB0FB7-6105-1647-645C-29925097B1D8}*]

Save this as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

sediaz · 06-26-2009, 10:11 AM

Here is the next log. Should I copy/paste as I'm doing or upload the log file?

ComboFix 09-06-25.06 - Scott 06/26/2009 7:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1341 [GMT -7:00]
Running from: c:\documents and settings\Scott\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Scott\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OYDB
-------\Legacy_WSEFHYVK
-------\Service_OYDB
-------\Service_WSEFHYVK

((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-06-26 )))))))))))))))))))))))))))))))
.

2009-06-25 16:10 . 2009-06-25 16:10 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-23 04:10 . 2004-03-03 00:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2009-06-23 04:10 . 2004-03-03 00:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2009-06-23 04:09 . 2000-06-26 18:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-06-23 04:09 . 2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-06-23 04:09 . 2009-06-23 04:09 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-22 21:34 . 2009-06-22 21:34 -------- d-----w- C:\~ErdUserProfile.$$$
2009-06-22 19:28 . 2009-06-22 15:19 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-22 15:54 . 2009-06-22 15:54 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-22 15:54 . 2009-06-22 15:54 72704 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-22 15:54 . 2009-06-22 15:54 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-22 15:54 . 2009-06-22 15:54 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-22 15:34 . 2009-06-22 15:08 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-22 15:19 . 2009-06-22 15:19 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-22 15:19 . 2009-06-22 15:19 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-22 15:19 . 2009-06-22 15:19 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-22 15:18 . 2009-06-22 15:18 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-22 15:17 . 2009-06-22 15:17 296800 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-22 15:17 . 2009-06-22 15:17 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-22 15:10 . 2009-06-22 15:10 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-22 15:08 . 2009-06-22 15:08 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-22 15:08 . 2009-06-22 15:08 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-22 15:08 . 2009-06-22 15:08 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-22 15:06 . 2009-06-22 15:06 561016 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-22 15:05 . 2009-06-22 15:05 565096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-22 15:04 . 2009-06-22 15:04 2349384 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-22 15:02 . 2009-06-22 15:02 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-22 15:01 . 2009-06-22 15:01 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-22 14:59 . 2009-06-22 14:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-22 14:59 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-22 14:59 . 2009-06-22 14:59 -------- d-----w- c:\program files\Lavasoft
2009-06-22 14:59 . 2009-06-22 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-21 07:03 . 2009-06-21 07:04 -------- d-----w- C:\rsit
2009-06-20 17:48 . 2009-06-25 21:14 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-20 17:28 . 2009-06-20 17:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-20 17:28 . 2009-06-20 17:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-20 17:28 . 2009-06-20 17:28 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-20 17:28 . 2009-06-20 17:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-20 17:28 . 2009-06-26 01:23 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-20 17:28 . 2009-06-20 17:28 -------- d-----w- c:\program files\AVG
2009-06-20 17:28 . 2009-06-20 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-19 15:02 . 2009-06-19 15:01 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-19 15:01 . 2009-06-19 15:15 -------- d-----w- c:\documents and settings\Scott\.housecall6.6
2009-06-16 14:28 . 2009-06-16 14:29 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-10 18:53 . 2009-06-10 18:53 -------- d-----w- c:\program files\iPod
2009-06-10 18:53 . 2009-06-10 18:54 -------- d-----w- c:\program files\iTunes
2009-06-10 18:41 . 2009-06-10 18:41 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-06 21:47 . 2008-04-13 18:46 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2009-06-06 21:47 . 2008-04-13 18:46 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2009-06-06 21:47 . 2008-04-13 18:46 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2009-06-06 21:47 . 2008-04-13 18:46 48128 ----a-w- c:\windows\system32\drivers\61883.sys
2009-06-05 20:07 . 2004-05-04 18:53 1645320 ------w- c:\windows\system32\gdiplus.dll
2009-06-05 20:02 . 2009-06-05 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-06-05 20:02 . 2009-06-05 20:02 -------- d-----w- c:\program files\SmartSound Software
2009-06-05 19:59 . 2009-06-05 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-06-05 19:58 . 2000-12-23 05:27 73728 ----a-w- c:\windows\system32\mplaw7.dll
2009-06-05 19:58 . 2000-12-23 05:19 61440 ----a-w- c:\windows\system32\mplam6.dll
2009-06-05 19:58 . 2000-12-23 05:19 73728 ----a-w- c:\windows\system32\mplaa6.dll
2009-06-05 19:58 . 2000-12-22 21:11 19968 ----a-w- c:\windows\system32\cpuinf32.dll
2009-06-05 19:56 . 2009-06-05 19:56 -------- d-----w- c:\program files\Common Files\SONY Digital Images
2009-06-05 19:56 . 2009-06-05 19:56 -------- d-----w- c:\windows\system32\windows media
2009-06-05 19:56 . 2009-06-05 19:56 -------- d--h--w- c:\windows\msdownld.tmp
2009-06-05 19:55 . 2009-06-05 19:55 -------- d-----w- c:\program files\Windows Media Components
2009-06-05 19:31 . 2009-06-05 19:31 -------- d-----w- C:\Drivers
2009-06-05 19:31 . 2002-10-16 05:41 102220 ----a-w- c:\windows\system32\drivers\sonypvs1.sys
2009-06-05 19:31 . 2001-11-05 16:23 299923 ----a-w- c:\windows\system32\drivers\sonyhcs.sys
2009-06-05 19:31 . 2001-11-05 16:23 38739 ----a-w- c:\windows\system32\drivers\sonyhcc.sys
2009-06-05 19:31 . 2001-11-05 16:23 6097 ----a-w- c:\windows\system32\drivers\sonyhcb.sys
2009-06-05 19:31 . 2001-07-04 03:39 3654 ----a-w- c:\windows\system32\drivers\Sonyhcp.dll
2009-06-05 19:31 . 2001-07-04 03:33 53248 ----a-w- c:\windows\system32\SONYHCY.DLL
2009-06-01 20:46 . 2009-06-01 20:47 -------- d-----w- c:\program files\DVDFab 6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 14:50 . 2007-11-19 18:20 -------- d-----w- c:\documents and settings\Scott\Application Data\Skype
2009-06-26 14:44 . 2006-03-23 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2009-06-26 14:44 . 2006-03-23 18:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2009-06-26 14:03 . 2007-11-19 18:28 -------- d-----w- c:\documents and settings\Scott\Application Data\skypePM
2009-06-25 14:56 . 2008-05-05 20:56 -------- d-----w- c:\program files\Digsby
2009-06-23 21:59 . 2008-05-05 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-23 21:59 . 2008-05-05 23:18 -------- d-----w- c:\program files\McAfee
2009-06-23 04:09 . 2006-03-22 23:41 -------- d-----w- c:\program files\Ahead
2009-06-23 03:52 . 2008-12-02 18:27 -------- d-----w- c:\program files\RegCure
2009-06-20 00:58 . 2006-03-22 18:23 93635 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-06-20 00:47 . 2006-03-22 22:39 -------- d-----w- c:\program files\Trend Micro
2009-06-19 00:14 . 2006-07-07 04:03 -------- d-----w- c:\documents and settings\Scott\Application Data\Azureus
2009-06-16 14:30 . 2006-07-07 23:24 -------- d-----w- c:\program files\DivX
2009-06-16 05:11 . 2006-07-07 04:03 -------- d-----w- c:\program files\Azureus
2009-06-16 05:01 . 2007-09-22 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-15 19:38 . 2008-06-24 17:43 -------- d-----w- c:\program files\AddWeb7
2009-06-12 04:33 . 2008-12-11 05:23 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-10 22:09 . 2006-06-17 00:46 -------- d-----w- c:\program files\QuickTime
2009-06-10 18:53 . 2007-12-26 00:49 -------- d-----w- c:\program files\Common Files\Apple
2009-06-10 18:38 . 2007-06-12 18:14 -------- d-----w- c:\program files\Safari
2009-06-06 14:58 . 2006-03-22 19:35 46504 ----a-w- c:\documents and settings\Scott\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 20:20 . 2006-04-01 23:58 -------- d-----w- c:\documents and settings\Scott\Application Data\Ulead Systems
2009-06-05 20:08 . 2006-03-23 01:25 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-06-05 20:07 . 2006-03-23 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-06-05 20:06 . 2006-03-22 18:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-05 19:56 . 2006-03-23 01:25 -------- d-----w- c:\program files\Ulead Systems
2009-06-05 18:42 . 2009-03-19 02:14 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 18:42 . 2007-12-26 00:50 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-01 20:47 . 2006-05-06 20:20 -------- d-----w- c:\documents and settings\Scott\Application Data\Vso
2009-06-01 17:14 . 2006-04-13 20:59 -------- d-----w- c:\program files\AddWeb8
2009-05-25 07:24 . 2008-05-27 06:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-12 22:12 . 2006-03-22 19:24 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:32 . 2001-08-18 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-02 00:07 . 2006-03-23 00:49 -------- d-----w- c:\documents and settings\Scott\Application Data\BPFTP
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-30 16:58 . 2006-12-05 17:26 -------- d-----w- c:\program files\Evrsoft First Page 2006
2009-04-29 04:56 . 2004-01-08 23:23 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2001-08-18 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2006-03-22 19:05 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2007-07-24 20:24 . 2007-07-24 20:24 28706553 ----a-w- c:\program files\AddWeb7.zip
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-12 04:41 . 2007-05-29 02:23 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2004-08-04 07:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\dllcache\cache\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[7] 2004-08-04 07:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\dllcache\cache\user32.dll

[7] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\dllcache\cache\ws2_32.dll

[-] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[7] 2007-03-07 17:40 823296 B8F4DB39CA7353752F245379D285C80E c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[7] 2007-04-25 09:08 823808 431DEFBB4A3D7B0DC062C1B064623A2F c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[7] 2007-06-27 14:40 824320 D6ED5E042C5207553E7F5E842918137F c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[7] 2007-08-20 10:02 825344 357D54BF94FE9D6D8505A96B5C2A3BCA c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[7] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2007-12-07 02:01 825344 B5B411BB229AE6EAD7652A32ED47BFB9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[7] 2008-03-01 13:03 827392 6316C2F0C61271C8ABDFF7429174879E c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2001-08-18 12:00 593920 CF9F1EEF71F42EDE71B6F4AA05D5CA1A c:\windows\$NtUninstallKB834707-IE6-20040929.115007$\wininet.dll
[7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB905915$\wininet.dll
[-] 2006-01-09 18:02 662016 DDE9597A3311748C1519444E2BC147BD c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2005-10-21 03:39 658432 E7B27B6B6E06CE34EA019FD8B858C613 c:\windows\$NtUninstallKB912945$\wininet.dll
[-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\ie7\wininet.dll
[7] 2006-10-27 23:09 818688 7CF0B0D5D9D47585853E2A6978441F64 c:\windows\ie7updates\KB928090-IE7\wininet.dll
[7] 2007-01-12 17:27 822784 BE43D00D802C92F01C8CC952C6F483F8 c:\windows\ie7updates\KB931768-IE7\wininet.dll
[7] 2007-03-07 17:45 822784 5B35DAE6E4886F64D1DA58C4E3E01EB9 c:\windows\ie7updates\KB933566-IE7\wininet.dll
[7] 2007-04-25 08:41 822784 0586A7F0B2FDB94D624F399D4728E7C8 c:\windows\ie7updates\KB937143-IE7\wininet.dll
[7] 2007-06-27 14:34 823808 8068CBB58FE60CC95AEB2CFF70178208 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[7] 2007-08-20 10:04 824832 774435E499D8E9643EC961A6103C361F c:\windows\ie7updates\KB942615-IE7\wininet.dll
[7] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[7] 2007-12-07 02:21 824832 806D274C9A6C3AAEA5EAE8E4AF841E04 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[7] 2008-03-01 13:06 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\dllcache\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\dllcache\cache\wininet.dll

[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\cache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[7] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\dllcache\cache\winlogon.exe

[7] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\cache\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[7] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\cache\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 22:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2007-02-28 08:38 2015744 A58AC1C6199EF34228ABEE7FC057AE09 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2004-08-04 05:59 2015232 FB142B7007CA2EEA76966C6C5CC12150 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2015232 3CD941E472DDF3534E53038535719771 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2006-12-19 12:55 2015744 BBB2322EB14AD9AD55B1024FFD4D88BF c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-08-14 09:33 2023936 8206B5F94A6A9450E934029420C1693F c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-13 18:31 2023936 7F653A89F6E89E3AE0D49830EECE35D4 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2009-02-06 10:32 2023936 65D4220799E6FC2CB079070A6393CC0E c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-06 10:32 2023936 65D4220799E6FC2CB079070A6393CC0E c:\windows\system32\dllcache\cache\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2009-02-08 02:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 23:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2007-02-28 09:08 2136064 1220FAF071DEA8653EE21DE7DCDA8BFD c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2004-08-04 06:18 2148352 626309040459C3915997EF98EC1C8D40 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:57 2135552 48B3E89AF7074CEE0314A3E0C7FAFFDB c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2006-12-19 14:15 2136064 8318ED54797F3E513FD5817A1D4BBD18 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-08-14 10:09 2145280 F6F8245B3A2E9CA834DD318E7AE0C6D0 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-13 19:24 2145280 40F8880122A030A7E9E1FEDEA833B33D c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2009-02-06 11:06 2145280 0CBA44D0938D57F334C0862424148B70 c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 11:06 2145280 0CBA44D0938D57F334C0862424148B70 c:\windows\system32\dllcache\cache\ntoskrnl.exe

[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 07:56 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\system32\dllcache\cache\explorer.exe

[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2004-08-04 07:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtServicePackUninstall$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\cache\services.exe

[7] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\dllcache\cache\lsass.exe

[7] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\dllcache\cache\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-04 07:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\dllcache\cache\spoolsv.exe

[7] 2004-08-04 07:56 111104 4126D27CECE4471E00E425411F7306B5 c:\windows\$NtServicePackUninstall$\wuauclt.exe
[7] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\ServicePackFiles\i386\wuauclt.exe
[7] 2008-10-16 22:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 22:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe
[7] 2008-10-16 22:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\cache\wuauclt.exe

[7] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\dllcache\cache\userinit.exe

[7] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\dllcache\cache\termsrv.dll

[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtServicePackUninstall$\kernel32.dll
[7] 2004-08-04 07:56 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\cache\kernel32.dll

[7] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\dllcache\cache\powrprof.dll

[7] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\dllcache\cache\imm32.dll

[7] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\dllcache\cache\sfcfiles.dll

[7] 2004-08-04 07:56 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\$NtServicePackUninstall$\appmgmts.dll
[7] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\ServicePackFiles\i386\appmgmts.dll
[7] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\appmgmts.dll
[7] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\dllcache\cache\appmgmts.dll

[7] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\dllcache\cache\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-25_15.56.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-26 14:44 . 2009-06-26 14:44 16384 c:\windows\Temp\Perflib_Perfdata_ef4.dat
+ 2009-06-26 13:59 . 2009-06-26 13:59 16384 c:\windows\Temp\Perflib_Perfdata_c0c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"eyeBeam SIP Client"="c:\program files\CounterPath\X-Lite\x-lite.exe" [2009-05-05 23179264]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-04-16 24264488]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-09-25 196670]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-20 1948440]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-22 518488]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SbUsb AudCtrl"="sbusbdll.dll" - c:\windows\system32\sbusbdll.dll [2004-08-19 97792]

c:\documents and settings\Scott\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files\Digsby\digsby.exe [2008-9-8 137728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-20 17:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBW32PremierNonprofit.exe"=
"c:\\Program Files\\Games\\Yu-Gi-Oh\\Joey\\joey_pc.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Documents and Settings\\Scott\\Application Data\\U3\\0000185E7961725A\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\skype.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Digsby\\Digsby.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Digsby\\lib\\digsby-app.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\launch4j-tmp\\Stanza.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2346:TCP"= 2346:TCP:Ghost Recon
"2347:TCP"= 2347:TCP:Ghost Recon
"2348:TCP"= 2348:TCP:Ghost Recon
"2346:UDP"= 2346:UDP:Ghost Recon
"2347:UDP"= 2347:UDP:Ghost Recon
"5500:TCP"= 5500:TCP:VNC TCP
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/22/2009 8:34 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/20/2009 10:28 AM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/20/2009 10:28 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/20/2009 10:28 AM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1003344]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [7/16/2007 10:09 PM 6016]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EMCR;EMCR;c:\windows\system32\drivers\EMCR7SK.sys [9/10/2004 11:44 AM 104960]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [6/26/2008 8:14 PM 42112]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [3/31/2006 9:18 AM 911744]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [9/4/2007 4:53 PM 55664]
.
Contents of the 'Scheduled Tasks' folder

2009-06-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:05]

2009-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1060284298-839522115-1003.job
- c:\documents and settings\Scott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 23:09]

2009-06-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: cyberspacehq.com\linktrader
Trusted Zone: cyberspacehq.com\support
DPF: {E1F6A9E6-B493-4670-9437-2D4B4B8965E0} - hxxp://support.cyberspacehq.com/case_message_box/CaseMessageBoxProj1.cab
FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\36q1xgg0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.videotutorialzone.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\documents and settings\Scott\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\fluxDVD\APIX\NPAPIX.dll
FF - plugin: c:\program files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 07:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????l?P?r?o??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(960)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3964)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\windows\system32\ati2evxx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Digsby\lib\digsby-app.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\Java\jre1.6.0_05\bin\javaw.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-06-26 8:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-26 15:01
ComboFix2.txt 2009-06-25 16:12

Pre-Run: 6,016,073,728 bytes free
Post-Run: 5,986,598,912 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
527 --- E O F --- 2009-06-25 14:57

tetonbob · 06-26-2009, 10:17 AM

Hi -

Copy/paste is preferred for these logs, thanks.

I'd like to confirm that you ran the McAfee Removal tool. I still see parts of it in the most recent log.

sediaz · 06-26-2009, 10:32 AM

Here is the next log. Should I copy/paste as I'm doing or upload the log file?

ComboFix 09-06-25.06 - Scott 06/26/2009 7:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1341 [GMT -7:00]
Running from: c:\documents and settings\Scott\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Scott\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OYDB
-------\Legacy_WSEFHYVK
-------\Service_OYDB
-------\Service_WSEFHYVK

((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-06-26 )))))))))))))))))))))))))))))))
.

2009-06-25 16:10 . 2009-06-25 16:10 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-23 04:10 . 2004-03-03 00:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2009-06-23 04:10 . 2004-03-03 00:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2009-06-23 04:09 . 2000-06-26 18:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-06-23 04:09 . 2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-06-23 04:09 . 2009-06-23 04:09 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-22 21:34 . 2009-06-22 21:34 -------- d-----w- C:\~ErdUserProfile.$$$
2009-06-22 19:28 . 2009-06-22 15:19 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-22 15:54 . 2009-06-22 15:54 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-22 15:54 . 2009-06-22 15:54 72704 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-22 15:54 . 2009-06-22 15:54 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-22 15:54 . 2009-06-22 15:54 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-22 15:34 . 2009-06-22 15:08 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-22 15:19 . 2009-06-22 15:19 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-22 15:19 . 2009-06-22 15:19 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-22 15:19 . 2009-06-22 15:19 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-22 15:18 . 2009-06-22 15:18 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-22 15:17 . 2009-06-22 15:17 296800 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-22 15:17 . 2009-06-22 15:17 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-22 15:10 . 2009-06-22 15:10 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-22 15:08 . 2009-06-22 15:08 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-22 15:08 . 2009-06-22 15:08 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-22 15:08 . 2009-06-22 15:08 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-22 15:06 . 2009-06-22 15:06 561016 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-22 15:05 . 2009-06-22 15:05 565096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-22 15:04 . 2009-06-22 15:04 2349384 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-22 15:02 . 2009-06-22 15:02 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-22 15:01 . 2009-06-22 15:01 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-22 14:59 . 2009-06-22 14:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-22 14:59 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-22 14:59 . 2009-06-22 14:59 -------- d-----w- c:\program files\Lavasoft
2009-06-22 14:59 . 2009-06-22 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-21 07:03 . 2009-06-21 07:04 -------- d-----w- C:\rsit
2009-06-20 17:48 . 2009-06-25 21:14 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-20 17:28 . 2009-06-20 17:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-20 17:28 . 2009-06-20 17:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-20 17:28 . 2009-06-20 17:28 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-20 17:28 . 2009-06-20 17:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-20 17:28 . 2009-06-26 01:23 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-20 17:28 . 2009-06-20 17:28 -------- d-----w- c:\program files\AVG
2009-06-20 17:28 . 2009-06-20 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-19 15:02 . 2009-06-19 15:01 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-19 15:01 . 2009-06-19 15:15 -------- d-----w- c:\documents and settings\Scott\.housecall6.6
2009-06-16 14:28 . 2009-06-16 14:29 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-10 18:53 . 2009-06-10 18:53 -------- d-----w- c:\program files\iPod
2009-06-10 18:53 . 2009-06-10 18:54 -------- d-----w- c:\program files\iTunes
2009-06-10 18:41 . 2009-06-10 18:41 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-06 21:47 . 2008-04-13 18:46 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2009-06-06 21:47 . 2008-04-13 18:46 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2009-06-06 21:47 . 2008-04-13 18:46 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2009-06-06 21:47 . 2008-04-13 18:46 48128 ----a-w- c:\windows\system32\drivers\61883.sys
2009-06-05 20:07 . 2004-05-04 18:53 1645320 ------w- c:\windows\system32\gdiplus.dll
2009-06-05 20:02 . 2009-06-05 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-06-05 20:02 . 2009-06-05 20:02 -------- d-----w- c:\program files\SmartSound Software
2009-06-05 19:59 . 2009-06-05 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-06-05 19:58 . 2000-12-23 05:27 73728 ----a-w- c:\windows\system32\mplaw7.dll
2009-06-05 19:58 . 2000-12-23 05:19 61440 ----a-w- c:\windows\system32\mplam6.dll
2009-06-05 19:58 . 2000-12-23 05:19 73728 ----a-w- c:\windows\system32\mplaa6.dll
2009-06-05 19:58 . 2000-12-22 21:11 19968 ----a-w- c:\windows\system32\cpuinf32.dll
2009-06-05 19:56 . 2009-06-05 19:56 -------- d-----w- c:\program files\Common Files\SONY Digital Images
2009-06-05 19:56 . 2009-06-05 19:56 -------- d-----w- c:\windows\system32\windows media
2009-06-05 19:56 . 2009-06-05 19:56 -------- d--h--w- c:\windows\msdownld.tmp
2009-06-05 19:55 . 2009-06-05 19:55 -------- d-----w- c:\program files\Windows Media Components
2009-06-05 19:31 . 2009-06-05 19:31 -------- d-----w- C:\Drivers
2009-06-05 19:31 . 2002-10-16 05:41 102220 ----a-w- c:\windows\system32\drivers\sonypvs1.sys
2009-06-05 19:31 . 2001-11-05 16:23 299923 ----a-w- c:\windows\system32\drivers\sonyhcs.sys
2009-06-05 19:31 . 2001-11-05 16:23 38739 ----a-w- c:\windows\system32\drivers\sonyhcc.sys
2009-06-05 19:31 . 2001-11-05 16:23 6097 ----a-w- c:\windows\system32\drivers\sonyhcb.sys
2009-06-05 19:31 . 2001-07-04 03:39 3654 ----a-w- c:\windows\system32\drivers\Sonyhcp.dll
2009-06-05 19:31 . 2001-07-04 03:33 53248 ----a-w- c:\windows\system32\SONYHCY.DLL
2009-06-01 20:46 . 2009-06-01 20:47 -------- d-----w- c:\program files\DVDFab 6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 14:50 . 2007-11-19 18:20 -------- d-----w- c:\documents and settings\Scott\Application Data\Skype
2009-06-26 14:44 . 2006-03-23 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2009-06-26 14:44 . 2006-03-23 18:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2009-06-26 14:03 . 2007-11-19 18:28 -------- d-----w- c:\documents and settings\Scott\Application Data\skypePM
2009-06-25 14:56 . 2008-05-05 20:56 -------- d-----w- c:\program files\Digsby
2009-06-23 21:59 . 2008-05-05 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-23 21:59 . 2008-05-05 23:18 -------- d-----w- c:\program files\McAfee
2009-06-23 04:09 . 2006-03-22 23:41 -------- d-----w- c:\program files\Ahead
2009-06-23 03:52 . 2008-12-02 18:27 -------- d-----w- c:\program files\RegCure
2009-06-20 00:58 . 2006-03-22 18:23 93635 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-06-20 00:47 . 2006-03-22 22:39 -------- d-----w- c:\program files\Trend Micro
2009-06-19 00:14 . 2006-07-07 04:03 -------- d-----w- c:\documents and settings\Scott\Application Data\Azureus
2009-06-16 14:30 . 2006-07-07 23:24 -------- d-----w- c:\program files\DivX
2009-06-16 05:11 . 2006-07-07 04:03 -------- d-----w- c:\program files\Azureus
2009-06-16 05:01 . 2007-09-22 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-15 19:38 . 2008-06-24 17:43 -------- d-----w- c:\program files\AddWeb7
2009-06-12 04:33 . 2008-12-11 05:23 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-10 22:09 . 2006-06-17 00:46 -------- d-----w- c:\program files\QuickTime
2009-06-10 18:53 . 2007-12-26 00:49 -------- d-----w- c:\program files\Common Files\Apple
2009-06-10 18:38 . 2007-06-12 18:14 -------- d-----w- c:\program files\Safari
2009-06-06 14:58 . 2006-03-22 19:35 46504 ----a-w- c:\documents and settings\Scott\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 20:20 . 2006-04-01 23:58 -------- d-----w- c:\documents and settings\Scott\Application Data\Ulead Systems
2009-06-05 20:08 . 2006-03-23 01:25 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-06-05 20:07 . 2006-03-23 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-06-05 20:06 . 2006-03-22 18:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-05 19:56 . 2006-03-23 01:25 -------- d-----w- c:\program files\Ulead Systems
2009-06-05 18:42 . 2009-03-19 02:14 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 18:42 . 2007-12-26 00:50 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-01 20:47 . 2006-05-06 20:20 -------- d-----w- c:\documents and settings\Scott\Application Data\Vso
2009-06-01 17:14 . 2006-04-13 20:59 -------- d-----w- c:\program files\AddWeb8
2009-05-25 07:24 . 2008-05-27 06:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-12 22:12 . 2006-03-22 19:24 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:32 . 2001-08-18 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-02 00:07 . 2006-03-23 00:49 -------- d-----w- c:\documents and settings\Scott\Application Data\BPFTP
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-30 16:58 . 2006-12-05 17:26 -------- d-----w- c:\program files\Evrsoft First Page 2006
2009-04-29 04:56 . 2004-01-08 23:23 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2001-08-18 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2006-03-22 19:05 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2007-07-24 20:24 . 2007-07-24 20:24 28706553 ----a-w- c:\program files\AddWeb7.zip
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-12 04:41 . 2007-05-29 02:23 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2004-08-04 07:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\dllcache\cache\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[7] 2004-08-04 07:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\dllcache\cache\user32.dll

[7] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\dllcache\cache\ws2_32.dll

[-] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[7] 2007-03-07 17:40 823296 B8F4DB39CA7353752F245379D285C80E c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[7] 2007-04-25 09:08 823808 431DEFBB4A3D7B0DC062C1B064623A2F c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[7] 2007-06-27 14:40 824320 D6ED5E042C5207553E7F5E842918137F c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[7] 2007-08-20 10:02 825344 357D54BF94FE9D6D8505A96B5C2A3BCA c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[7] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2007-12-07 02:01 825344 B5B411BB229AE6EAD7652A32ED47BFB9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[7] 2008-03-01 13:03 827392 6316C2F0C61271C8ABDFF7429174879E c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2001-08-18 12:00 593920 CF9F1EEF71F42EDE71B6F4AA05D5CA1A c:\windows\$NtUninstallKB834707-IE6-20040929.115007$\wininet.dll
[7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB905915$\wininet.dll
[-] 2006-01-09 18:02 662016 DDE9597A3311748C1519444E2BC147BD c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2005-10-21 03:39 658432 E7B27B6B6E06CE34EA019FD8B858C613 c:\windows\$NtUninstallKB912945$\wininet.dll
[-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\ie7\wininet.dll
[7] 2006-10-27 23:09 818688 7CF0B0D5D9D47585853E2A6978441F64 c:\windows\ie7updates\KB928090-IE7\wininet.dll
[7] 2007-01-12 17:27 822784 BE43D00D802C92F01C8CC952C6F483F8 c:\windows\ie7updates\KB931768-IE7\wininet.dll
[7] 2007-03-07 17:45 822784 5B35DAE6E4886F64D1DA58C4E3E01EB9 c:\windows\ie7updates\KB933566-IE7\wininet.dll
[7] 2007-04-25 08:41 822784 0586A7F0B2FDB94D624F399D4728E7C8 c:\windows\ie7updates\KB937143-IE7\wininet.dll
[7] 2007-06-27 14:34 823808 8068CBB58FE60CC95AEB2CFF70178208 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[7] 2007-08-20 10:04 824832 774435E499D8E9643EC961A6103C361F c:\windows\ie7updates\KB942615-IE7\wininet.dll
[7] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[7] 2007-12-07 02:21 824832 806D274C9A6C3AAEA5EAE8E4AF841E04 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[7] 2008-03-01 13:06 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\dllcache\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\dllcache\cache\wininet.dll

[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\cache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[7] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\dllcache\cache\winlogon.exe

[7] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\cache\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[7] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\cache\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 22:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2007-02-28 08:38 2015744 A58AC1C6199EF34228ABEE7FC057AE09 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2004-08-04 05:59 2015232 FB142B7007CA2EEA76966C6C5CC12150 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2015232 3CD941E472DDF3534E53038535719771 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2006-12-19 12:55 2015744 BBB2322EB14AD9AD55B1024FFD4D88BF c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-08-14 09:33 2023936 8206B5F94A6A9450E934029420C1693F c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-13 18:31 2023936 7F653A89F6E89E3AE0D49830EECE35D4 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2009-02-06 10:32 2023936 65D4220799E6FC2CB079070A6393CC0E c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-06 10:32 2023936 65D4220799E6FC2CB079070A6393CC0E c:\windows\system32\dllcache\cache\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2009-02-08 02:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 23:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2007-02-28 09:08 2136064 1220FAF071DEA8653EE21DE7DCDA8BFD c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2004-08-04 06:18 2148352 626309040459C3915997EF98EC1C8D40 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:57 2135552 48B3E89AF7074CEE0314A3E0C7FAFFDB c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2006-12-19 14:15 2136064 8318ED54797F3E513FD5817A1D4BBD18 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-08-14 10:09 2145280 F6F8245B3A2E9CA834DD318E7AE0C6D0 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-13 19:24 2145280 40F8880122A030A7E9E1FEDEA833B33D c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2009-02-06 11:06 2145280 0CBA44D0938D57F334C0862424148B70 c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 11:06 2145280 0CBA44D0938D57F334C0862424148B70 c:\windows\system32\dllcache\cache\ntoskrnl.exe

[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 07:56 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\system32\dllcache\cache\explorer.exe

[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2004-08-04 07:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtServicePackUninstall$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\cache\services.exe

[7] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\dllcache\cache\lsass.exe

[7] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\dllcache\cache\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-04 07:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\dllcache\cache\spoolsv.exe

[7] 2004-08-04 07:56 111104 4126D27CECE4471E00E425411F7306B5 c:\windows\$NtServicePackUninstall$\wuauclt.exe
[7] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\ServicePackFiles\i386\wuauclt.exe
[7] 2008-10-16 22:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 22:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe
[7] 2008-10-16 22:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\cache\wuauclt.exe

[7] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\dllcache\cache\userinit.exe

[7] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\dllcache\cache\termsrv.dll

[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtServicePackUninstall$\kernel32.dll
[7] 2004-08-04 07:56 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\cache\kernel32.dll

[7] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\dllcache\cache\powrprof.dll

[7] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\dllcache\cache\imm32.dll

[7] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\dllcache\cache\sfcfiles.dll

[7] 2004-08-04 07:56 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\$NtServicePackUninstall$\appmgmts.dll
[7] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\ServicePackFiles\i386\appmgmts.dll
[7] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\appmgmts.dll
[7] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\dllcache\cache\appmgmts.dll

[7] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\dllcache\cache\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-25_15.56.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-26 14:44 . 2009-06-26 14:44 16384 c:\windows\Temp\Perflib_Perfdata_ef4.dat
+ 2009-06-26 13:59 . 2009-06-26 13:59 16384 c:\windows\Temp\Perflib_Perfdata_c0c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"eyeBeam SIP Client"="c:\program files\CounterPath\X-Lite\x-lite.exe" [2009-05-05 23179264]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-04-16 24264488]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-09-25 196670]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-20 1948440]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-22 518488]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SbUsb AudCtrl"="sbusbdll.dll" - c:\windows\system32\sbusbdll.dll [2004-08-19 97792]

c:\documents and settings\Scott\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files\Digsby\digsby.exe [2008-9-8 137728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-20 17:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBW32PremierNonprofit.exe"=
"c:\\Program Files\\Games\\Yu-Gi-Oh\\Joey\\joey_pc.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Documents and Settings\\Scott\\Application Data\\U3\\0000185E7961725A\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\skype.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Digsby\\Digsby.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Digsby\\lib\\digsby-app.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\launch4j-tmp\\Stanza.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2346:TCP"= 2346:TCP:Ghost Recon
"2347:TCP"= 2347:TCP:Ghost Recon
"2348:TCP"= 2348:TCP:Ghost Recon
"2346:UDP"= 2346:UDP:Ghost Recon
"2347:UDP"= 2347:UDP:Ghost Recon
"5500:TCP"= 5500:TCP:VNC TCP
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/22/2009 8:34 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/20/2009 10:28 AM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/20/2009 10:28 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/20/2009 10:28 AM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1003344]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [7/16/2007 10:09 PM 6016]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EMCR;EMCR;c:\windows\system32\drivers\EMCR7SK.sys [9/10/2004 11:44 AM 104960]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [6/26/2008 8:14 PM 42112]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [3/31/2006 9:18 AM 911744]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [9/4/2007 4:53 PM 55664]
.
Contents of the 'Scheduled Tasks' folder

2009-06-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:05]

2009-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1060284298-839522115-1003.job
- c:\documents and settings\Scott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 23:09]

2009-06-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: cyberspacehq.com\linktrader
Trusted Zone: cyberspacehq.com\support
DPF: {E1F6A9E6-B493-4670-9437-2D4B4B8965E0} - hxxp://support.cyberspacehq.com/case_message_box/CaseMessageBoxProj1.cab
FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\36q1xgg0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.videotutorialzone.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\documents and settings\Scott\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\fluxDVD\APIX\NPAPIX.dll
FF - plugin: c:\program files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 07:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????l?P?r?o??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(960)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3964)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\windows\system32\ati2evxx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Digsby\lib\digsby-app.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\Java\jre1.6.0_05\bin\javaw.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-06-26 8:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-26 15:01
ComboFix2.txt 2009-06-25 16:12

Pre-Run: 6,016,073,728 bytes free
Post-Run: 5,986,598,912 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
527 --- E O F --- 2009-06-25 14:57

tetonbob · 06-26-2009, 10:34 AM

Please see Post #8

This last post of yours is a duplicate of your previous post.

sediaz · 06-27-2009, 11:04 AM

Odd... I didnt see your reply #8. I didnt reply either. Though when I posted #7 it did give an error and I had to hit submit again. But that was right away.

I thought I mentioned it but apparently I did not. When I ran the MPCR.EXE file it said it detected the Enterprise version and to contact support. I didnt see anything in Add/Remove Applications after I uninstalled.

What should I do for that?

Thanks,
Scott

tetonbob · 06-27-2009, 11:48 AM

Must have been a forum hiccup.

See if these help. If not, we can remove the remainders I see another way.

https://kc.mcafee.com/corporate/inde...p=LIST_POPULAR

http://community.mcafee.com/showthre...505#post538505

After you've done that, please post a new DDS log.

sediaz · 06-29-2009, 09:42 AM

Here is the latest DDS log. It looks like I got most of McAfee off but looks like there might be something in the services but all the files are gone that the KB showed. It was the Common Framework that gave me problem removing. If you can help me romove ANY remaining McAfee items, that would be great.

Thanks,
Scott

DDS (Ver_09-06-26.01) - NTFSx86
Run by Scott at 8:36:18.26 on Mon 06/29/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1315 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CounterPath\X-Lite\x-lite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Documents and Settings\Scott\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Web Test Recorder 9.0 Helper: {e31ce47f-c268-41ba-897b-b415e613947d} - c:\program files\microsoft visual studio 9.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
EB: Web Test Recorder 9.0: {3c7adade-d1e8-45d2-bdcd-7f8d8b99b2a2} - mscoree.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [eyeBeam SIP Client] "c:\program files\counterpath\x-lite\x-lite.exe"
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
StartupFolder: c:\docume~1\scott\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: cyberspacehq.com\linktrader
Trusted Zone: cyberspacehq.com\support
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15015/CTSUEng.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143053689638
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148051276250
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E1F6A9E6-B493-4670-9437-2D4B4B8965E0} - hxxp://support.cyberspacehq.com/case_message_box/CaseMessageBoxProj1.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15021/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\program files\dvd region+css free\DVDShell.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\scott\applic~1\mozilla\firefox\profiles\36q1xgg0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.videotutorialzone.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\documents and settings\scott\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\common files\fluxdvd\apix\NPAPIX.dll
FF - plugin: c:\program files\common files\fluxdvd\browserintegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\common files\mpdrm\NPMPDRM.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAPIX.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMPDRM.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-22 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-20 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-20 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-20 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-20 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1003344]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2007-7-16 6016]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 EMCR;EMCR;c:\windows\system32\drivers\EMCR7SK.sys [2004-9-10 104960]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 McAfeeFramework;McAfee Framework Service;"c:\program files\mcafee\common framework\frameworkservice.exe" /servicestart --> c:\program files\mcafee\common framework\FrameworkService.exe [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-6-26 42112]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [2006-3-31 911744]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\microsoft visual studio 9.0\team tools\performance tools\VSPerfDrv90.sys [2007-9-4 55664]

=============== Created Last 30 ================

2009-06-25 09:10 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-06-25 08:01 <DIR> a-dshr-- C:\cmdcons
2009-06-25 07:59 161,792 a------- c:\windows\SWREG.exe
2009-06-25 07:59 155,136 a------- c:\windows\PEV.exe
2009-06-25 07:59 98,816 a------- c:\windows\sed.exe
2009-06-22 21:10 125,184 -------- c:\windows\system32\drivers\imagesrv.sys
2009-06-22 21:10 5,504 -------- c:\windows\system32\drivers\imagedrv.sys
2009-06-22 21:09 106,496 a------- c:\windows\system32\TwnLib20.dll
2009-06-22 21:09 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-06-22 14:34 <DIR> --d----- C:\~ErdUserProfile.$$$
2009-06-22 12:28 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-22 08:34 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-22 07:59 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-22 07:59 <DIR> --d----- c:\program files\Lavasoft
2009-06-20 10:48 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-06-20 10:28 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-20 10:28 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-20 10:28 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-20 10:28 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-20 10:28 <DIR> --d----- c:\program files\AVG
2009-06-20 10:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-06-19 08:02 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-06-19 08:01 <DIR> --d----- c:\documents and settings\scott\.housecall6.6
2009-06-16 07:28 <DIR> --d----- c:\program files\common files\DivX Shared
2009-06-12 08:11 3,275 a------- c:\windows\system32\wbem\Outlook_01c9eb70015990a2.mof
2009-06-10 11:53 <DIR> --d----- c:\program files\iPod
2009-06-10 11:53 <DIR> --d----- c:\program files\iTunes
2009-06-06 14:47 38,912 ac------ c:\windows\system32\dllcache\avc.sys
2009-06-06 14:47 38,912 a------- c:\windows\system32\drivers\avc.sys
2009-06-06 14:47 48,128 ac------ c:\windows\system32\dllcache\61883.sys
2009-06-06 14:47 48,128 a------- c:\windows\system32\drivers\61883.sys
2009-06-05 13:07 1,645,320 -------- c:\windows\system32\gdiplus.dll
2009-06-05 13:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SmartSound Software Inc
2009-06-05 13:02 <DIR> --d----- c:\program files\SmartSound Software
2009-06-05 12:58 87 a------- c:\windows\dswplug.ini
2009-06-05 12:58 73,728 a------- c:\windows\system32\mplaw7.dll
2009-06-05 12:58 73,728 a------- c:\windows\system32\mplaa6.dll
2009-06-05 12:58 61,440 a------- c:\windows\system32\mplam6.dll
2009-06-05 12:58 19,968 a------- c:\windows\system32\cpuinf32.dll
2009-06-05 12:56 <DIR> --d----- c:\program files\common files\SONY Digital Images
2009-06-05 12:56 <DIR> --d----- c:\windows\system32\windows media
2009-06-05 12:56 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-06-05 12:55 <DIR> --d----- c:\program files\Windows Media Components
2009-06-05 12:31 299,923 a------- c:\windows\system32\drivers\sonyhcs.sys
2009-06-05 12:31 102,220 a------- c:\windows\system32\drivers\sonypvs1.sys
2009-06-05 12:31 53,248 a------- c:\windows\system32\SONYHCY.DLL
2009-06-05 12:31 38,739 a------- c:\windows\system32\drivers\sonyhcc.sys
2009-06-05 12:31 6,097 a------- c:\windows\system32\drivers\sonyhcb.sys
2009-06-05 12:31 3,654 a------- c:\windows\system32\drivers\Sonyhcp.dll
2009-06-05 12:31 <DIR> --d----- C:\Drivers
2009-06-01 13:46 <DIR> --d----- c:\program files\DVDFab 6

==================== Find3M ====================

2009-06-19 17:58 93,635 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-25 00:24 350,208 -------- c:\windows\system32\mssph.dll
2009-05-12 15:12 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 14:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 14:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 14:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 14:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 14:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 14:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 14:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 21:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2008-07-28 13:34 47,360 a------- c:\docume~1\scott\applic~1\pcouffin.sys
2008-06-26 20:10 25,600 a------- c:\documents and settings\scott\usbsermptxp.sys
2008-06-26 20:10 22,768 a------- c:\documents and settings\scott\usbsermpt.sys
2007-11-19 11:28 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-07-24 13:24 28,706,553 a------- c:\program files\AddWeb7.zip
2007-02-22 14:56 212 ----h--- c:\docume~1\scott\applic~1\srfvdo.dat
2007-01-26 11:08 87,608 a------- c:\docume~1\scott\applic~1\ezpinst.exe
2006-11-03 20:48 92,064 a------- c:\documents and settings\scott\mqdmmdm.sys
2006-11-03 20:48 79,328 a------- c:\documents and settings\scott\mqdmserd.sys
2006-11-03 20:48 66,656 a------- c:\documents and settings\scott\mqdmbus.sys
2006-11-03 20:48 9,232 a------- c:\documents and settings\scott\mqdmmdfl.sys
2006-11-03 20:48 6,208 a------- c:\documents and settings\scott\mqdmcmnt.sys
2006-11-03 20:48 5,936 a------- c:\documents and settings\scott\mqdmwhnt.sys
2006-11-03 20:48 4,048 a------- c:\documents and settings\scott\mqdmcr.sys
2009-02-11 21:41 1,056 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-05-23 17:32 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052320080524\index.dat

============= FINISH: 8:36:38.10 ===============

tetonbob · 06-29-2009, 09:51 AM

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

Quote:

Folder::
c:\program files\mcafee
Driver::
mferkdk
McAfeeFramework

Save this as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
ComboFix may request an update; please allow it.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

sediaz · 06-29-2009, 08:08 PM

Here is the latest ComboFix log:

Thanks,
Scott

ComboFix 09-06-29.02 - Scott 06/29/2009 17:05.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1256 [GMT -7:00]
Running from: c:\documents and settings\Scott\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Scott\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\mcafee
c:\windows\system32\mlfcache.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MCAFEEFRAMEWORK
-------\Legacy_MFERKDK
-------\Service_McAfeeFramework
-------\Service_mferkdk

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.

2009-06-29 14:58 . 2009-06-29 15:02 -------- d-----w- c:\program files\RegCure
2009-06-26 15:41 . 2009-06-20 17:28 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-06-23 04:10 . 2004-03-03 00:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2009-06-23 04:10 . 2004-03-03 00:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2009-06-23 04:09 . 2000-06-26 18:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-06-23 04:09 . 2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-06-23 04:09 . 2009-06-23 04:09 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-22 21:34 . 2009-06-22 21:34 -------- d-----w- C:\~ErdUserProfile.$$$
2009-06-22 19:28 . 2009-06-22 15:19 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-22 15:54 . 2009-06-29 15:44 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-22 15:54 . 2009-06-29 15:41 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-22 15:54 . 2009-06-29 15:41 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-22 15:54 . 2009-06-29 15:38 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-22 15:34 . 2009-06-22 15:08 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-22 15:19 . 2009-06-29 15:44 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-22 15:19 . 2009-06-22 15:19 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-22 15:19 . 2009-06-29 15:44 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-22 15:18 . 2009-06-29 15:43 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-22 15:17 . 2009-06-29 15:43 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-22 15:17 . 2009-06-29 15:43 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-22 15:10 . 2009-06-22 15:10 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-22 15:08 . 2009-06-29 15:42 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-22 15:08 . 2009-06-29 15:42 0 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-22 15:08 . 2009-06-22 15:08 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-22 15:06 . 2009-06-29 15:40 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-22 15:05 . 2009-06-29 15:39 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-22 15:04 . 2009-06-29 15:39 2352968 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-22 15:02 . 2009-06-22 15:02 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-22 15:01 . 2009-06-29 15:36 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-22 14:59 . 2009-06-22 14:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-22 14:59 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-22 14:59 . 2009-06-22 14:59 -------- d-----w- c:\program files\Lavasoft
2009-06-22 14:59 . 2009-06-22 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-21 07:03 . 2009-06-21 07:04 -------- d-----w- C:\rsit
2009-06-20 17:48 . 2009-06-29 19:29 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-20 17:28 . 2009-06-20 17:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-20 17:28 . 2009-06-20 17:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-20 17:28 . 2009-06-20 17:28 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-20 17:28 . 2009-06-20 17:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-20 17:28 . 2009-06-29 15:33 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-20 17:28 . 2009-06-20 17:28 -------- d-----w- c:\program files\AVG
2009-06-20 17:28 . 2009-06-20 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-19 15:02 . 2009-06-19 15:01 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-19 15:01 . 2009-06-19 15:15 -------- d-----w- c:\documents and settings\Scott\.housecall6.6
2009-06-16 14:28 . 2009-06-16 14:29 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-10 18:53 . 2009-06-10 18:53 -------- d-----w- c:\program files\iPod
2009-06-10 18:53 . 2009-06-10 18:54 -------- d-----w- c:\program files\iTunes
2009-06-10 18:41 . 2009-06-10 18:41 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-06 21:47 . 2008-04-13 18:46 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2009-06-06 21:47 . 2008-04-13 18:46 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2009-06-06 21:47 . 2008-04-13 18:46 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2009-06-06 21:47 . 2008-04-13 18:46 48128 ----a-w- c:\windows\system32\drivers\61883.sys
2009-06-05 20:07 . 2004-05-04 18:53 1645320 ------w- c:\windows\system32\gdiplus.dll
2009-06-05 20:02 . 2009-06-05 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-06-05 20:02 . 2009-06-05 20:02 -------- d-----w- c:\program files\SmartSound Software
2009-06-05 19:59 . 2009-06-05 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-06-05 19:58 . 2000-12-23 05:27 73728 ----a-w- c:\windows\system32\mplaw7.dll
2009-06-05 19:58 . 2000-12-23 05:19 61440 ----a-w- c:\windows\system32\mplam6.dll
2009-06-05 19:58 . 2000-12-23 05:19 73728 ----a-w- c:\windows\system32\mplaa6.dll
2009-06-05 19:58 . 2000-12-22 21:11 19968 ----a-w- c:\windows\system32\cpuinf32.dll
2009-06-05 19:56 . 2009-06-05 19:56 -------- d-----w- c:\program files\Common Files\SONY Digital Images
2009-06-05 19:56 . 2009-06-05 19:56 -------- d-----w- c:\windows\system32\windows media
2009-06-05 19:56 . 2009-06-05 19:56 -------- d--h--w- c:\windows\msdownld.tmp
2009-06-05 19:55 . 2009-06-05 19:55 -------- d-----w- c:\program files\Windows Media Components
2009-06-05 19:31 . 2009-06-05 19:31 -------- d-----w- C:\Drivers
2009-06-05 19:31 . 2002-10-16 05:41 102220 ----a-w- c:\windows\system32\drivers\sonypvs1.sys
2009-06-05 19:31 . 2001-11-05 16:23 299923 ----a-w- c:\windows\system32\drivers\sonyhcs.sys
2009-06-05 19:31 . 2001-11-05 16:23 38739 ----a-w- c:\windows\system32\drivers\sonyhcc.sys
2009-06-05 19:31 . 2001-11-05 16:23 6097 ----a-w- c:\windows\system32\drivers\sonyhcb.sys
2009-06-05 19:31 . 2001-07-04 03:39 3654 ----a-w- c:\windows\system32\drivers\Sonyhcp.dll
2009-06-05 19:31 . 2001-07-04 03:33 53248 ----a-w- c:\windows\system32\SONYHCY.DLL
2009-06-01 20:46 . 2009-06-01 20:47 -------- d-----w- c:\program files\DVDFab 6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 00:32 . 2007-11-19 18:20 -------- d-----w- c:\documents and settings\Scott\Application Data\Skype
2009-06-30 00:32 . 2007-11-19 18:28 -------- d-----w- c:\documents and settings\Scott\Application Data\skypePM
2009-06-30 00:26 . 2006-03-23 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2009-06-30 00:26 . 2006-03-23 18:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2009-06-29 05:44 . 2008-05-05 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-25 14:56 . 2008-05-05 20:56 -------- d-----w- c:\program files\Digsby
2009-06-23 04:09 . 2006-03-22 23:41 -------- d-----w- c:\program files\Ahead
2009-06-20 00:58 . 2006-03-22 18:23 93635 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-06-20 00:47 . 2006-03-22 22:39 -------- d-----w- c:\program files\Trend Micro
2009-06-19 00:14 . 2006-07-07 04:03 -------- d-----w- c:\documents and settings\Scott\Application Data\Azureus
2009-06-16 14:30 . 2006-07-07 23:24 -------- d-----w- c:\program files\DivX
2009-06-16 05:11 . 2006-07-07 04:03 -------- d-----w- c:\program files\Azureus
2009-06-16 05:01 . 2007-09-22 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-15 19:38 . 2008-06-24 17:43 -------- d-----w- c:\program files\AddWeb7
2009-06-12 04:33 . 2008-12-11 05:23 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-10 22:09 . 2006-06-17 00:46 -------- d-----w- c:\program files\QuickTime
2009-06-10 18:53 . 2007-12-26 00:49 -------- d-----w- c:\program files\Common Files\Apple
2009-06-10 18:38 . 2007-06-12 18:14 -------- d-----w- c:\program files\Safari
2009-06-06 14:58 . 2006-03-22 19:35 46504 ----a-w- c:\documents and settings\Scott\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 20:20 . 2006-04-01 23:58 -------- d-----w- c:\documents and settings\Scott\Application Data\Ulead Systems
2009-06-05 20:08 . 2006-03-23 01:25 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-06-05 20:07 . 2006-03-23 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-06-05 20:06 . 2006-03-22 18:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-05 19:56 . 2006-03-23 01:25 -------- d-----w- c:\program files\Ulead Systems
2009-06-05 18:42 . 2009-03-19 02:14 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 18:42 . 2007-12-26 00:50 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-01 20:47 . 2006-05-06 20:20 -------- d-----w- c:\documents and settings\Scott\Application Data\Vso
2009-06-01 17:14 . 2006-04-13 20:59 -------- d-----w- c:\program files\AddWeb8
2009-05-25 07:24 . 2008-05-27 06:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-12 22:12 . 2006-03-22 19:24 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:32 . 2001-08-18 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-02 00:07 . 2006-03-23 00:49 -------- d-----w- c:\documents and settings\Scott\Application Data\BPFTP
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-29 04:56 . 2004-01-08 23:23 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2001-08-18 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2006-03-22 19:05 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2007-07-24 20:24 . 2007-07-24 20:24 28706553 ----a-w- c:\program files\AddWeb7.zip
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-12 04:41 . 2007-05-29 02:23 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"eyeBeam SIP Client"="c:\program files\CounterPath\X-Lite\x-lite.exe" [2009-05-05 23179264]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-04-16 24264488]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-09-25 196670]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-20 1948440]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-22 518488]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SbUsb AudCtrl"="sbusbdll.dll" - c:\windows\system32\sbusbdll.dll [2004-08-19 97792]

c:\documents and settings\Scott\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files\Digsby\digsby.exe [2008-9-8 137728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-20 17:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBW32PremierNonprofit.exe"=
"c:\\Program Files\\Games\\Yu-Gi-Oh\\Joey\\joey_pc.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Scott\\Application Data\\U3\\0000185E7961725A\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\skype.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Digsby\\Digsby.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Digsby\\lib\\digsby-app.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\launch4j-tmp\\Stanza.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2346:TCP"= 2346:TCP:Ghost Recon
"2347:TCP"= 2347:TCP:Ghost Recon
"2348:TCP"= 2348:TCP:Ghost Recon
"2346:UDP"= 2346:UDP:Ghost Recon
"2347:UDP"= 2347:UDP:Ghost Recon
"5500:TCP"= 5500:TCP:VNC TCP
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/22/2009 8:34 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/20/2009 10:28 AM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/20/2009 10:28 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/20/2009 10:28 AM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1003344]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [7/16/2007 10:09 PM 6016]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EMCR;EMCR;c:\windows\system32\drivers\EMCR7SK.sys [9/10/2004 11:44 AM 104960]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [6/26/2008 8:14 PM 42112]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [3/31/2006 9:18 AM 911744]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [9/4/2007 4:53 PM 55664]
.
Contents of the 'Scheduled Tasks' folder

2009-06-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:05]

2009-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1060284298-839522115-1003.job
- c:\documents and settings\Scott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 23:09]

2009-06-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

2009-06-30 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 20:07]

2009-06-29 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 20:07]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: cyberspacehq.com\linktrader
Trusted Zone: cyberspacehq.com\support
DPF: {E1F6A9E6-B493-4670-9437-2D4B4B8965E0} - hxxp://support.cyberspacehq.com/case_message_box/CaseMessageBoxProj1.cab
FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\36q1xgg0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.videotutorialzone.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\documents and settings\Scott\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\fluxDVD\APIX\NPAPIX.dll
FF - plugin: c:\program files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 17:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????l?P?r?o??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3640)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\vmnat.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\rundll32.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Digsby\lib\digsby-app.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Java\jre1.6.0_05\bin\javaw.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-06-30 17:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-30 00:50
ComboFix2.txt 2009-06-25 16:12

Pre-Run: 5,322,780,672 bytes free
Post-Run: 5,279,850,496 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
333 --- E O F --- 2009-06-29 20:31

tetonbob · 06-29-2009, 08:10 PM

Please go to Start > Run and copy/paste the following, then press Enter:

C:\QooBox\Add-Remove Programs.txt

A text file should open. Please post the contents of that file in your next reply.

sediaz · 06-29-2009, 10:45 PM

2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.57
AAC Decoder
AC3Filter (remove only)
AccuTagger 1.01
Action Replay Code Manager
Ad-Aware
AddWeb 7 Pro
AddWeb 8
AddWeb 8 Professional
AddWeb Webmaster Studio
Adobe Audition 2.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.6
Adobe Shockwave Player
AGEIA PhysX v7.07.24
AppDev Exploring Visual Studio 2008 Using Visual Csharp Sample CD
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5
AutoUpdate
Avanquest update
AVG Free 8.5
Azureus
Bonjour
Broadcom 802.11 Wireless LAN Adapter
BulletProof FTP
BulletProof FTP Client (remove only)
Canon S900
Chinese Traditional Fonts Support For Adobe Reader 8
Compatibility Pack for the 2007 Office system
Conexant 56K ACLink Modem
Conexant AC-97 Audio
Conexant Data Fax Modem with SmartCP
CorelDRAW Graphics Suite X3
Critical Update for Windows Media Player 11 (KB959772)
Crystal Reports Basic for Visual Studio 2008
CSE HTML Validator Professional v9.01
CXP Plug-In
Digsby
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DVD Menu Maker
DVD Region+CSS Free 5.9.8.5
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
DVDFab 6.0.1.0 (May 15, 2009)
Easy Icon Maker
EN
EPSON Print CD
EPSON Printer Software
Evrsoft First Page 2006
FontNav
getPlus(R)_ocx
Google Chrome
Google Earth
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB952241)
Hotfix for Microsoft Visual Studio Team System 2008 Team Suite - ENU (KB952241)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
ImagXpress
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Jing
Live Search Maps Add-In for Microsoft Office Outlook
Magic ISO Maker v5.5 (build 0272)
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008 (6001.18000.367)
Microsoft Expression Blend
Microsoft IntelliPoint 6.01
Microsoft IntelliType Pro 6.01
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC Redist 2008 (6001.18000.367)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Performance Collection Tools - ENU
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Team System 2008 Team Suite - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft Windows SDK for Windows Server 2008 (6001.18000.367)
Microsoft Windows SDK for Windows Server 2008 .NET Documentation (6001.18000.367)
Microsoft Windows SDK for Windows Server 2008 Common Utilities (6001.18000.367)
Microsoft Windows SDK for Windows Server 2008 Headers and Libraries (6001.18000.367)
Microsoft Windows SDK for Windows Server 2008 Samples (6001.18000.367)
Microsoft Windows SDK for Windows Server 2008 Utilities for Win32 Development (6001.18000.367)
Microsoft Windows SDK for Windows Server 2008 Win32 Documentation (6001.18000.367)
Microsoft Windows SDK Intellisense and Reference Assemblies (6001.18000.367)
Microsoft Windows SDK MDAC Headers and Libraries (6001.18000.367)
Microsoft Windows SDK Net Fx Interop Headers And Libraries (6001.18000.367)
MKV Splitter
MobileMe Control Panel
Motorola Phone Tools
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Nero 6 Ultra Edition
News Rover -- Usenet newsreader
No-IP.com DUC (remove only)
NVIDIA Drivers
PDFCreator
PhotoImpact X3
Quick Launch Buttons 4.20 C1
QuickBooks Premier: Nonprofit Edition 2007
QuickBooks Product Listing Service
QuickPar 0.9
QuickTime
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
RegCure 1.5.0.0
Rhapsody Player Engine
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Skype™ 4.0
SmartSound Quicktracks Plugin
Sony USB Driver
SpyWare Killer Pro
Stanza
SupportSoft Assisted Service
Synaptics Pointing Device Driver
System Requirements Lab
TMPGEnc 4.0 XPress
Trend Micro Internet Security
TSUNAMI-MPEG DVD Author PRO
Ulead COOL 360
Ulead DVD DiskRecorder 2.1.1
Ulead MediaStudio Pro 8.0
Ulead Photo Explorer 8.6
UltraVNC 1.0.5
UltraVNC v1.0
UltraVNC v1.0.2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Script Editor Help (KB957253)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Manager
VBA
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
VideoLAN VLC media player 0.8.5
Virtual DJ - Atomix Productions
Virtual Earth 3D (Beta)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
VMware Workstation
WebFldrs XP
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows SDK Intellidocs
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
Wise for Windows Installer 4.21
Wise Installation System 9.02
X-Lite 3.0
XML Paper Specification Shared Components Pack 1.0

tetonbob · 06-29-2009, 10:55 PM

Thanks, Scott.

It looks like you've just added RegCure.

We do not recommend the use of registry cleaners. Our colleague miekiemoes has an excellent writeup here

Another excellent article by Bill Castner is located here.

===============================

As mentioned in our preposting topic:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

Quote:

3. Uninstall the following via Add or Remove Programs in Control Panel:

p2p programs like uTorrent, Bittorrent, LimeWire, Morpheus, etc., as they are a major conduit for malware and a likely source of your current issues.

P2P - I see you have P2P software ( Azureus) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing

I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
Scroll down to where it says "Java SE Runtime Environment (JRE) - JRE 6 Update 14 -"
Click the "Download" button to the right.
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6u14 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
    Trace and Log Files
- Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Please perform this online scan to help look for remnants

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
Once the update is complete, click on Settings. Uncheck Mail databases.
Next, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save Report As... button.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

---------------------------------------------------------------------------------------------

How is the machine behaving, please?

sediaz · 06-30-2009, 10:02 PM

Kaspersky Results:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 30, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 30, 2009 17:42:19
Records in database: 2406745
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: no

Scan area - My Computer:
C:\
D:\
E:\
Z:\

Scan statistics:
Files scanned: 319637
Threat name: 2
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 10:10:47

File name / Threat name / Threats count
C:\Program Files\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ab 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\MSIVXmsxnpneabejsyjlayubvluirujdohucq.dll.vir Infected: Trojan.Win32.Agent.cndw 1
C:\System Volume Information\_restore{E86CF375-3F22-4EA1-B861-292C3A7E116A}\RP414\A0035678.dll Infected: Trojan.Win32.Agent.cndw 1
Z:\Program Files\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ab 1
Z:\Qoobox\Quarantine\C\WINDOWS\system32\MSIVXmsxnpneabejsyjlayubvluirujdohucq.dll.vir Infected: Trojan.Win32.Agent.cndw 1
Z:\System Volume Information\_restore{E86CF375-3F22-4EA1-B861-292C3A7E116A}\RP414\A0035678.dll Infected: Trojan.Win32.Agent.cndw 1

The selected area was scanned.

My system seems to behaving properly.

Thank you,
Scott

tetonbob · 06-30-2009, 10:09 PM

Scott, what's Z drive, a mapped backup? Or an external hdd?

06-21-2009, 01:21 AM	#1 (permalink)
sediaz Registered User Join Date: Jun 2009 Posts: 12 OS: WinXP SP3	Need help with reviewing RSIT Log I've got something on my system that redirects to ad sites when clicking on a link in search engines. I had to rename my HiJackThis.exe to get it to run. If I didnt, it just wouldnt run. The System Restore doesnt work. For some reason after I select the date and get ready to restore the next button does nothing. McAfee's causes a Blue Screen of Death when I run it, but AVG runs without finding anything. Can someone review and help me out? The log is a bit overwhelming. Thanks in advance. Scott Logfile of random's system information tool 1.06 (written by random/random) Run by Scott at 2009-06-21 0035 Microsoft Windows XP Professional Service Pack 3 System drive C: has 5 GB (6%) free of 95 GB Total RAM: 2046 MB (57% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1237 AM, on 6/21/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CounterPath\X-Lite\x-lite.exe C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Digsby\lib\digsby-app.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Scott\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Scott.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\X-Lite\x-lite.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://linktrader.cyberspacehq.com O15 - Trusted Zone: http://support.cyberspacehq.com O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1143053689638 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1148051276250 O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/F...ansferCtrl.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {E1F6A9E6-B493-4670-9437-2D4B4B8965E0} (CaseMessageBox Control) - http://support.cyberspacehq.com/case...geBoxProj1.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe -- End of file - 10617 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1060284298-839522115-1003.job C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\RegCure Program Check.job C:\WINDOWS\tasks\RegCure.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll [2006-11-30 67136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E31CE47F-C268-41ba-897B-B415E613947D}] Microsoft Web Test Recorder 9.0 Helper - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll [2007-11-08 64088] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-11-04 98394] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-09-15 1015808] "Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2003-09-25 196670] "SbUsb AudCtrl"=RunDll32 sbusbdll.dll,RCMonitor [] "itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-07-07 576320] "IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2006-07-07 600896] "SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584] "ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2006-11-30 112216] "McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-11-17 136768] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] "ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-20 1948440] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "eyeBeam SIP Client"=C:\Program Files\CounterPath\X-Lite\x-lite.exe [2009-05-05 23179264] "Google Update"=C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 133104] "NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-04-14 1957888] "Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-04-16 24264488] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll [2004-03-12 3067904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /installquiet [] C:\Documents and Settings\Scott\Start Menu\Programs\Startup Digsby.lnk - C:\Program Files\Digsby\digsby.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-03-08 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] C:\WINDOWS\system32\avgrsstx.dll [2009-06-20 11952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\Program Files\DVD Region+CSS Free\DVDShell.dll [2004-10-09 49152] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224] "{3711EEB0-1851-42C2-9ABD-C29470A5035C}"= [] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe::Enabled:AOL Loader" "C:\Program Files\Common Files\AOL\1143072050\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1143072050\ee\aolsoftware.exe::Enabled:AOL Services" "C:\Program Files\Common Files\AOL\1143072050\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1143072050\ee\aim6.exe::Enabled:AIM" "C:\Program Files\Red Storm Entertainment\Ghost Recon\GhostRecon.exe"="C:\Program Files\Red Storm Entertainment\Ghost Recon\GhostRecon.exe::Enabled:Play Ghost Recon" "C:\Program Files\ICQ\Icq.exe"="C:\Program Files\ICQ\Icq.exe::Enabled:ICQ" "C:\Program Files\snom technology AG\SoftPhone\softphone.exe"="C:\Program Files\snom technology AG\SoftPhone\softphone.exe::Enabled:softphone" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe::Disabled:@xpsp2res.dll,-22019" "C:\Program Files\CounterPath\X-Lite\x-lite.exe"="C:\Program Files\CounterPath\X-Lite\x-lite.exe::Enabled:X-Lite" "C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe::Enabled:GameSpy Arcade" "C:\Program Files\EA GAMES\Ultima Online Samurai Empire\client.exe"="C:\Program Files\EA GAMES\Ultima Online Samurai Empire\client.exe::Enabled:client" "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe::Enabled:Azureus" "C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe::Enabled:AOL Instant Messenger" "C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe"="C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe::Enabled:GRAW" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe::Enabled:Firefox" "C:\Program Files\Joost\xulrunner\tvprunner.exe"="C:\Program Files\Joost\xulrunner\tvprunner.exe::Enabled:tvprunner" "C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe::Enabled:QuickBooks 2007 Data Manager" "C:\Program Files\Intuit\QuickBooks 2007\QBW32PremierNonprofit.exe"="C:\Program Files\Intuit\QuickBooks 2007\QBW32PremierNonprofit.exe::Enabled:QuickBooks Premier - Nonprofit Edition 2007" "C:\Program Files\Ulead Systems\Ulead PhotoImpact 12\UleadWeb.exe"="C:\Program Files\Ulead Systems\Ulead PhotoImpact 12\UleadWeb.exe::Enabled:UleadWeb.exe" "C:\Program Files\Games\Yu-Gi-Oh\Joey\joey_pc.exe"="C:\Program Files\Games\Yu-Gi-Oh\Joey\joey_pc.exe::Enabled:joey_pc" "C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe::Enabled:Microsoft DirectPlay8 Server" "C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe"="C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe::Enabled:Remote Assistance - Windows Messenger and Voice" "C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe::Enabled:McAfee Framework Service" "C:\Documents and Settings\Scott\Application Data\U3\0000185E7961725A\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe"="C:\Documents and Settings\Scott\Application Data\U3\0000185E7961725A\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe::Enabled:Skype" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Documents and Settings\Scott\Application Data\U3\0000185E25752ED7\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe"="C:\Documents and Settings\Scott\Application Data\U3\0000185E25752ED7\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe::Enabled:Skype" "C:\Program Files\Digsby\Digsby.exe"="C:\Program Files\Digsby\Digsby.exe::Enabled:Digsby IM" "C:\Program Files\Motorola\Software Update\msu.exe"="C:\Program Files\Motorola\Software Update\msu.exe::Enabled:msu" "C:\Program Files\UltraVNC\vncviewer.exe"="C:\Program Files\UltraVNC\vncviewer.exe::Enabled:vncviewer.exe" "C:\Program Files\Digsby\lib\digsby-app.exe"="C:\Program Files\Digsby\lib\digsby-app.exe::Enabled:Digsby IM" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)" "C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe"="C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe::Disabled:CinemaNow Media Manager" "C:\Program Files\Java\jre1.6.0_05\launch4j-tmp\Stanza.exe"="C:\Program Files\Java\jre1.6.0_05\launch4j-tmp\Stanza.exe::Enabled:Java(TM) Platform SE binary" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe::Enabled:avgupd.exe" "C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe::Enabled:avgnsx.exe" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe::Enabled:AOL Instant Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)" ======List of files/folders created in the last 1 months====== 2009-06-21 00:03:56 ----D---- C:\rsit 2009-06-20 23:02:06 ----D---- C:\Program Files\HijackThis 2009-06-20 10:48:54 ----HD---- C:\$AVG8.VAULT$ 2009-06-20 10:28:49 ----A---- C:\WINDOWS\system32\avgrsstx.dll 2009-06-20 10:28:17 ----D---- C:\Program Files\AVG 2009-06-20 10:28:16 ----D---- C:\Documents and Settings\All Users\Application Data\avg8 2009-06-16 07:28:58 ----D---- C:\Program Files\Common Files\DivX Shared 2009-06-11 21:34:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2009-06-11 21:33:59 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$ 2009-06-11 21:33:21 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$ 2009-06-11 21:28:52 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2009-06-11 21:26:52 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$ 2009-06-10 11:53:45 ----D---- C:\Program Files\iPod 2009-06-10 11:53:40 ----D---- C:\Program Files\iTunes 2009-06-05 22:39:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954156_WM9L$ 2009-06-05 13:07:56 ----N---- C:\WINDOWS\system32\gdiplus.dll 2009-06-05 13:02:29 ----D---- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc 2009-06-05 13:02:28 ----D---- C:\Program Files\SmartSound Software 2009-06-05 12:59:18 ----D---- C:\Documents and Settings\All Users\Application Data\QuickTime 2009-06-05 12:58:58 ----A---- C:\WINDOWS\dswplug.ini 2009-06-05 12:58:44 ----A---- C:\WINDOWS\system32\mplaw7.dll 2009-06-05 12:58:44 ----A---- C:\WINDOWS\system32\mplam6.dll 2009-06-05 12:58:44 ----A---- C:\WINDOWS\system32\mplaa6.dll 2009-06-05 12:58:43 ----A---- C:\WINDOWS\system32\cpuinf32.dll 2009-06-05 12:56:33 ----D---- C:\Program Files\Common Files\SONY Digital Images 2009-06-05 12:56:13 ----D---- C:\WINDOWS\system32\windows media 2009-06-05 12:56:02 ----HD---- C:\WINDOWS\msdownld.tmp 2009-06-05 12:55:56 ----D---- C:\Program Files\Windows Media Components 2009-06-05 12:31:43 ----D---- C:\Drivers 2009-06-05 12:31:43 ----A---- C:\WINDOWS\system32\SONYHCY.DLL 2009-06-01 13:46:51 ----D---- C:\Program Files\DVDFab 6 2009-05-27 12:02:00 ----A---- C:\Tempthing.Txt ======List of files/folders modified in the last 1 months====== 2009-06-20 23:54:42 ----D---- C:\Program Files\Mozilla Firefox 2009-06-20 23:42:12 ----D---- C:\Documents and Settings\Scott\Application Data\Skype 2009-06-20 23:29:49 ----D---- C:\WINDOWS\Temp 2009-06-20 23:27:20 ----SD---- C:\WINDOWS\Tasks 2009-06-20 23:25:31 ----D---- C:\Documents and Settings\All Users\Application Data\VMware 2009-06-20 23:25:27 ----D---- C:\WINDOWS\system32\CatRoot2 2009-06-20 23:19:01 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-06-20 23:02:06 ----RD---- C:\Program Files 2009-06-20 20:27:41 ----D---- C:\Documents and Settings\Scott\Application Data\skypePM 2009-06-20 17:34:14 ----D---- C:\WINDOWS\Prefetch 2009-06-20 10:34:57 ----D---- C:\WINDOWS\system32\drivers 2009-06-20 10:34:57 ----D---- C:\WINDOWS\system32 2009-06-20 10:34:57 ----D---- C:\WINDOWS 2009-06-20 10:28:16 ----SHD---- C:\WINDOWS\Installer 2009-06-20 10:28:16 ----SHD---- C:\Config.Msi 2009-06-20 09:14:09 ----D---- C:\QUARANTINE 2009-06-19 21:55:21 ----A---- C:\WINDOWS\ntbtlog.txt 2009-06-19 17:47:10 ----D---- C:\Program Files\Trend Micro 2009-06-19 12:28:20 ----D---- C:\WINDOWS\Minidump 2009-06-19 08:13:28 ----D---- C:\Program Files\Internet Explorer 2009-06-18 17:14:54 ----D---- C:\Documents and Settings\Scott\Application Data\Azureus 2009-06-18 09:59:54 ----A---- C:\WINDOWS\st_last_message_text.txt 2009-06-17 21:54:27 ----A---- C:\WINDOWS\NeroDigital.ini 2009-06-17 17:40:59 ----A---- C:\WINDOWS\NewsRover.INI 2009-06-16 07:30:01 ----D---- C:\Program Files\DivX 2009-06-16 07:28:58 ----D---- C:\Program Files\Common Files 2009-06-15 22:11:13 ----D---- C:\Program Files\Azureus 2009-06-15 22:01:13 ----D---- C:\Documents and Settings\All Users\Application Data\Apple 2009-06-15 22:00:30 ----HD---- C:\WINDOWS\inf 2009-06-15 12:38:11 ----D---- C:\Program Files\AddWeb7 2009-06-12 08:11:05 ----D---- C:\WINDOWS\system32\wbem 2009-06-12 08:11:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-06-11 21:35:27 ----A---- C:\WINDOWS\win.ini 2009-06-11 21:34:10 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-06-11 21:34:02 ----A---- C:\WINDOWS\imsins.BAK 2009-06-11 21:33:57 ----HD---- C:\WINDOWS\$hf_mig$ 2009-06-11 21:33:24 ----D---- C:\Program Files\Windows Desktop Search 2009-06-11 21:27:28 ----D---- C:\WINDOWS\system32\en-US 2009-06-11 21:27:15 ----D---- C:\WINDOWS\ie7updates 2009-06-10 15:09:58 ----D---- C:\Program Files\QuickTime 2009-06-10 11:53:44 ----D---- C:\Program Files\Common Files\Apple 2009-06-10 11:45:16 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-06-10 11:38:51 ----D---- C:\Program Files\Safari 2009-06-08 19:57:31 ----A---- C:\WINDOWS\RankChecker.ini 2009-06-05 13:20:59 ----D---- C:\Documents and Settings\Scott\Application Data\Ulead Systems 2009-06-05 13:08:01 ----D---- C:\Program Files\Common Files\Ulead Systems 2009-06-05 13:07:15 ----D---- C:\Documents and Settings\All Users\Application Data\Ulead Systems 2009-06-05 1351 ----HD---- C:\Program Files\InstallShield Installation Information 2009-06-05 12:56:26 ----D---- C:\Program Files\Ulead Systems 2009-06-05 12:56:13 ----D---- C:\WINDOWS\RegisteredPackages 2009-06-05 11:42:38 ----A---- C:\WINDOWS\system32\usbaaplrc.dll 2009-06-01 13:47:05 ----D---- C:\Documents and Settings\Scott\Application Data\Vso 2009-06-01 10:14:24 ----D---- C:\Program Files\AddWeb8 2009-06-01 09:51:12 ----A---- C:\WINDOWS\system32\MRT.exe 2009-05-29 07:32:52 ----D---- C:\Program Files\Digsby 2009-05-25 00:24:06 ----N---- C:\WINDOWS\system32\mssph.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-20 327688] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-20 27784] R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-20 108552] R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\System32\drivers\EABFiltr.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [] R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2006-11-30 52136] R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\Drivers\hcmon.sys [] R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059] R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys [] R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\system32\DRIVERS\strmdisp.sys [2003-05-01 30592] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-05-08 30000] R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys [] R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys [] R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys [] R2 vnccom;vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [2004-06-26 6016] R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys [] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-08 988672] R3 CAMCAUD;Conexant AMC 3D Environmental Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2004-11-17 293120] R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2004-11-17 280192] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-07-13 223128] R3 EMCR;EMCR; C:\WINDOWS\System32\DRIVERS\EMCR7SK.sys [2004-09-10 104960] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208] R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-12-15 207232] R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-11-30 64360] R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-11-30 72264] R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-11-30 34152] R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2006-11-30 168776] R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672] R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-07-28 47360] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-01-19 10368] R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2007-09-15 213696] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-05-08 16304] R3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232] S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128] S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912] S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2008-10-23 1391104] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\DRIVERS\ctdvda2k.sys [2004-02-03 334880] S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-11-24 130352] S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys [] S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 42112] S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-03-12 1638618] S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-11-24 178672] S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-06-30 21760] S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-18 5888] S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [2003-10-07 67200] S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 sbusb;Sound Blaster USB Audio Driver; C:\WINDOWS\system32\DRIVERS\sbusb.sys [2004-08-26 911744] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 USBIO;USBIO Driver (usbio.sys); C:\WINDOWS\System32\Drivers\usbio.sys [2001-05-07 19805] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbser;Motorola A1000 USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112] S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2006-11-03 22768] S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys [2008-06-26 25600] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 vmusb;VMware USB Client Driver; C:\WINDOWS\System32\Drivers\vmusb.sys [2005-12-15 21888] S3 VSPerfDrv90;Performance Tools Driver 9.0; \??\C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-08 352256] R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-20 298776] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE [2006-04-18 102400] R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-11-17 104000] R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2006-11-30 144960] R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2006-11-30 54872] R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-03-13 49152] R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2008-05-08 223792] R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2008-05-08 113200] R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2008-05-08 268848] R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2008-05-08 141872] R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992] S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-03-12 81920] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-11-11 72704] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 OpcEnum;OpcEnum; C:\WINDOWS\system32\OpcEnum.exe [2005-01-20 90112] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2006-11-09 65536] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 3004416] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2008-03-18 20480] -----------------EOF-----------------

06-24-2009, 06:29 PM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,572 OS: 2000 Pro; XP Pro; XP Home	Re: Need help with reviewing RSIT Log Good work...now we can remove some malware. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum. --------------------------------------------------------------------------------------------- Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 Link 3 -------------------------------------------------------------------- * IMPORTANT !!! Place combo-fix.exe on your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. AVG 8.5 Please open the AVG 8.5 Control Center, by right clicking on the AVG icon on task bar. Click on Open AVG Interface. Double click on Resident Shield Deselect the option to "Enable Resident Shield." Save changes, and exit the application. To re-enable AVG 8.5, please select "Enable Resident Shield" again. Double click on combo-fix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement. ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed. Click on Yes, to continue scanning for malware. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

06-25-2009, 10:18 AM	#5 (permalink)
sediaz Registered User Join Date: Jun 2009 Posts: 12 OS: WinXP SP3	Re: Need help with reviewing RSIT Log Here are the results of the Combofix log file: ComboFix 09-06-24.05 - Scott 06/25/2009 8:17.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1456 [GMT -7:00] Running from: c:\documents and settings\Scott\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Scott\Application Data\EurekaLog c:\windows\system32\Data c:\windows\system32\drivers\MSIVXtotlmjkoxxsicongodvwuoeydiprvsae.sys c:\windows\system32\MSIVXeqicalkxeqwinbgromjehlwtjppawsuo.dll c:\windows\system32\MSIVXmsxnpneabejsyjlayubvluirujdohucq.dll c:\documents and settings\Scott\Application Data\EurekaLog\EurekaLog.ini c:\documents and settings\Scott\Application Data\inst.exe C:\install.exe c:\program files\INSTALL.LOG c:\windows\jestertb.dll c:\windows\system32\CIhhPqss.ini c:\windows\system32\CIhhPqss.ini2 c:\windows\system32\drivers\MSIVXtotlmjkoxxsicongodvwuoeydiprvsae.sys c:\windows\system32\MSIVXcount c:\windows\system32\MSIVXeqicalkxeqwinbgromjehlwtjppawsuo.dll c:\windows\system32\MSIVXmsxnpneabejsyjlayubvluirujdohucq.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_MSIVXserv.sys -------\Legacy_MYDNS -------\Legacy_NPF -------\Service_MyDNS ((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 ))))))))))))))))))))))))))))))) . 2009-06-23 04:10 . 2004-03-03 00:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys 2009-06-23 04:10 . 2004-03-03 00:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys 2009-06-23 04:09 . 2000-06-26 18:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll 2009-06-23 04:09 . 2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe 2009-06-23 04:09 . 2009-06-23 04:09 -------- d-----w- c:\program files\Common Files\Ahead 2009-06-22 21:34 . 2009-06-22 21:34 -------- d-----w- C:\~ErdUserProfile.$$$ 2009-06-22 19:28 . 2009-06-22 15:19 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-06-22 15:54 . 2009-06-22 15:54 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll 2009-06-22 15:54 . 2009-06-22 15:54 72704 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe 2009-06-22 15:54 . 2009-06-22 15:54 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll 2009-06-22 15:54 . 2009-06-22 15:54 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe 2009-06-22 15:34 . 2009-06-22 15:08 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-06-22 15:19 . 2009-06-22 15:19 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe 2009-06-22 15:19 . 2009-06-22 15:19 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe 2009-06-22 15:19 . 2009-06-22 15:19 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll 2009-06-22 15:18 . 2009-06-22 15:18 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll 2009-06-22 15:17 . 2009-06-22 15:17 296800 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2009-06-22 15:17 . 2009-06-22 15:17 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll 2009-06-22 15:10 . 2009-06-22 15:10 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll 2009-06-22 15:08 . 2009-06-22 15:08 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll 2009-06-22 15:08 . 2009-06-22 15:08 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2009-06-22 15:08 . 2009-06-22 15:08 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys 2009-06-22 15:06 . 2009-06-22 15:06 561016 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2009-06-22 15:05 . 2009-06-22 15:05 565096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2009-06-22 15:04 . 2009-06-22 15:04 2349384 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-06-22 15:02 . 2009-06-22 15:02 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-06-22 15:01 . 2009-06-22 15:01 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2009-06-22 14:59 . 2009-06-22 14:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-06-22 14:59 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe 2009-06-22 14:59 . 2009-06-22 14:59 -------- d-----w- c:\program files\Lavasoft 2009-06-22 14:59 . 2009-06-22 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-06-21 07:03 . 2009-06-21 07:04 -------- d-----w- C:\rsit 2009-06-20 17:48 . 2009-06-23 19:26 -------- d--h--w- C:\$AVG8.VAULT$ 2009-06-20 17:28 . 2009-06-20 17:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-20 17:28 . 2009-06-20 17:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-06-20 17:28 . 2009-06-20 17:28 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-20 17:28 . 2009-06-20 17:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-20 17:28 . 2009-06-24 16:16 -------- d-----w- c:\windows\system32\drivers\Avg 2009-06-20 17:28 . 2009-06-20 17:28 -------- d-----w- c:\program files\AVG 2009-06-20 17:28 . 2009-06-20 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-06-19 15:02 . 2009-06-19 15:01 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-06-19 15:01 . 2009-06-19 15:15 -------- d-----w- c:\documents and settings\Scott\.housecall6.6 2009-06-16 14:28 . 2009-06-16 14:29 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-06-10 18:53 . 2009-06-10 18:53 -------- d-----w- c:\program files\iPod 2009-06-10 18:53 . 2009-06-10 18:54 -------- d-----w- c:\program files\iTunes 2009-06-10 18:41 . 2009-06-10 18:41 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-06-06 21:47 . 2008-04-13 18:46 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys 2009-06-06 21:47 . 2008-04-13 18:46 38912 ----a-w- c:\windows\system32\drivers\avc.sys 2009-06-06 21:47 . 2008-04-13 18:46 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys 2009-06-06 21:47 . 2008-04-13 18:46 48128 ----a-w- c:\windows\system32\drivers\61883.sys 2009-06-05 20:07 . 2004-05-04 18:53 1645320 ------w- c:\windows\system32\gdiplus.dll 2009-06-05 20:02 . 2009-06-05 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc 2009-06-05 20:02 . 2009-06-05 20:02 -------- d-----w- c:\program files\SmartSound Software 2009-06-05 19:59 . 2009-06-05 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime 2009-06-05 19:58 . 2000-12-23 05:27 73728 ----a-w- c:\windows\system32\mplaw7.dll 2009-06-05 19:58 . 2000-12-23 05:19 61440 ----a-w- c:\windows\system32\mplam6.dll 2009-06-05 19:58 . 2000-12-23 05:19 73728 ----a-w- c:\windows\system32\mplaa6.dll 2009-06-05 19:58 . 2000-12-22 21:11 19968 ----a-w- c:\windows\system32\cpuinf32.dll 2009-06-05 19:56 . 2009-06-05 19:56 -------- d-----w- c:\program files\Common Files\SONY Digital Images 2009-06-05 19:56 . 2009-06-05 19:56 -------- d-----w- c:\windows\system32\windows media 2009-06-05 19:56 . 2009-06-05 19:56 -------- d--h--w- c:\windows\msdownld.tmp 2009-06-05 19:55 . 2009-06-05 19:55 -------- d-----w- c:\program files\Windows Media Components 2009-06-05 19:31 . 2009-06-05 19:31 -------- d-----w- C:\Drivers 2009-06-05 19:31 . 2002-10-16 05:41 102220 ----a-w- c:\windows\system32\drivers\sonypvs1.sys 2009-06-05 19:31 . 2001-11-05 16:23 299923 ----a-w- c:\windows\system32\drivers\sonyhcs.sys 2009-06-05 19:31 . 2001-11-05 16:23 38739 ----a-w- c:\windows\system32\drivers\sonyhcc.sys 2009-06-05 19:31 . 2001-11-05 16:23 6097 ----a-w- c:\windows\system32\drivers\sonyhcb.sys 2009-06-05 19:31 . 2001-07-04 03:39 3654 ----a-w- c:\windows\system32\drivers\Sonyhcp.dll 2009-06-05 19:31 . 2001-07-04 03:33 53248 ----a-w- c:\windows\system32\SONYHCY.DLL 2009-06-01 20:46 . 2009-06-01 20:47 -------- d-----w- c:\program files\DVDFab 6 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-25 16:02 . 2007-11-19 18:20 -------- d-----w- c:\documents and settings\Scott\Application Data\Skype 2009-06-25 16:02 . 2007-11-19 18:28 -------- d-----w- c:\documents and settings\Scott\Application Data\skypePM 2009-06-25 15:55 . 2006-03-23 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware 2009-06-25 15:55 . 2006-03-23 18:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware 2009-06-25 14:56 . 2008-05-05 20:56 -------- d-----w- c:\program files\Digsby 2009-06-23 21:59 . 2008-05-05 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-06-23 21:59 . 2008-05-05 23:18 -------- d-----w- c:\program files\McAfee 2009-06-23 04:09 . 2006-03-22 23:41 -------- d-----w- c:\program files\Ahead 2009-06-23 03:52 . 2008-12-02 18:27 -------- d-----w- c:\program files\RegCure 2009-06-20 00:58 . 2006-03-22 18:23 93635 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat 2009-06-20 00:47 . 2006-03-22 22:39 -------- d-----w- c:\program files\Trend Micro 2009-06-19 00:14 . 2006-07-07 04:03 -------- d-----w- c:\documents and settings\Scott\Application Data\Azureus 2009-06-16 14:30 . 2006-07-07 23:24 -------- d-----w- c:\program files\DivX 2009-06-16 05:11 . 2006-07-07 04:03 -------- d-----w- c:\program files\Azureus 2009-06-16 05:01 . 2007-09-22 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-06-15 19:38 . 2008-06-24 17:43 -------- d-----w- c:\program files\AddWeb7 2009-06-12 04:33 . 2008-12-11 05:23 -------- d-----w- c:\program files\Windows Desktop Search 2009-06-10 22:09 . 2006-06-17 00:46 -------- d-----w- c:\program files\QuickTime 2009-06-10 18:53 . 2007-12-26 00:49 -------- d-----w- c:\program files\Common Files\Apple 2009-06-10 18:38 . 2007-06-12 18:14 -------- d-----w- c:\program files\Safari 2009-06-06 14:58 . 2006-03-22 19:35 46504 ----a-w- c:\documents and settings\Scott\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-05 20:20 . 2006-04-01 23:58 -------- d-----w- c:\documents and settings\Scott\Application Data\Ulead Systems 2009-06-05 20:08 . 2006-03-23 01:25 -------- d-----w- c:\program files\Common Files\Ulead Systems 2009-06-05 20:07 . 2006-03-23 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems 2009-06-05 20:06 . 2006-03-22 18:32 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-05 19:56 . 2006-03-23 01:25 -------- d-----w- c:\program files\Ulead Systems 2009-06-05 18:42 . 2009-03-19 02:14 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-06-05 18:42 . 2007-12-26 00:50 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-06-01 20:47 . 2006-05-06 20:20 -------- d-----w- c:\documents and settings\Scott\Application Data\Vso 2009-06-01 17:14 . 2006-04-13 20:59 -------- d-----w- c:\program files\AddWeb8 2009-05-25 07:24 . 2008-05-27 06:18 350208 ------w- c:\windows\system32\mssph.dll 2009-05-12 22:12 . 2006-03-22 19:24 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-05-07 15:32 . 2001-08-18 12:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-05-02 00:07 . 2006-03-23 00:49 -------- d-----w- c:\documents and settings\Scott\Application Data\BPFTP 2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll 2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll 2009-04-30 16:58 . 2006-12-05 17:26 -------- d-----w- c:\program files\Evrsoft First Page 2006 2009-04-29 04:56 . 2004-01-08 23:23 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-17 12:26 . 2001-08-18 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2006-03-22 19:05 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2007-07-24 20:24 . 2007-07-24 20:24 28706553 ----a-w- c:\program files\AddWeb7.zip 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-02-12 04:41 . 2007-05-29 02:23 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "eyeBeam SIP Client"="c:\program files\CounterPath\X-Lite\x-lite.exe" [2009-05-05 23179264] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-04-16 24264488] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-09-25 196670] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-20 1948440] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-22 518488] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SbUsb AudCtrl"="sbusbdll.dll" - c:\windows\system32\sbusbdll.dll [2004-08-19 97792] c:\documents and settings\Scott\Start Menu\Programs\Startup\ Digsby.lnk - c:\program files\Digsby\digsby.exe [2008-9-8 137728] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-20 17:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"= "c:\\Program Files\\GameSpy Arcade\\Aphex.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBW32PremierNonprofit.exe"= "c:\\Program Files\\Games\\Yu-Gi-Oh\\Joey\\joey_pc.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Documents and Settings\\Scott\\Application Data\\U3\\0000185E7961725A\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\skype.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Digsby\\Digsby.exe"= "c:\\Program Files\\UltraVNC\\vncviewer.exe"= "c:\\Program Files\\Digsby\\lib\\digsby-app.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Java\\jre1.6.0_05\\launch4j-tmp\\Stanza.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2346:TCP"= 2346:TCP:Ghost Recon "2347:TCP"= 2347:TCP:Ghost Recon "2348:TCP"= 2348:TCP:Ghost Recon "2346:UDP"= 2346:UDP:Ghost Recon "2347:UDP"= 2347:UDP:Ghost Recon "5500:TCP"= 5500:TCP:VNC TCP "5900:TCP"= 5900:TCP:vnc5900 "5800:TCP"= 5800:TCP:vnc5800 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/22/2009 8:34 AM 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/20/2009 10:28 AM 327688] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/20/2009 10:28 AM 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/20/2009 10:28 AM 298776] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1003344] R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [7/16/2007 10:09 PM 6016] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] R3 EMCR;EMCR;c:\windows\system32\drivers\EMCR7SK.sys [9/10/2004 11:44 AM 104960] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [6/26/2008 8:14 PM 42112] S3 OYDB;OYDB;c:\docume~1\Scott\LOCALS~1\Temp\OYDB.exe --> c:\docume~1\Scott\LOCALS~1\Temp\OYDB.exe [?] S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [3/31/2006 9:18 AM 911744] S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [9/4/2007 4:53 PM 55664] S3 WSEFHYVK;WSEFHYVK;c:\docume~1\Scott\LOCALS~1\Temp\WSEFHYVK.exe --> c:\docume~1\Scott\LOCALS~1\Temp\WSEFHYVK.exe [?] . Contents of the 'Scheduled Tasks' folder 2009-06-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:05] 2009-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2009-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1060284298-839522115-1003.job - c:\documents and settings\Scott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 23:09] 2009-06-25 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: cyberspacehq.com\linktrader Trusted Zone: cyberspacehq.com\support DPF: {E1F6A9E6-B493-4670-9437-2D4B4B8965E0} - hxxp://support.cyberspacehq.com/case_message_box/CaseMessageBoxProj1.cab FF - ProfilePath - . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-25 08:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????l?P?r?o??????? ???B???????????????B? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1659004503-1060284298-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C0CB0FB7-6105-1647-645C-29925097B1D8}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "kaekjohppndmljoibemjdo"=hex:66,61,61,62,62,70,63,6d,6f,70,69,62,00,ff "nabmiijpmobkfniefocgfbpgdgkn"=hex:69,61,6c,6c,70,6f,63,6a,68,62,63,66,6a,62, 69,62,67,61,00,00 "mahkggicjegjaanehjifpcpkej"=hex:6a,61,65,6c,6d,6d,70,65,6a,61,62,64,6e,62,6d, 6f,67,66,64,65,00,f6 "ebflhjbkkmgdcgfejcddghkljbibfimapbmfjaalcb"=hex:66,61,65,6c,61,6e,66,67,67,70, 64,64,00,d6 "dbfjiidjamgbjbhaamllocinipmkilhnmepddigo"=hex:6d,62,65,6b,70,64,6b,61,6f,6d, 69,6c,6d,6d,65,61,6c,6d,6f,6c,65,69,61,6e,6e,69,62,6e,64,62,6b,65,63,68,6a,\ "cbfjiidjamgbjbhaamllocinipbljgldmkeafg"=hex:67,61,62,6e,6d,6f,66,6a,6d,6d,69, 6f,63,65,00,61 "cbfjiidjamgbjbhaamllocinipklgjpdaigoaj"=hex:67,61,62,6e,66,6f,6c,62,68,66,6b, 61,68,6d,00,61 "nabmiijpmobkfniefocggbefkbfk"=hex:6a,61,6c,6c,70,6f,6f,69,6e,6e,6c,69,69,68, 61,62,6a,64,6e,64,00,f3 "mahkggicjegjaanehjjfcphbpg"=hex:6a,61,6c,6c,70,6f,6f,69,6e,6e,6c,69,69,68,61, 62,6a,64,6e,64,00,f3 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C0CB0FB7-6105-1647-645C-29925097B1D8}\InProcServer32] "gadkppbhejnkne"=hex:66,61,65,6c,61,6e,66,67,67,70,64,64,00,d6 "ebdklnoniopnolnglniniefimipbaakgpcmoecppie"=hex:6d,62,65,6b,70,64,6b,61,6f,6d, 69,6c,6d,6d,65,61,6c,6d,6f,6c,65,69,61,6e,6e,69,62,6e,64,62,6b,65,63,68,6a,\ "dbdklnoniopnolnglniniefimipblanhojpledgc"=hex:67,61,62,6e,6d,6f,66,6a,6d,6d, 69,6f,63,65,00,61 "dbdklnoniopnolnglniniefimipbgabahjjhicie"=hex:67,61,62,6e,66,6f,6c,62,68,66, 6b,61,68,6d,00,61 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€\|ÿÿÿÿ•€\|ù•Ôw] "5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(968) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3876) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\VMware\VMware Workstation\vmware-authd.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\ati2evxx.exe c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe c:\windows\system32\vmnat.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\searchindexer.exe c:\windows\system32\vmnetdhcp.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\rundll32.exe c:\program files\McAfee\Common Framework\Mctray.exe c:\program files\Skype\Phone\Skype.exe c:\program files\Digsby\lib\digsby-app.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\windows\system32\searchprotocolhost.exe c:\windows\system32\searchfilterhost.exe . ************************************************************************* . Completion time: 2009-06-25 9:12 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-25 16:12 Pre-Run: 5,808,754,688 bytes free Post-Run: 5,944,438,784 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5 366 --- E O F --- 2009-06-25 14:57

06-26-2009, 10:11 AM	#7 (permalink)
sediaz Registered User Join Date: Jun 2009 Posts: 12 OS: WinXP SP3	Re: Need help with reviewing RSIT Log Here is the next log. Should I copy/paste as I'm doing or upload the log file? ComboFix 09-06-25.06 - Scott 06/26/2009 7:28.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1341 [GMT -7:00] Running from: c:\documents and settings\Scott\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Scott\Desktop\CFScript.txt AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_OYDB -------\Legacy_WSEFHYVK -------\Service_OYDB -------\Service_WSEFHYVK ((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-06-26 ))))))))))))))))))))))))))))))) . 2009-06-25 16:10 . 2009-06-25 16:10 -------- dc----w- c:\windows\system32\dllcache\cache 2009-06-23 04:10 . 2004-03-03 00:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys 2009-06-23 04:10 . 2004-03-03 00:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys 2009-06-23 04:09 . 2000-06-26 18:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll 2009-06-23 04:09 . 2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe 2009-06-23 04:09 . 2009-06-23 04:09 -------- d-----w- c:\program files\Common Files\Ahead 2009-06-22 21:34 . 2009-06-22 21:34 -------- d-----w- C:\~ErdUserProfile.$$$ 2009-06-22 19:28 . 2009-06-22 15:19 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-06-22 15:54 . 2009-06-22 15:54 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll 2009-06-22 15:54 . 2009-06-22 15:54 72704 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe 2009-06-22 15:54 . 2009-06-22 15:54 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll 2009-06-22 15:54 . 2009-06-22 15:54 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe 2009-06-22 15:34 . 2009-06-22 15:08 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-06-22 15:19 . 2009-06-22 15:19 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe 2009-06-22 15:19 . 2009-06-22 15:19 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe 2009-06-22 15:19 . 2009-06-22 15:19 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll 2009-06-22 15:18 . 2009-06-22 15:18 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll 2009-06-22 15:17 . 2009-06-22 15:17 296800 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2009-06-22 15:17 . 2009-06-22 15:17 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll 2009-06-22 15:10 . 2009-06-22 15:10 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll 2009-06-22 15:08 . 2009-06-22 15:08 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll 2009-06-22 15:08 . 2009-06-22 15:08 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2009-06-22 15:08 . 2009-06-22 15:08 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys 2009-06-22 15:06 . 2009-06-22 15:06 561016 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2009-06-22 15:05 . 2009-06-22 15:05 565096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2009-06-22 15:04 . 2009-06-22 15:04 2349384 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-06-22 15:02 . 2009-06-22 15:02 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-06-22 15:01 . 2009-06-22 15:01 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2009-06-22 14:59 . 2009-06-22 14:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-06-22 14:59 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe 2009-06-22 14:59 . 2009-06-22 14:59 -------- d-----w- c:\program files\Lavasoft 2009-06-22 14:59 . 2009-06-22 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-06-21 07:03 . 2009-06-21 07:04 -------- d-----w- C:\rsit 2009-06-20 17:48 . 2009-06-25 21:14 -------- d--h--w- C:\$AVG8.VAULT$ 2009-06-20 17:28 . 2009-06-20 17:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-20 17:28 . 2009-06-20 17:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-06-20 17:28 . 2009-06-20 17:28 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-20 17:28 . 2009-06-20 17:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-20 17:28 . 2009-06-26 01:23 -------- d-----w- c:\windows\system32\drivers\Avg 2009-06-20 17:28 . 2009-06-20 17:28 -------- d-----w- c:\program files\AVG 2009-06-20 17:28 . 2009-06-20 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-06-19 15:02 . 2009-06-19 15:01 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-06-19 15:01 . 2009-06-19 15:15 -------- d-----w- c:\documents and settings\Scott\.housecall6.6 2009-06-16 14:28 . 2009-06-16 14:29 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-06-10 18:53 . 2009-06-10 18:53 -------- d-----w- c:\program files\iPod 2009-06-10 18:53 . 2009-06-10 18:54 -------- d-----w- c:\program files\iTunes 2009-06-10 18:41 . 2009-06-10 18:41 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-06-06 21:47 . 2008-04-13 18:46 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys 2009-06-06 21:47 . 2008-04-13 18:46 38912 ----a-w- c:\windows\system32\drivers\avc.sys 2009-06-06 21:47 . 2008-04-13 18:46 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys 2009-06-06 21:47 . 2008-04-13 18:46 48128 ----a-w- c:\windows\system32\drivers\61883.sys 2009-06-05 20:07 . 2004-05-04 18:53 1645320 ------w- c:\windows\system32\gdiplus.dll 2009-06-05 20:02 . 2009-06-05 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc 2009-06-05 20:02 . 2009-06-05 20:02 -------- d-----w- c:\program files\SmartSound Software 2009-06-05 19:59 . 2009-06-05 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime 2009-06-05 19:58 . 2000-12-23 05:27 73728 ----a-w- c:\windows\system32\mplaw7.dll 2009-06-05 19:58 . 2000-12-23 05:19 61440 ----a-w- c:\windows\system32\mplam6.dll 2009-06-05 19:58 . 2000-12-23 05:19 73728 ----a-w- c:\windows\system32\mplaa6.dll 2009-06-05 19:58 . 2000-12-22 21:11 19968 ----a-w- c:\windows\system32\cpuinf32.dll 2009-06-05 19:56 . 2009-06-05 19:56 -------- d-----w- c:\program files\Common Files\SONY Digital Images 2009-06-05 19:56 . 2009-06-05 19:56 -------- d-----w- c:\windows\system32\windows media 2009-06-05 19:56 . 2009-06-05 19:56 -------- d--h--w- c:\windows\msdownld.tmp 2009-06-05 19:55 . 2009-06-05 19:55 -------- d-----w- c:\program files\Windows Media Components 2009-06-05 19:31 . 2009-06-05 19:31 -------- d-----w- C:\Drivers 2009-06-05 19:31 . 2002-10-16 05:41 102220 ----a-w- c:\windows\system32\drivers\sonypvs1.sys 2009-06-05 19:31 . 2001-11-05 16:23 299923 ----a-w- c:\windows\system32\drivers\sonyhcs.sys 2009-06-05 19:31 . 2001-11-05 16:23 38739 ----a-w- c:\windows\system32\drivers\sonyhcc.sys 2009-06-05 19:31 . 2001-11-05 16:23 6097 ----a-w- c:\windows\system32\drivers\sonyhcb.sys 2009-06-05 19:31 . 2001-07-04 03:39 3654 ----a-w- c:\windows\system32\drivers\Sonyhcp.dll 2009-06-05 19:31 . 2001-07-04 03:33 53248 ----a-w- c:\windows\system32\SONYHCY.DLL 2009-06-01 20:46 . 2009-06-01 20:47 -------- d-----w- c:\program files\DVDFab 6 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-26 14:50 . 2007-11-19 18:20 -------- d-----w- c:\documents and settings\Scott\Application Data\Skype 2009-06-26 14:44 . 2006-03-23 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware 2009-06-26 14:44 . 2006-03-23 18:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware 2009-06-26 14:03 . 2007-11-19 18:28 -------- d-----w- c:\documents and settings\Scott\Application Data\skypePM 2009-06-25 14:56 . 2008-05-05 20:56 -------- d-----w- c:\program files\Digsby 2009-06-23 21:59 . 2008-05-05 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-06-23 21:59 . 2008-05-05 23:18 -------- d-----w- c:\program files\McAfee 2009-06-23 04:09 . 2006-03-22 23:41 -------- d-----w- c:\program files\Ahead 2009-06-23 03:52 . 2008-12-02 18:27 -------- d-----w- c:\program files\RegCure 2009-06-20 00:58 . 2006-03-22 18:23 93635 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat 2009-06-20 00:47 . 2006-03-22 22:39 -------- d-----w- c:\program files\Trend Micro 2009-06-19 00:14 . 2006-07-07 04:03 -------- d-----w- c:\documents and settings\Scott\Application Data\Azureus 2009-06-16 14:30 . 2006-07-07 23:24 -------- d-----w- c:\program files\DivX 2009-06-16 05:11 . 2006-07-07 04:03 -------- d-----w- c:\program files\Azureus 2009-06-16 05:01 . 2007-09-22 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-06-15 19:38 . 2008-06-24 17:43 -------- d-----w- c:\program files\AddWeb7 2009-06-12 04:33 . 2008-12-11 05:23 -------- d-----w- c:\program files\Windows Desktop Search 2009-06-10 22:09 . 2006-06-17 00:46 -------- d-----w- c:\program files\QuickTime 2009-06-10 18:53 . 2007-12-26 00:49 -------- d-----w- c:\program files\Common Files\Apple 2009-06-10 18:38 . 2007-06-12 18:14 -------- d-----w- c:\program files\Safari 2009-06-06 14:58 . 2006-03-22 19:35 46504 ----a-w- c:\documents and settings\Scott\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-05 20:20 . 2006-04-01 23:58 -------- d-----w- c:\documents and settings\Scott\Application Data\Ulead Systems 2009-06-05 20:08 . 2006-03-23 01:25 -------- d-----w- c:\program files\Common Files\Ulead Systems 2009-06-05 20:07 . 2006-03-23 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems 2009-06-05 20:06 . 2006-03-22 18:32 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-05 19:56 . 2006-03-23 01:25 -------- d-----w- c:\program files\Ulead Systems 2009-06-05 18:42 . 2009-03-19 02:14 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-06-05 18:42 . 2007-12-26 00:50 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-06-01 20:47 . 2006-05-06 20:20 -------- d-----w- c:\documents and settings\Scott\Application Data\Vso 2009-06-01 17:14 . 2006-04-13 20:59 -------- d-----w- c:\program files\AddWeb8 2009-05-25 07:24 . 2008-05-27 06:18 350208 ------w- c:\windows\system32\mssph.dll 2009-05-12 22:12 . 2006-03-22 19:24 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-05-07 15:32 . 2001-08-18 12:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-05-02 00:07 . 2006-03-23 00:49 -------- d-----w- c:\documents and settings\Scott\Application Data\BPFTP 2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll 2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll 2009-04-30 16:58 . 2006-12-05 17:26 -------- d-----w- c:\program files\Evrsoft First Page 2006 2009-04-29 04:56 . 2004-01-08 23:23 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-17 12:26 . 2001-08-18 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2006-03-22 19:05 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2007-07-24 20:24 . 2007-07-24 20:24 28706553 ----a-w- c:\program files\AddWeb7.zip 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-02-12 04:41 . 2007-05-29 02:23 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- [7] 2004-08-04 07:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe [7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe [7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe [7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\dllcache\cache\svchost.exe [-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll [-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll [-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll [7] 2004-08-04 07:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll [-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll [7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll [7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll [7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\dllcache\cache\user32.dll [7] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll [7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll [7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll [7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\dllcache\cache\ws2_32.dll [-] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll [7] 2007-03-07 17:40 823296 B8F4DB39CA7353752F245379D285C80E c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll [7] 2007-04-25 09:08 823808 431DEFBB4A3D7B0DC062C1B064623A2F c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll [7] 2007-06-27 14:40 824320 D6ED5E042C5207553E7F5E842918137F c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll [7] 2007-08-20 10:02 825344 357D54BF94FE9D6D8505A96B5C2A3BCA c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll [7] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll [7] 2007-12-07 02:01 825344 B5B411BB229AE6EAD7652A32ED47BFB9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll [7] 2008-03-01 13:03 827392 6316C2F0C61271C8ABDFF7429174879E c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll [7] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll [7] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll [7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll [7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll [7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll [7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll [7] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll [7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtServicePackUninstall$\wininet.dll [-] 2001-08-18 12:00 593920 CF9F1EEF71F42EDE71B6F4AA05D5CA1A c:\windows\$NtUninstallKB834707-IE6-20040929.115007$\wininet.dll [7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB905915$\wininet.dll [-] 2006-01-09 18:02 662016 DDE9597A3311748C1519444E2BC147BD c:\windows\$NtUninstallKB912812$\wininet.dll [-] 2005-10-21 03:39 658432 E7B27B6B6E06CE34EA019FD8B858C613 c:\windows\$NtUninstallKB912945$\wininet.dll [-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$NtUninstallKB916281$\wininet.dll [-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$NtUninstallKB918899$\wininet.dll [-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\ie7\wininet.dll [7] 2006-10-27 23:09 818688 7CF0B0D5D9D47585853E2A6978441F64 c:\windows\ie7updates\KB928090-IE7\wininet.dll [7] 2007-01-12 17:27 822784 BE43D00D802C92F01C8CC952C6F483F8 c:\windows\ie7updates\KB931768-IE7\wininet.dll [7] 2007-03-07 17:45 822784 5B35DAE6E4886F64D1DA58C4E3E01EB9 c:\windows\ie7updates\KB933566-IE7\wininet.dll [7] 2007-04-25 08:41 822784 0586A7F0B2FDB94D624F399D4728E7C8 c:\windows\ie7updates\KB937143-IE7\wininet.dll [7] 2007-06-27 14:34 823808 8068CBB58FE60CC95AEB2CFF70178208 c:\windows\ie7updates\KB939653-IE7\wininet.dll [7] 2007-08-20 10:04 824832 774435E499D8E9643EC961A6103C361F c:\windows\ie7updates\KB942615-IE7\wininet.dll [7] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB944533-IE7\wininet.dll [7] 2007-12-07 02:21 824832 806D274C9A6C3AAEA5EAE8E4AF841E04 c:\windows\ie7updates\KB947864-IE7\wininet.dll [7] 2008-03-01 13:06 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\ie7updates\KB950759-IE7\wininet.dll [7] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\ie7updates\KB953838-IE7\wininet.dll [7] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll [7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll [7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll [7] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB963027-IE7\wininet.dll [7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie7updates\KB969897-IE7\wininet.dll [7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll [7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\wininet.dll [7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\dllcache\wininet.dll [7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\dllcache\cache\wininet.dll [-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys [-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB913446$\tcpip.sys [-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys [-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys [7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\cache\tcpip.sys [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys [7] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe [7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe [7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe [7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\dllcache\cache\winlogon.exe [7] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys [7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys [7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\cache\ndis.sys [7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys [7] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys [7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys [7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\cache\ip6fw.sys [7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys [-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe [-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe [-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe [7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe [7] 2008-08-14 22:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe [-] 2007-02-28 08:38 2015744 A58AC1C6199EF34228ABEE7FC057AE09 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe [7] 2004-08-04 05:59 2015232 FB142B7007CA2EEA76966C6C5CC12150 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe [-] 2005-03-02 00:34 2015232 3CD941E472DDF3534E53038535719771 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe [-] 2006-12-19 12:55 2015744 BBB2322EB14AD9AD55B1024FFD4D88BF c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe [7] 2008-08-14 09:33 2023936 8206B5F94A6A9450E934029420C1693F c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe [7] 2008-04-13 18:31 2023936 7F653A89F6E89E3AE0D49830EECE35D4 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe [7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe [7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe [7] 2009-02-06 10:32 2023936 65D4220799E6FC2CB079070A6393CC0E c:\windows\system32\ntkrnlpa.exe [7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe [7] 2009-02-06 10:32 2023936 65D4220799E6FC2CB079070A6393CC0E c:\windows\system32\dllcache\cache\ntkrnlpa.exe [-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe [-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe [-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe [7] 2009-02-08 02:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe [7] 2008-08-14 23:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe [-] 2007-02-28 09:08 2136064 1220FAF071DEA8653EE21DE7DCDA8BFD c:\windows\$NtServicePackUninstall$\ntoskrnl.exe [7] 2004-08-04 06:18 2148352 626309040459C3915997EF98EC1C8D40 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe [-] 2005-03-02 00:57 2135552 48B3E89AF7074CEE0314A3E0C7FAFFDB c:\windows\$NtUninstallKB929338$\ntoskrnl.exe [-] 2006-12-19 14:15 2136064 8318ED54797F3E513FD5817A1D4BBD18 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe [7] 2008-08-14 10:09 2145280 F6F8245B3A2E9CA834DD318E7AE0C6D0 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe [7] 2008-04-13 19:24 2145280 40F8880122A030A7E9E1FEDEA833B33D c:\windows\$NtUninstallKB956841$\ntoskrnl.exe [7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe [7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe [7] 2009-02-06 11:06 2145280 0CBA44D0938D57F334C0862424148B70 c:\windows\system32\ntoskrnl.exe [7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe [7] 2009-02-06 11:06 2145280 0CBA44D0938D57F334C0862424148B70 c:\windows\system32\dllcache\cache\ntoskrnl.exe [7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe [-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe [7] 2004-08-04 07:56 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe [7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe [7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\system32\dllcache\cache\explorer.exe [7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [7] 2004-08-04 07:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtServicePackUninstall$\services.exe [7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe [7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe [7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe [7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe [7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\cache\services.exe [7] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe [7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe [7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe [7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\dllcache\cache\lsass.exe [7] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe [7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe [7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe [7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\dllcache\cache\ctfmon.exe [-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe [7] 2004-08-04 07:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe [7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe [7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe [7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\dllcache\cache\spoolsv.exe [7] 2004-08-04 07:56 111104 4126D27CECE4471E00E425411F7306B5 c:\windows\$NtServicePackUninstall$\wuauclt.exe [7] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\ServicePackFiles\i386\wuauclt.exe [7] 2008-10-16 22:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe [7] 2008-10-16 22:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe [7] 2008-10-16 22:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\cache\wuauclt.exe [7] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe [7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe [7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe [7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\dllcache\cache\userinit.exe [7] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll [7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll [7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll [7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\dllcache\cache\termsrv.dll [-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll [-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll [7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtServicePackUninstall$\kernel32.dll [7] 2004-08-04 07:56 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll [-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll [7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll [7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll [7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll [7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll [7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\cache\kernel32.dll [7] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll [7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll [7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll [7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\dllcache\cache\powrprof.dll [7] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll [7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll [7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll [7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\dllcache\cache\imm32.dll [7] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll [7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll [7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll [7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\dllcache\cache\sfcfiles.dll [7] 2004-08-04 07:56 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\$NtServicePackUninstall$\appmgmts.dll [7] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\ServicePackFiles\i386\appmgmts.dll [7] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\appmgmts.dll [7] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\dllcache\cache\appmgmts.dll [7] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys [7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys [7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\dllcache\cache\kbdclass.sys [7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys . ((((((((((((((((((((((((((((( SnapShot@2009-06-25_15.56.31 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-26 14:44 . 2009-06-26 14:44 16384 c:\windows\Temp\Perflib_Perfdata_ef4.dat + 2009-06-26 13:59 . 2009-06-26 13:59 16384 c:\windows\Temp\Perflib_Perfdata_c0c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "eyeBeam SIP Client"="c:\program files\CounterPath\X-Lite\x-lite.exe" [2009-05-05 23179264] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-04-16 24264488] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-09-25 196670] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-20 1948440] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-22 518488] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SbUsb AudCtrl"="sbusbdll.dll" - c:\windows\system32\sbusbdll.dll [2004-08-19 97792] c:\documents and settings\Scott\Start Menu\Programs\Startup\ Digsby.lnk - c:\program files\Digsby\digsby.exe [2008-9-8 137728] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-20 17:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"= "c:\\Program Files\\GameSpy Arcade\\Aphex.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBW32PremierNonprofit.exe"= "c:\\Program Files\\Games\\Yu-Gi-Oh\\Joey\\joey_pc.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Documents and Settings\\Scott\\Application Data\\U3\\0000185E7961725A\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\skype.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Digsby\\Digsby.exe"= "c:\\Program Files\\UltraVNC\\vncviewer.exe"= "c:\\Program Files\\Digsby\\lib\\digsby-app.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Java\\jre1.6.0_05\\launch4j-tmp\\Stanza.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2346:TCP"= 2346:TCP:Ghost Recon "2347:TCP"= 2347:TCP:Ghost Recon "2348:TCP"= 2348:TCP:Ghost Recon "2346:UDP"= 2346:UDP:Ghost Recon "2347:UDP"= 2347:UDP:Ghost Recon "5500:TCP"= 5500:TCP:VNC TCP "5900:TCP"= 5900:TCP:vnc5900 "5800:TCP"= 5800:TCP:vnc5800 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/22/2009 8:34 AM 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/20/2009 10:28 AM 327688] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/20/2009 10:28 AM 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/20/2009 10:28 AM 298776] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1003344] R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [7/16/2007 10:09 PM 6016] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] R3 EMCR;EMCR;c:\windows\system32\drivers\EMCR7SK.sys [9/10/2004 11:44 AM 104960] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [6/26/2008 8:14 PM 42112] S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [3/31/2006 9:18 AM 911744] S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [9/4/2007 4:53 PM 55664] . Contents of the 'Scheduled Tasks' folder 2009-06-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:05] 2009-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2009-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1060284298-839522115-1003.job - c:\documents and settings\Scott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 23:09] 2009-06-26 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: cyberspacehq.com\linktrader Trusted Zone: cyberspacehq.com\support DPF: {E1F6A9E6-B493-4670-9437-2D4B4B8965E0} - hxxp://support.cyberspacehq.com/case_message_box/CaseMessageBoxProj1.cab FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\36q1xgg0.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.videotutorialzone.com/ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll FF - plugin: c:\documents and settings\Scott\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\Common Files\fluxDVD\APIX\NPAPIX.dll FF - plugin: c:\program files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-26 07:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????l?P?r?o??????? ???B???????????????B? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€\|ÿÿÿÿ•€\|ù•Ôw] "5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(960) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3964) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE c:\program files\McAfee\Common Framework\FrameworkService.exe c:\windows\system32\ati2evxx.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\VMware\VMware Workstation\vmware-authd.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe c:\windows\system32\vmnat.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\searchindexer.exe c:\windows\system32\vmnetdhcp.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\rundll32.exe c:\program files\McAfee\Common Framework\Mctray.exe c:\program files\Skype\Phone\Skype.exe c:\program files\Digsby\lib\digsby-app.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\windows\system32\searchprotocolhost.exe c:\program files\Java\jre1.6.0_05\bin\javaw.exe c:\windows\system32\searchfilterhost.exe . ************************************************************************* . Completion time: 2009-06-26 8:01 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-26 15:01 ComboFix2.txt 2009-06-25 16:12 Pre-Run: 6,016,073,728 bytes free Post-Run: 5,986,598,912 bytes free Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5 527 --- E O F --- 2009-06-25 14:57

06-26-2009, 10:17 AM	#8 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,572 OS: 2000 Pro; XP Pro; XP Home	Re: Need help with reviewing RSIT Log Hi - Copy/paste is preferred for these logs, thanks. I'd like to confirm that you ran the McAfee Removal tool. I still see parts of it in the most recent log. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

06-26-2009, 10:34 AM	#10 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,572 OS: 2000 Pro; XP Pro; XP Home	Re: Need help with reviewing RSIT Log Please see Post #8 This last post of yours is a duplicate of your previous post. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

06-27-2009, 11:04 AM	#11 (permalink)
sediaz Registered User Join Date: Jun 2009 Posts: 12 OS: WinXP SP3	Re: Need help with reviewing RSIT Log Odd... I didnt see your reply #8. I didnt reply either. Though when I posted #7 it did give an error and I had to hit submit again. But that was right away. I thought I mentioned it but apparently I did not. When I ran the MPCR.EXE file it said it detected the Enterprise version and to contact support. I didnt see anything in Add/Remove Applications after I uninstalled. What should I do for that? Thanks, Scott

06-27-2009, 11:48 AM	#12 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,572 OS: 2000 Pro; XP Pro; XP Home	Re: Need help with reviewing RSIT Log Must have been a forum hiccup. See if these help. If not, we can remove the remainders I see another way. https://kc.mcafee.com/corporate/inde...p=LIST_POPULAR http://community.mcafee.com/showthre...505#post538505 After you've done that, please post a new DDS log. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

06-29-2009, 09:42 AM	#13 (permalink)
sediaz Registered User Join Date: Jun 2009 Posts: 12 OS: WinXP SP3	Re: Need help with reviewing RSIT Log Here is the latest DDS log. It looks like I got most of McAfee off but looks like there might be something in the services but all the files are gone that the KB showed. It was the Common Framework that gave me problem removing. If you can help me romove ANY remaining McAfee items, that would be great. Thanks, Scott DDS (Ver_09-06-26.01) - NTFSx86 Run by Scott at 8:36:18.26 on Mon 06/29/2009 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1315 [GMT -7:00] AV: AVG Anti-Virus Free On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\System32\svchost.exe -k imgsvc C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CounterPath\X-Lite\x-lite.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Digsby\lib\digsby-app.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe C:\Documents and Settings\Scott\Desktop\dds.pif ============== Pseudo HJT Report =============== uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Microsoft Web Test Recorder 9.0 Helper: {e31ce47f-c268-41ba-897b-b415e613947d} - c:\program files\microsoft visual studio 9.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll EB: Web Test Recorder 9.0: {3c7adade-d1e8-45d2-bdcd-7f8d8b99b2a2} - mscoree.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [eyeBeam SIP Client] "c:\program files\counterpath\x-lite\x-lite.exe" uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe mRun: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe StartupFolder: c:\docume~1\scott\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: cyberspacehq.com\linktrader Trusted Zone: cyberspacehq.com\support DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15015/CTSUEng.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143053689638 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148051276250 DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E1F6A9E6-B493-4670-9437-2D4B4B8965E0} - hxxp://support.cyberspacehq.com/case_message_box/CaseMessageBoxProj1.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15021/CTPID.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\program files\dvd region+css free\DVDShell.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\scott\applic~1\mozilla\firefox\profiles\36q1xgg0.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.videotutorialzone.com/ FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll FF - plugin: c:\documents and settings\scott\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\common files\fluxdvd\apix\NPAPIX.dll FF - plugin: c:\program files\common files\fluxdvd\browserintegration\NPFluxBrowserHelper.dll FF - plugin: c:\program files\common files\mpdrm\NPMPDRM.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPAPIX.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPFluxBrowserHelper.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPMPDRM.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-22 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-20 327688] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-20 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-20 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-20 298776] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1003344] R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2007-7-16 6016] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 EMCR;EMCR;c:\windows\system32\drivers\EMCR7SK.sys [2004-9-10 104960] S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?] S2 McAfeeFramework;McAfee Framework Service;"c:\program files\mcafee\common framework\frameworkservice.exe" /servicestart --> c:\program files\mcafee\common framework\FrameworkService.exe [?] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-6-26 42112] S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [2006-3-31 911744] S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\microsoft visual studio 9.0\team tools\performance tools\VSPerfDrv90.sys [2007-9-4 55664] =============== Created Last 30 ================ 2009-06-25 09:10 <DIR> -cd----- c:\windows\system32\dllcache\cache 2009-06-25 08:01 <DIR> a-dshr-- C:\cmdcons 2009-06-25 07:59 161,792 a------- c:\windows\SWREG.exe 2009-06-25 07:59 155,136 a------- c:\windows\PEV.exe 2009-06-25 07:59 98,816 a------- c:\windows\sed.exe 2009-06-22 21:10 125,184 -------- c:\windows\system32\drivers\imagesrv.sys 2009-06-22 21:10 5,504 -------- c:\windows\system32\drivers\imagedrv.sys 2009-06-22 21:09 106,496 a------- c:\windows\system32\TwnLib20.dll 2009-06-22 21:09 155,648 a------- c:\windows\system32\NeroCheck.exe 2009-06-22 14:34 <DIR> --d----- C:\~ErdUserProfile.$$$ 2009-06-22 12:28 15,688 a------- c:\windows\system32\lsdelete.exe 2009-06-22 08:34 64,160 a------- c:\windows\system32\drivers\Lbd.sys 2009-06-22 07:59 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-06-22 07:59 <DIR> --d----- c:\program files\Lavasoft 2009-06-20 10:48 <DIR> --d-h--- C:\$AVG8.VAULT$ 2009-06-20 10:28 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-06-20 10:28 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-06-20 10:28 327,688 a------- c:\windows\system32\drivers\avgldx86.sys 2009-06-20 10:28 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-06-20 10:28 <DIR> --d----- c:\program files\AVG 2009-06-20 10:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8 2009-06-19 08:02 102,664 a------- c:\windows\system32\drivers\tmcomm.sys 2009-06-19 08:01 <DIR> --d----- c:\documents and settings\scott\.housecall6.6 2009-06-16 07:28 <DIR> --d----- c:\program files\common files\DivX Shared 2009-06-12 08:11 3,275 a------- c:\windows\system32\wbem\Outlook_01c9eb70015990a2.mof 2009-06-10 11:53 <DIR> --d----- c:\program files\iPod 2009-06-10 11:53 <DIR> --d----- c:\program files\iTunes 2009-06-06 14:47 38,912 ac------ c:\windows\system32\dllcache\avc.sys 2009-06-06 14:47 38,912 a------- c:\windows\system32\drivers\avc.sys 2009-06-06 14:47 48,128 ac------ c:\windows\system32\dllcache\61883.sys 2009-06-06 14:47 48,128 a------- c:\windows\system32\drivers\61883.sys 2009-06-05 13:07 1,645,320 -------- c:\windows\system32\gdiplus.dll 2009-06-05 13:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SmartSound Software Inc 2009-06-05 13:02 <DIR> --d----- c:\program files\SmartSound Software 2009-06-05 12:58 87 a------- c:\windows\dswplug.ini 2009-06-05 12:58 73,728 a------- c:\windows\system32\mplaw7.dll 2009-06-05 12:58 73,728 a------- c:\windows\system32\mplaa6.dll 2009-06-05 12:58 61,440 a------- c:\windows\system32\mplam6.dll 2009-06-05 12:58 19,968 a------- c:\windows\system32\cpuinf32.dll 2009-06-05 12:56 <DIR> --d----- c:\program files\common files\SONY Digital Images 2009-06-05 12:56 <DIR> --d----- c:\windows\system32\windows media 2009-06-05 12:56 <DIR> --d-h--- c:\windows\msdownld.tmp 2009-06-05 12:55 <DIR> --d----- c:\program files\Windows Media Components 2009-06-05 12:31 299,923 a------- c:\windows\system32\drivers\sonyhcs.sys 2009-06-05 12:31 102,220 a------- c:\windows\system32\drivers\sonypvs1.sys 2009-06-05 12:31 53,248 a------- c:\windows\system32\SONYHCY.DLL 2009-06-05 12:31 38,739 a------- c:\windows\system32\drivers\sonyhcc.sys 2009-06-05 12:31 6,097 a------- c:\windows\system32\drivers\sonyhcb.sys 2009-06-05 12:31 3,654 a------- c:\windows\system32\drivers\Sonyhcp.dll 2009-06-05 12:31 <DIR> --d----- C:\Drivers 2009-06-01 13:46 <DIR> --d----- c:\program files\DVDFab 6 ==================== Find3M ==================== 2009-06-19 17:58 93,635 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll 2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys 2009-05-25 00:24 350,208 -------- c:\windows\system32\mssph.dll 2009-05-12 15:12 26,144 a------- c:\windows\system32\spupdsvc.exe 2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-01 14:02 90,112 a------- c:\windows\system32\dpl100.dll 2009-05-01 14:02 823,296 a------- c:\windows\system32\divx_xx0c.dll 2009-05-01 14:02 823,296 a------- c:\windows\system32\divx_xx07.dll 2009-05-01 14:02 815,104 a------- c:\windows\system32\divx_xx0a.dll 2009-05-01 14:02 811,008 a------- c:\windows\system32\divx_xx16.dll 2009-05-01 14:02 802,816 a------- c:\windows\system32\divx_xx11.dll 2009-05-01 14:02 685,056 a------- c:\windows\system32\DivX.dll 2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll 2009-04-28 21:55 78,336 a------- c:\windows\system32\ieencode.dll 2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2008-07-28 13:34 47,360 a------- c:\docume~1\scott\applic~1\pcouffin.sys 2008-06-26 20:10 25,600 a------- c:\documents and settings\scott\usbsermptxp.sys 2008-06-26 20:10 22,768 a------- c:\documents and settings\scott\usbsermpt.sys 2007-11-19 11:28 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat 2007-07-24 13:24 28,706,553 a------- c:\program files\AddWeb7.zip 2007-02-22 14:56 212 ----h--- c:\docume~1\scott\applic~1\srfvdo.dat 2007-01-26 11:08 87,608 a------- c:\docume~1\scott\applic~1\ezpinst.exe 2006-11-03 20:48 92,064 a------- c:\documents and settings\scott\mqdmmdm.sys 2006-11-03 20:48 79,328 a------- c:\documents and settings\scott\mqdmserd.sys 2006-11-03 20:48 66,656 a------- c:\documents and settings\scott\mqdmbus.sys 2006-11-03 20:48 9,232 a------- c:\documents and settings\scott\mqdmmdfl.sys 2006-11-03 20:48 6,208 a------- c:\documents and settings\scott\mqdmcmnt.sys 2006-11-03 20:48 5,936 a------- c:\documents and settings\scott\mqdmwhnt.sys 2006-11-03 20:48 4,048 a------- c:\documents and settings\scott\mqdmcr.sys 2009-02-11 21:41 1,056 a--sh--- c:\windows\system32\KGyGaAvL.sys 2008-05-23 17:32 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052320080524\index.dat ============= FINISH: 8:36:38.10 ===============

06-29-2009, 08:10 PM	#16 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,572 OS: 2000 Pro; XP Pro; XP Home	Re: Need help with reviewing RSIT Log Please go to Start > Run and copy/paste the following, then press Enter: C:\QooBox\Add-Remove Programs.txt A text file should open. Please post the contents of that file in your next reply. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

06-29-2009, 10:45 PM	#17 (permalink)
sediaz Registered User Join Date: Jun 2009 Posts: 12 OS: WinXP SP3	Re: Need help with reviewing RSIT Log 2007 Microsoft Office Suite Service Pack 1 (SP1) 7-Zip 4.57 AAC Decoder AC3Filter (remove only) AccuTagger 1.01 Action Replay Code Manager Ad-Aware AddWeb 7 Pro AddWeb 8 AddWeb 8 Professional AddWeb Webmaster Studio Adobe Audition 2.0 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.1.6 Adobe Shockwave Player AGEIA PhysX v7.07.24 AppDev Exploring Visual Studio 2008 Using Visual Csharp Sample CD Apple Mobile Device Support Apple Software Update ATI Display Driver Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5 AutoUpdate Avanquest update AVG Free 8.5 Azureus Bonjour Broadcom 802.11 Wireless LAN Adapter BulletProof FTP BulletProof FTP Client (remove only) Canon S900 Chinese Traditional Fonts Support For Adobe Reader 8 Compatibility Pack for the 2007 Office system Conexant 56K ACLink Modem Conexant AC-97 Audio Conexant Data Fax Modem with SmartCP CorelDRAW Graphics Suite X3 Critical Update for Windows Media Player 11 (KB959772) Crystal Reports Basic for Visual Studio 2008 CSE HTML Validator Professional v9.01 CXP Plug-In Digsby DivX Codec DivX Converter DivX Player DivX Plus DirectShow Filters DivX Version Checker DivX Web Player DVD Menu Maker DVD Region+CSS Free 5.9.8.5 DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2 DVDFab 6.0.1.0 (May 15, 2009) Easy Icon Maker EN EPSON Print CD EPSON Printer Software Evrsoft First Page 2006 FontNav getPlus(R)_ocx Google Chrome Google Earth H.264 Decoder Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB952241) Hotfix for Microsoft Visual Studio Team System 2008 Team Suite - ENU (KB952241) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) ImagXpress iTunes J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 Java 2 Runtime Environment, SE v1.4.2_03 Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) 6 Update 5 Java(TM) SE Runtime Environment 6 Update 1 Jing Live Search Maps Add-In for Microsoft Office Outlook Magic ISO Maker v5.5 (build 0272) Microsoft .NET Compact Framework 1.0 SP3 Developer Microsoft .NET Compact Framework 2.0 SP2 Microsoft .NET Compact Framework 3.5 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Device Emulator version 3.0 - ENU Microsoft Document Explorer 2005 Microsoft Document Explorer 2008 Microsoft Document Explorer 2008 (6001.18000.367) Microsoft Expression Blend Microsoft IntelliPoint 6.01 Microsoft IntelliType Pro 6.01 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Visual Web Developer 2007 Microsoft Office Visual Web Developer MUI (English) 2007 Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft VC Redist 2008 (6001.18000.367) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86 Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Visual Studio 2008 Performance Collection Tools - ENU Microsoft Visual Studio 2008 Professional Edition - ENU Microsoft Visual Studio Team System 2008 Team Suite - ENU Microsoft Visual Studio Web Authoring Component Microsoft Windows SDK .NET Framework Tools Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense Microsoft Windows SDK for Visual Studio 2008 Tools Microsoft Windows SDK for Visual Studio 2008 Win32 Tools Microsoft Windows SDK for Windows Server 2008 (6001.18000.367) Microsoft Windows SDK for Windows Server 2008 .NET Documentation (6001.18000.367) Microsoft Windows SDK for Windows Server 2008 Common Utilities (6001.18000.367) Microsoft Windows SDK for Windows Server 2008 Headers and Libraries (6001.18000.367) Microsoft Windows SDK for Windows Server 2008 Samples (6001.18000.367) Microsoft Windows SDK for Windows Server 2008 Utilities for Win32 Development (6001.18000.367) Microsoft Windows SDK for Windows Server 2008 Win32 Documentation (6001.18000.367) Microsoft Windows SDK Intellisense and Reference Assemblies (6001.18000.367) Microsoft Windows SDK MDAC Headers and Libraries (6001.18000.367) Microsoft Windows SDK Net Fx Interop Headers And Libraries (6001.18000.367) MKV Splitter MobileMe Control Panel Motorola Phone Tools Mozilla Firefox (3.0.11) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 Parser and SDK Nero 6 Ultra Edition News Rover -- Usenet newsreader No-IP.com DUC (remove only) NVIDIA Drivers PDFCreator PhotoImpact X3 Quick Launch Buttons 4.20 C1 QuickBooks Premier: Nonprofit Edition 2007 QuickBooks Product Listing Service QuickPar 0.9 QuickTime RealPlayer REALTEK Gigabit and Fast Ethernet NIC Driver RegCure 1.5.0.0 Rhapsody Player Engine Safari Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office system 2007 (KB954326) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Skype™ 4.0 SmartSound Quicktracks Plugin Sony USB Driver SpyWare Killer Pro Stanza SupportSoft Assisted Service Synaptics Pointing Device Driver System Requirements Lab TMPGEnc 4.0 XPress Trend Micro Internet Security TSUNAMI-MPEG DVD Author PRO Ulead COOL 360 Ulead DVD DiskRecorder 2.1.1 Ulead MediaStudio Pro 8.0 Ulead Photo Explorer 8.6 UltraVNC 1.0.5 UltraVNC v1.0 UltraVNC v1.0.2 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB957244) Update for Microsoft Script Editor Help (KB957253) Update for Windows XP (KB943729) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update Manager VBA VC80CRTRedist - 8.0.50727.762 Ventrilo Client VideoLAN VLC media player 0.8.5 Virtual DJ - Atomix Productions Virtual Earth 3D (Beta) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Visual Studio 2005 Tools for Office Second Edition Runtime Visual Studio Tools for the Office system 3.0 Runtime VMware Workstation WebFldrs XP Windows Defender Windows Defender Signatures Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Live installer Windows Live Messenger Windows Live Sign-in Assistant Windows Media Connect Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows Mobile 5.0 SDK R2 for Pocket PC Windows Mobile 5.0 SDK R2 for Smartphone Windows Presentation Foundation Windows Rights Management Client Backwards Compatibility SP2 Windows Rights Management Client with Service Pack 2 Windows SDK Intellidocs Windows Search 4.0 Windows XP Service Pack 3 WinRAR archiver Wise for Windows Installer 4.21 Wise Installation System 9.02 X-Lite 3.0 XML Paper Specification Shared Components Pack 1.0

06-30-2009, 10:02 PM	#19 (permalink)
sediaz Registered User Join Date: Jun 2009 Posts: 12 OS: WinXP SP3	Re: Need help with reviewing RSIT Log Kaspersky Results: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Tuesday, June 30, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Tuesday, June 30, 2009 17:42:19 Records in database: 2406745 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: no Scan area - My Computer: C:\ D:\ E:\ Z:\ Scan statistics: Files scanned: 319637 Threat name: 2 Infected objects: 6 Suspicious objects: 0 Duration of the scan: 10:10:47 File name / Threat name / Threats count C:\Program Files\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ab 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\MSIVXmsxnpneabejsyjlayubvluirujdohucq.dll.vir Infected: Trojan.Win32.Agent.cndw 1 C:\System Volume Information\_restore{E86CF375-3F22-4EA1-B861-292C3A7E116A}\RP414\A0035678.dll Infected: Trojan.Win32.Agent.cndw 1 Z:\Program Files\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ab 1 Z:\Qoobox\Quarantine\C\WINDOWS\system32\MSIVXmsxnpneabejsyjlayubvluirujdohucq.dll.vir Infected: Trojan.Win32.Agent.cndw 1 Z:\System Volume Information\_restore{E86CF375-3F22-4EA1-B861-292C3A7E116A}\RP414\A0035678.dll Infected: Trojan.Win32.Agent.cndw 1 The selected area was scanned. My system seems to behaving properly. Thank you, Scott

06-30-2009, 10:09 PM	#20 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,572 OS: 2000 Pro; XP Pro; XP Home	Re: Need help with reviewing RSIT Log Scott, what's Z drive, a mapped backup? Or an external hdd? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009