Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

antivirus/spyware problem

This is a discussion on antivirus/spyware problem within the Resolved HJT Threads forums, part of the Tech Support Forum category. I recently have been experiencing problems with my computer. On Monday I turned on my computer and a red circle


 
 
Thread Tools Search this Thread
Old 10-23-2008, 04:19 PM   #1
Guest
 
Join Date: Oct 2008
Posts: 10
OS:


Mistake

I recently have been experiencing problems with my computer. On Monday I turned on my computer and a red circle with a white X in it was on my task bar with a pop up balloon stating that I have been infected with spyware. When attempting to close the balloon, an installation begins for an antispyware program which requires credit information. I then attempted to run my own antivirus and antispyware programs and they would not run. When I attempted to download and install new programs (windows defender beta and symantec) it said that I need to verify that I have sufficient privileges to start system services and will not download, and while attempting to run microsoft antispyware I occur a critical error and it will not start) I followed the recommended five steps, however the HiJack program would not run. Also since Monday my five, six and dash keys do not function, I was not sure if these two problems were related. Here is the log from my active scan:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-10-20 21:56:13
PROTECTIONS: 2
MALWARE: 34
SUSPECTS: 4
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee Internet Security Suite 2007 7.2 No No
McAfee VirusScan Plus 11.2 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00020942 adware/exact.bargainbuddy Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\bargain buddy
00029424 adware/cws.searchmeup Adware No 1 Yes No c:\documents and settings\kirsten green\favorites\gambling
00029459 spyware/betterinet Spyware No 1 Yes No c:\windows\inf\biini.inf
00033264 adware/talkstocks Adware No 0 Yes No c:\windows\system32\mstbl.ocx
00040474 dialer.bew Dialers No 0 Yes No c:\windows\system32\search.html
00041558 exploit/mhtredir.gen HackTools No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{10000000-1000-0000-1000-000000000000}
00046757 spyware/bridge Spyware No 1 Yes No c:\program files\winfavorites
00046757 spyware/bridge Spyware No 1 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\win favorites
00046761 adware/xupiter Adware No 0 Yes No c:\documents and settings\kirsten green\favorites\inernet
00046761 adware/xupiter Adware No 0 Yes No c:\program files\sqwire
00046761 adware/xupiter Adware No 0 Yes No c:\documents and settings\kirsten green\favorites\free stuff
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[.atdmt.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[.mediaplex.com/]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[.clickbank.net/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[.com.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[.xiti.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[.apmebf.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[.serving-sys.com/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[server.iad.liveperson.net/hc/84815040]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[server.iad.liveperson.net/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Cookies\[email protected][1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[.zedo.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\cookies.txt[.target.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\kir ipod\Cookies\kir [email protected][2].txt
00392144 Trj/Downloader.USY Virus/Trojan No 1 Yes No C:\WINDOWS\SYSTEM32\6f1g4RPh.exe
00418007 Adware/XPAntiSpyware2009 Adware No 1 No No C:\Documents and Settings\Kirsten Green\Local Settings\Temp\Binaries1.cab3[XP_AntiSpyware.exe]
00418007 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1478\A0132395.exe
00418007 Adware/XPAntiSpyware2009 Adware No 1 No No C:\Documents and Settings\Kirsten Green\Local Settings\Temp\Binaries1.cab2[XP_AntiSpyware.exe]
00418007 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe
00418007 Adware/XPAntiSpyware2009 Adware No 1 No No C:\Documents and Settings\Kirsten Green\Local Settings\Temp\Binaries1.cab4[XP_AntiSpyware.exe]
00418007 Adware/XPAntiSpyware2009 Adware No 1 No No C:\Documents and Settings\Kirsten Green\Local Settings\Temp\Binaries1.cab5[XP_AntiSpyware.exe]
00419713 Trj/Clicker.AMJ Virus/Trojan Yes 2 Yes No C:\WINDOWS\system32\7B37w6K5.exe
00419713 Trj/Clicker.AMJ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1476\A0132262.exe
00421373 Adware/XPAntiSpyware2009 Adware No 1 No No C:\Documents and Settings\Kirsten Green\Local Settings\Temp\Binaries2.cab4[AVEngn.dll]
00421373 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\Program Files\XP_AntiSpyware\AVEngn.dll
00421373 Adware/XPAntiSpyware2009 Adware No 1 No No C:\Documents and Settings\Kirsten Green\Local Settings\Temp\Binaries2.cab5[AVEngn.dll]
00421373 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1479\A0132551.dll
00421373 Adware/XPAntiSpyware2009 Adware No 1 No No C:\Documents and Settings\Kirsten Green\Local Settings\Temp\Binaries2.cab6[AVEngn.dll]
00421373 Adware/XPAntiSpyware2009 Adware No 1 No No C:\Documents and Settings\Kirsten Green\Local Settings\Temp\Binaries2.cab3[AVEngn.dll]
00958505 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
01260840 Trj/Downloader.PME Virus/Trojan No 1 Yes No C:\Documents and Settings\Kirsten Green\Local Settings\Application Data\Wildtangent\Cdacache\00\00\1B.dat
02902637 Rootkit/Nurech.BC HackTools No 1 Yes No C:\WINDOWS\SYSTEM32\DLLCACHE\beep.sys
02902637 Rootkit/Nurech.BC HackTools No 1 Yes No C:\WINDOWS\system32\Drivers\Beep.sys
02902637 Rootkit/Nurech.BC HackTools No 1 Yes No C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1476\A0132241.sys
03694716 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\SYSTEM32\karna.dat
03694716 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\karna.dat
03891799 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1478\A0132393.cpl
03891799 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1478\A0132371.cpl
03891799 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Kirsten Green\Local Settings\Temp\Binaries2.cab6[wscui.cpl]
03891799 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Kirsten Green\Local Settings\Temp\Binaries2.cab5[wscui.cpl]
03891799 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Kirsten Green\Local Settings\Temp\Binaries2.cab4[wscui.cpl]
03891799 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1479\A0132554.cpl
03891799 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Kirsten Green\Local Settings\Temp\Binaries2.cab3[wscui.cpl]
03891799 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\_scui.cpl
03894419 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\XP_AntiSpyware\Uninstall.exe
03894419 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\wini10252.exe
03894419 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1479\A0132549.exe
03894419 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1479\A0132553.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\WINDOWS\SYSTEM32\brastk.exe
No C:\U.exe
No C:\WINDOWS\brastk.exe
No C:\WINDOWS\SYSTEM32\brastk.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================


I would really appreciate your help with my problem. Thank you!
kirsten290 is offline  
Sponsored Links
Advertisement
 
Old 10-26-2008, 07:10 PM   #2
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Download GMER Rootkit Scanner from here or here.

Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe

The program will begin to run. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click Yes. Once the scan is complete, you may receive another notice about rootkit activity. Click OK. GMER will produce a log. Click on the Save button, and save the log file somewhere you can easily find it, such as your desktop. Please attach that log to your next reply.

If you do not receive notice about possible rootkit activity, remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. It will produce a log. Click on the Save button, and save the log file somewhere you can easily find it, such as your desktop. Please attach that log to your next reply.

---------------------------------------------------------------------------------------------
  • Download RSIT by random/random and save it to your desktop.
  • Double click RSIT.exe to start the tool and click Continue at the disclaimer.
  • When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
  • Please attach info.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\rsit\info.txt
  3. Click Upload.

---------------------------------------------------------------------------------------------

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 11-02-2008, 10:20 AM   #3
Guest
 
Join Date: Oct 2008
Posts: 10
OS:



Thank you for your reply. I downloaded the programs and ran them as instructed. In order for the GMER program to work, I needed to rename the GMER file to test.exe. As soon as I ran the program, a warning popped up that said "Warning!!! Loaded GMER's driver version is incompatible with the currently running GMER application. You need to stop the driver with the command 'net stop gmer' or restart the computer." After pushing the Ok button the program starts and begins to run. It detects a possible rootkit program and I begin a full scan. After the full scan, it says that it detects nothing and no log is produced. I then started the RSIT program. This is the log that is produced.

Logfile of random's system information tool 1.04 (written by random/random)
Run by gree6912 at 2008-11-03 00:30:03
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (7%) free of 38 GB
Total RAM: 511 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:23 AM, on 11/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Lavasoft\PERSON~1\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\AOL\1124387161\ee\AOLHostManager.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1124387161\ee\AOLServiceHost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\WLAN11G\WLANMON.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kirsten Green\Desktop\RSIT.exe
c:\program files\mcafee\mpf\mc\mpfalert.exe
C:\Program Files\trend micro\gree6912.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://red.clientapps.yahoo.com/cust...//my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://red.clientapps.yahoo.com/cust...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124387161\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [lavasoftFeedBack] "C:\Program Files\Lavasoft\Personal Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [lavasoftMonitor] C:\PROGRA~1\Lavasoft\PERSON~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe -m
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AntispywareBot] C:\Program Files\AntispywareBot\AntispywareBot.exe -boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Westell 802.11g Wireless LAN Utility.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?5cc68dcc575e4bb5817050d9e93bedfb
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?5cc68dcc575e4bb5817050d9e93bedfb
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: https://*.mcafee.com
O16 - DPF: Yahoo! Word Racer - https://download.games.yahoo.com/game...ts/y/wt0_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\gfwfrtsj.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {473EB4B9-6641-4FE4-9A0D-AB0EFAE34FA8} (ELSReg Class) - https://pocketconsult.elsevier.com.li...//ELSProxy.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsof...?1138454918294
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - https://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O20 - AppInit_DLLs: karna.dat
O23 - Service: Lavasoft Client Security Service (acssrv) - Lavasoft AB - C:\PROGRA~1\Lavasoft\PERSON~1\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 14891 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AntispywareBot Scheduled Scan.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll [2004-01-07 272983]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll [2005-06-01 512000]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN Search Toolbar - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll [2005-09-20 577744]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar5.dll [2007-01-19 2403392]
{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-05-13 98304]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-05-14 536576]
"PCTVOICE"=C:\WINDOWS\system32\pctspk.exe [2002-07-18 163840]
"MoneyStartUp10.0"=C:\Program Files\Microsoft Money\System\Activation.exe [2001-07-25 241714]
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe [2002-07-17 28672]
"DadApp"=C:\Program Files\Dell\AccessDirect\dadapp.exe [2002-11-01 208560]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-05-22 327680]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2002-08-28 28672]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"HostManager"=C:\Program Files\Common Files\AOL\1124387161\ee\AOLHostManager.exe [2005-08-02 159832]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe [2005-07-19 40960]
"HPHUPD08"=C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-01 49152]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-07-15 180269]
"WD Button Manager"=C:\WINDOWS\system32\WDBtnMgr.exe [2006-11-05 339968]
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6253\SiteAdv.exe [2007-02-08 36904]
"tgcmd"=C:\Program Files\Support.com\bin\tgcmd.exe [2007-03-07 1773568]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"lavasoftFeedBack"=C:\Program Files\Lavasoft\Personal Firewall\feedback.exe [2008-04-22 413696]
"lavasoftMonitor"=C:\PROGRA~1\Lavasoft\PERSON~1\op_mon.exe [2008-04-25 1207296]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe []
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe []
"brastk"=C:\WINDOWS\system32\brastk.exe [2008-11-02 9728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe [2004-11-11 212992]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe [2005-07-19 57344]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2006-11-07 50736]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-23 68856]
"Mobipocket Web Companion"=C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe [2005-01-05 1601536]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 []
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-12-07 1884160]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"AntispywareBot"=C:\Program Files\AntispywareBot\AntispywareBot.exe -boot []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2006-11-05 190464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [2004-01-26 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [2004-01-26 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe [2007-09-27 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2006-11-21 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe [2003-12-26 1531904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
C:\PROGRA~1\AOLCOM~1\COMPAN~1.EXE /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2005-05-11 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2003-04-09 598150]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\BACKWE~1.EXE [2002-03-13 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Backup Monitor.lnk]
C:\PROGRA~1\MYBOOK~1\WDBACK~1\UBBMON~1.EXE [2006-01-22 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kirsten Green^Start Menu^Programs^Startup^HotSync Manager.lnk]
C:\PROGRA~1\Palm\HOTSYNC.EXE [2003-03-19 299008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
DataViz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Westell 802.11g Wireless LAN Utility.lnk - C:\WLAN11G\WLANMON.exe
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\aol\1124387161\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\aol\1124387161\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe"="C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Network Magic Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\aol\1124387161\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\aol\1124387161\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a066b7b0-898d-11dc-8150-000d5630417a}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-11-03 00:30:03 ----D---- C:\rsit
2008-11-02 23:34:14 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-11-02 23:34:13 ----A---- C:\WINDOWS\gmer.exe
2008-11-02 23:34:13 ----A---- C:\WINDOWS\gmer.dll
2008-10-27 13:23:13 ----D---- C:\Program Files\Windows Defender
2008-10-27 13:01:39 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2008-10-27 13:01:36 ----D---- C:\Program Files\Registry Mechanic
2008-10-27 12:23:52 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-10-27 12:00:41 ----A---- C:\WINDOWS\system32\brastk.exe
2008-10-26 19:35:56 ----A---- C:\WINDOWS\brastk.exe
2008-10-24 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-24 03:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-23 22:20:50 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-10-23 22:14:40 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-23 16:02:03 ----D---- C:\Program Files\Trend Micro
2008-10-23 15:47:46 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-21 03:18:07 ----D---- C:\WINDOWS\Prefetch
2008-10-21 00:33:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-21 00:33:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-21 00:33:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-21 00:33:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-21 00:32:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-21 00:32:05 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-10-21 00:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-21 00:31:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-21 00:31:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-21 00:31:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-21 00:30:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-21 00:30:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-21 00:30:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-21 00:30:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-21 00:30:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-21 00:29:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-10-21 00:29:15 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-21 00:29:04 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-21 00:03:34 ----A---- C:\WINDOWS\setuplog.txt
2008-10-20 23:57:23 ----D---- C:\WINDOWS\system32\scripting
2008-10-20 23:57:11 ----D---- C:\WINDOWS\l2schemas
2008-10-20 23:57:07 ----D---- C:\WINDOWS\system32\en
2008-10-20 22:04:21 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-20 22:03:50 ----D---- C:\Program Files\SpywareBlaster
2008-10-20 15:49:19 ----D---- C:\Program Files\Panda Security
2008-10-20 14:56:12 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-20 14:46:58 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-20 13:59:28 ----D---- C:\Program Files\Microsoft AntiSpyware
2008-10-20 13:54:42 ----D---- C:\Program Files\Symantec
2008-10-20 13:52:59 ----D---- C:\SAV
2008-10-19 23:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-19 23:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-19 23:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-19 23:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-19 22:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-19 22:58:43 ----A---- C:\WINDOWS\system32\MRT.INI
2008-10-19 22:54:24 ----A---- C:\WINDOWS\imsins.BAK
2008-10-19 22:53:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956390_0$
2008-10-19 22:21:58 ----D---- C:\Documents and Settings\Kirsten Green\Application Data\AntispywareBot
2008-10-19 22:10:37 ----A---- C:\WINDOWS\system32\7B37w6K5.exe.a_a
2008-10-19 22:03:30 ----A---- C:\WINDOWS\qacoj.vbs
2008-10-19 22:03:30 ----A---- C:\Program Files\Common Files\orudoq.dll
2008-10-19 22:03:30 ----A---- C:\Documents and Settings\All Users\Application Data\ywamy.exe
2008-10-19 22:03:30 ----A---- C:\Documents and Settings\All Users\Application Data\alakirequr.vbs
2008-10-19 22:02:48 ----D---- C:\Program Files\XP_AntiSpyware
2008-10-19 21:46:47 ----A---- C:\U.exe
2008-10-19 17:47:53 ----A---- C:\WINDOWS\system32\6f1g4RPh.exe.a_a
2008-10-19 17:13:48 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-10-19 17:13:45 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-10-19 17:13:42 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-10-19 17:13:42 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-10-19 17:13:10 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-10-19 17:13:10 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-10-19 17:12:35 ----N---- C:\WINDOWS\system32\setupn.exe
2008-10-19 17:12:29 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-19 17:12:27 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-10-19 17:12:26 ----N---- C:\WINDOWS\system32\qutil.dll
2008-10-19 17:12:23 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-10-19 17:12:23 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-10-19 17:12:23 ----N---- C:\WINDOWS\system32\qagent.dll
2008-10-19 17:12:21 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-10-19 17:12:17 ----N---- C:\WINDOWS\system32\onex.dll
2008-10-19 17:11:55 ----N---- C:\WINDOWS\system32\napstat.exe
2008-10-19 17:11:55 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-10-19 17:11:55 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-10-19 17:11:53 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-10-19 17:11:52 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-10-19 17:11:49 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-10-19 17:11:49 ----N---- C:\WINDOWS\system32\mssha.dll
2008-10-19 17:11:26 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-10-19 17:11:25 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-19 17:11:25 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-10-19 17:11:24 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-10-19 17:10:54 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-10-19 17:10:54 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-10-19 17:10:53 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-10-19 17:10:53 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-10-19 17:10:52 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-10-19 17:10:52 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-10-19 17:10:34 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-10-19 17:10:33 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-10-19 17:09:38 ----A---- C:\WINDOWS\005912_.tmp
2008-10-19 17:09:30 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-10-19 17:09:30 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-10-19 17:09:29 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-10-19 17:09:29 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-10-19 17:09:28 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-10-19 17:09:28 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-10-19 17:09:27 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-10-19 17:09:27 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-10-19 17:09:00 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-10-19 17:09:00 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-10-19 17:09:00 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-10-19 17:08:59 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-10-19 17:08:59 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-10-19 17:08:59 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-10-19 17:08:59 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-10-19 17:08:51 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-10-19 17:08:51 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-10-19 17:08:47 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-10-19 17:08:40 ----N---- C:\WINDOWS\system32\credssp.dll
2008-10-19 17:08:27 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-19 17:08:27 ----N---- C:\WINDOWS\system32\azroles.dll
2008-10-19 17:08:05 ----N---- C:\WINDOWS\system32\aaclient.dll

======List of files/folders modified in the last 1 months======

2008-11-03 00:30:12 ----D---- C:\WINDOWS\Temp
2008-11-03 00:21:05 ----D---- C:\Program Files\Mozilla Firefox
2008-11-02 23:56:12 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-02 23:55:52 ----AD---- C:\WINDOWS
2008-11-02 23:34:14 ----D---- C:\WINDOWS\system32\DRIVERS
2008-10-30 20:00:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-28 21:11:08 ----HD---- C:\WINDOWS\INF
2008-10-27 17:22:43 ----HD---- C:\Config.Msi
2008-10-27 13:24:33 ----SHD---- C:\WINDOWS\Installer
2008-10-27 13:24:31 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-27 13:24:30 ----D---- C:\WINDOWS\PCHealth
2008-10-27 13:23:13 ----AD---- C:\Program Files
2008-10-27 13:01:39 ----D---- C:\WINDOWS\SYSTEM32
2008-10-27 12:30:22 ----D---- C:\WINDOWS\SECURITY
2008-10-24 06:25:03 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-24 03:02:34 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-10-24 03:00:42 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-23 22:22:27 ----D---- C:\Program Files\Adobe
2008-10-23 22:20:50 ----D---- C:\Program Files\Common Files
2008-10-23 22:15:52 ----D---- C:\Program Files\Common Files\Adobe
2008-10-23 19:05:10 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-23 17:58:35 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-10-23 17:53:21 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-23 17:53:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-23 17:52:39 ----D---- C:\Documents and Settings\Kirsten Green\Application Data\McAfee
2008-10-23 16:05:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-23 16:05:14 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-23 15:58:01 ----D---- C:\Program Files\MSN Messenger
2008-10-21 03:25:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-21 03:23:56 ----D---- C:\WINDOWS\Debug
2008-10-21 03:17:11 ----D---- C:\WINDOWS\system32\Setup
2008-10-21 03:17:11 ----D---- C:\WINDOWS\AppPatch
2008-10-21 03:17:09 ----D---- C:\Program Files\Internet Explorer
2008-10-21 03:17:08 ----D---- C:\WINDOWS\system32\WBEM
2008-10-21 03:17:06 ----RSD---- C:\WINDOWS\Fonts
2008-10-21 00:29:26 ----D---- C:\Program Files\Messenger
2008-10-21 00:00:27 ----D---- C:\WINDOWS\WinSxS
2008-10-20 23:59:55 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-20 23:58:50 ----D---- C:\WINDOWS\system32\INETSRV
2008-10-20 23:58:48 ----D---- C:\WINDOWS\network diagnostic
2008-10-20 23:58:47 ----D---- C:\WINDOWS\IME
2008-10-20 23:58:44 ----D---- C:\WINDOWS\Help
2008-10-20 23:57:30 ----D---- C:\WINDOWS\system32\en-US
2008-10-20 23:57:29 ----D---- C:\WINDOWS\system32\USMT
2008-10-20 23:57:05 ----D---- C:\WINDOWS\system32\bits
2008-10-20 23:57:04 ----D---- C:\WINDOWS\peernet
2008-10-20 23:57:03 ----D---- C:\Program Files\Movie Maker
2008-10-20 23:36:17 ----D---- C:\WINDOWS\system32\Restore
2008-10-20 23:36:16 ----D---- C:\WINDOWS\system32\NPP
2008-10-20 23:36:15 ----D---- C:\WINDOWS\MUI
2008-10-20 23:36:09 ----D---- C:\WINDOWS\MSAGENT
2008-10-20 23:36:03 ----D---- C:\WINDOWS\SRCHASST
2008-10-20 23:36:00 ----D---- C:\Program Files\NetMeeting
2008-10-20 23:35:51 ----D---- C:\WINDOWS\system32\Com
2008-10-20 23:35:41 ----D---- C:\Program Files\Windows Media Player
2008-10-20 23:35:38 ----D---- C:\Program Files\Windows NT
2008-10-20 23:35:38 ----D---- C:\Program Files\Outlook Express
2008-10-20 23:35:26 ----D---- C:\Program Files\Common Files\System
2008-10-20 23:34:26 ----D---- C:\WINDOWS\system32\OOBE
2008-10-20 23:34:18 ----D---- C:\WINDOWS\SYSTEM
2008-10-20 23:19:04 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-20 23:18:25 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-20 22:56:50 ----D---- C:\WINDOWS\EHome
2008-10-20 16:20:52 ----D---- C:\Documents and Settings\Kirsten Green\Application Data\Move Networks
2008-10-20 15:43:40 ----D---- C:\Program Files\CHM To PDF Converter PRO
2008-10-20 15:40:01 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-10-20 15:39:53 ----D---- C:\Program Files\Viewpoint
2008-10-20 14:51:15 ----D---- C:\WINDOWS\system32\CONFIG
2008-10-20 14:47:09 ----D---- C:\Program Files\Lavasoft
2008-10-19 22:22:02 ----SD---- C:\WINDOWS\Tasks
2008-10-15 18:24:12 ----A---- C:\WINDOWS\ModemLog_PCTEL 2304WT V.92 MDC Modem.txt
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-07 12:19:42 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-08-24 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-08-24 2560]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-01-09 107608]
R1 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-08-15 143834]
R1 SandBox;SandBox; C:\WINDOWS\system32\DRIVERS\SandBox.sys [2008-03-12 449184]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-08-15 206464]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2004-06-08 8413]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2002-08-29 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2002-08-29 55936]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 afw;Lavasoft firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2008-02-28 206400]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-05-22 625024]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-06-02 43136]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
R3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-02 85969]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2006-12-22 170408]
R3 mfesmfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfesmfk.sys [2006-12-22 37480]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-08-15 30630]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-12-05 28352]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 odysseyIM3;Odyssey Network Services Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2004-03-11 62865]
R3 Ptserial;W2K Pctel Serial Device Driver; C:\WINDOWS\System32\DRIVERS\ptserial.sys [2002-11-06 135260]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-04-25 220176]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2004-05-13 182688]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WLAN11G;Westell 802.11g Wireless PC Card; C:\WINDOWS\system32\DRIVERS\WLAN11G.sys [2004-04-21 386816]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS []
S3 ATWPKT2;ATWPKT2; \??\C:\Program Files\America Online 8.0\ATWPKT2.SYS []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 Dot4;IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\hphid407.sys [2000-08-04 50320]
S3 Dot4Usb;USB to IEEE-1284.4 Translation Driver; C:\WINDOWS\system32\DRIVERS\hphius07.sys [2000-08-04 17904]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-08-15 25898]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver; C:\WINDOWS\System32\DRIVERS\el575nd5.sys [2001-08-17 69692]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-12-22 71496]
S3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-12-22 34184]
S3 mferkdk;McAfee Inc.; C:\WINDOWS\system32\drivers\mferkdk.sys [2006-12-22 32008]
S3 NETMW145;Belkin N1 Wireless Notebook Card Service for Windows XP; C:\WINDOWS\system32\DRIVERS\NETMW145.sys [2006-08-16 553984]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2003-03-19 16509]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-01-15 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acssrv;Lavasoft Client Security Service; C:\PROGRA~1\Lavasoft\PERSON~1\acs.exe [2008-04-22 1171456]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-05-22 254043]
R2 McAfee HackerWatch Service;McAfee HackerWatch Service; C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe [2007-01-09 540776]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2007-01-05 361560]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2007-01-11 2209320]
R2 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-01-16 362064]
R2 mcpromgr;McAfee Protection Manager; C:\PROGRA~1\McAfee\MSC\mcpromgr.exe [2007-01-05 493144]
R2 McRedirector;McAfee Redirector Service; c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe [2007-01-15 248416]
R2 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-01-25 643664]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-01-15 839720]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2006-12-22 144960]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 Emproxy;McAfee E-mail Proxy; C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe [2007-01-12 341584]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 138168]
S3 mcmispupdmgr;McAfee Update Manager; C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe [2007-01-05 689752]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Thank you for all your help.
Attached Files
File Type: txt info.txt (22.6 KB, 27 views)
kirsten290 is offline  
Sponsored Links
Advertisement
 
Old 11-02-2008, 05:20 PM   #4
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
  1. Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

    Link 1
    Link 2
    Link 3






    --------------------------------------------------------------------


    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  3. Double click on combo-fix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

    The Recovery Console was successfully installed.



    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.

  8. Open HijackThis (C:\Program Files\trend micro\HijackThis.exe) and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 11-03-2008, 06:48 PM   #5
Guest
 
Join Date: Oct 2008
Posts: 10
OS:



I followed the instructions and ran combofix. The program was able to run and deleted some files, however before a log could be created an error occurred that caused my computer to restart. Upon restarting the red circle with the white x in the task bar is no longer present, and I am now able to run antivirus software. Thank you!
kirsten290 is offline  
Old 11-03-2008, 07:26 PM   #6
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hello -

What sort of error? Exact messages are helpful.

Please post a new log from RSIT.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 11-04-2008, 02:16 PM   #7
Guest
 
Join Date: Oct 2008
Posts: 10
OS:



Hi,
It was a Win32 error which made me reboot my computer. Here is the new RSIT log. Thank you

Logfile of random's system information tool 1.04 (written by random/random)
Run by gree6912 at 2008-11-05 04:33:51
Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (13%) free of 38 GB
Total RAM: 511 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:37, on 2008-11-05
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\AOL\1124387161\ee\AOLHostManager.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1124387161\ee\AOLServiceHost.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\WLAN11G\WLANMON.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\Documents and Settings\Kirsten Green\Desktop\RSIT.exe
C:\Program Files\trend micro\gree6912.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://red.clientapps.yahoo.com/cust...//my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://red.clientapps.yahoo.com/cust...ch/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124387161\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [lavasoftFeedBack] "C:\Program Files\Lavasoft\Personal Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [lavasoftMonitor] C:\PROGRA~1\Lavasoft\PERSON~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe -m
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AntispywareBot] C:\Program Files\AntispywareBot\AntispywareBot.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Westell 802.11g Wireless LAN Utility.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?5cc68dcc575e4bb5817050d9e93bedfb
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?5cc68dcc575e4bb5817050d9e93bedfb
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: https://*.mcafee.com
O16 - DPF: Yahoo! Word Racer - https://download.games.yahoo.com/game...ts/y/wt0_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {10000000-1000-0000-1000-000000000000} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {473EB4B9-6641-4FE4-9A0D-AB0EFAE34FA8} (ELSReg Class) - https://pocketconsult.elsevier.com.li...//ELSProxy.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsof...?1138454918294
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - https://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O23 - Service: Lavasoft Client Security Service (acssrv) - Lavasoft AB - C:\PROGRA~1\Lavasoft\PERSON~1\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 16038 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll [2004-01-07 272983]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll [2005-06-01 512000]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN Search Toolbar - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll [2005-09-20 577744]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar5.dll [2007-01-19 2403392]
{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-05-13 98304]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-05-14 536576]
"PCTVOICE"=C:\WINDOWS\system32\pctspk.exe [2002-07-18 163840]
"MoneyStartUp10.0"=C:\Program Files\Microsoft Money\System\Activation.exe [2001-07-25 241714]
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe [2002-07-17 28672]
"DadApp"=C:\Program Files\Dell\AccessDirect\dadapp.exe [2002-11-01 208560]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-05-22 327680]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2002-08-28 28672]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"HostManager"=C:\Program Files\Common Files\AOL\1124387161\ee\AOLHostManager.exe [2005-08-02 159832]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe [2005-07-19 40960]
"HPHUPD08"=C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-01 49152]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-07-15 180269]
"WD Button Manager"=C:\WINDOWS\system32\WDBtnMgr.exe [2006-11-05 339968]
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6253\SiteAdv.exe [2007-02-08 36904]
"tgcmd"=C:\Program Files\Support.com\bin\tgcmd.exe [2007-03-07 1773568]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"lavasoftFeedBack"=C:\Program Files\Lavasoft\Personal Firewall\feedback.exe [2008-04-22 413696]
"lavasoftMonitor"=C:\PROGRA~1\Lavasoft\PERSON~1\op_mon.exe [2008-04-25 1207296]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-07-19 52896]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-09-27 125168]
"brastk"=brastk.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe [2004-11-11 212992]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe [2005-07-19 57344]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2006-11-07 50736]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-23 68856]
"Mobipocket Web Companion"=C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe [2005-01-05 1601536]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 []
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-12-07 1884160]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
"AntispywareBot"=C:\Program Files\AntispywareBot\AntispywareBot.exe -boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2006-11-05 190464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [2004-01-26 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [2004-01-26 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe [2007-09-27 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2006-11-21 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe [2003-12-26 1531904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
C:\PROGRA~1\AOLCOM~1\COMPAN~1.EXE /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2005-05-11 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2003-04-09 598150]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\BACKWE~1.EXE [2002-03-13 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Backup Monitor.lnk]
C:\PROGRA~1\MYBOOK~1\WDBACK~1\UBBMON~1.EXE [2006-01-22 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kirsten Green^Start Menu^Programs^Startup^HotSync Manager.lnk]
C:\PROGRA~1\Palm\HOTSYNC.EXE [2003-03-19 299008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
DataViz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Westell 802.11g Wireless LAN Utility.lnk - C:\WLAN11G\WLANMON.exe
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceClassicControlPanel"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\aol\1124387161\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\aol\1124387161\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe"="C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Network Magic Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\aol\1124387161\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\aol\1124387161\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a066b7b0-898d-11dc-8150-000d5630417a}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-11-05 04:28:56 ----D---- C:\WINDOWS\LastGood
2008-11-04 07:09:22 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-11-04 07:05:55 ----D---- C:\Program Files\Symantec AntiVirus
2008-11-04 07:05:55 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-04 07:05:55 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-11-04 06:33:07 ----A---- C:\WINDOWS\PSEXESVC.EXE
2008-11-04 06:19:22 ----A---- C:\WINDOWS\zip.exe
2008-11-04 06:19:22 ----A---- C:\WINDOWS\VFIND.exe
2008-11-04 06:19:22 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-04 06:19:22 ----A---- C:\WINDOWS\SWSC.exe
2008-11-04 06:19:22 ----A---- C:\WINDOWS\SWREG.exe
2008-11-04 06:19:22 ----A---- C:\WINDOWS\sed.exe
2008-11-04 06:19:22 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-04 06:19:22 ----A---- C:\WINDOWS\grep.exe
2008-11-04 06:19:22 ----A---- C:\WINDOWS\fdsv.exe
2008-11-04 06:19:16 ----D---- C:\WINDOWS\ERDNT
2008-11-04 06:19:16 ----D---- C:\Qoobox
2008-11-04 06:19:14 ----D---- C:\Combo-Fix
2008-11-04 06:19:12 ----A---- C:\WINDOWS\system32\CF118.exe
2008-11-03 00:30:03 ----D---- C:\rsit
2008-11-02 23:34:14 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-11-02 23:34:13 ----A---- C:\WINDOWS\gmer.exe
2008-11-02 23:34:13 ----A---- C:\WINDOWS\gmer.dll
2008-10-27 13:23:13 ----D---- C:\Program Files\Windows Defender
2008-10-27 13:01:39 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2008-10-27 13:01:36 ----D---- C:\Program Files\Registry Mechanic
2008-10-27 12:23:52 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-10-24 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-24 03:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-23 22:20:50 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-10-23 22:14:40 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-23 16:02:03 ----D---- C:\Program Files\Trend Micro
2008-10-23 15:47:46 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-21 03:18:07 ----D---- C:\WINDOWS\Prefetch
2008-10-21 00:33:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-21 00:33:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-21 00:33:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-21 00:33:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-21 00:32:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-21 00:32:05 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-10-21 00:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-21 00:31:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-21 00:31:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-21 00:31:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-21 00:30:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-21 00:30:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-21 00:30:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-21 00:30:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-21 00:30:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-21 00:29:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-10-21 00:29:15 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-21 00:29:04 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-21 00:03:34 ----A---- C:\WINDOWS\setuplog.txt
2008-10-20 23:57:23 ----D---- C:\WINDOWS\system32\scripting
2008-10-20 23:57:11 ----D---- C:\WINDOWS\l2schemas
2008-10-20 23:57:07 ----D---- C:\WINDOWS\system32\en
2008-10-20 22:04:21 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-20 22:03:50 ----D---- C:\Program Files\SpywareBlaster
2008-10-20 15:49:19 ----D---- C:\Program Files\Panda Security
2008-10-20 14:56:12 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-20 14:46:58 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-20 13:59:28 ----D---- C:\Program Files\Microsoft AntiSpyware
2008-10-20 13:54:42 ----D---- C:\Program Files\Symantec
2008-10-20 13:52:59 ----D---- C:\SAV
2008-10-19 23:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-19 23:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-19 23:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-19 23:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-19 22:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-19 22:58:43 ----A---- C:\WINDOWS\system32\MRT.INI
2008-10-19 22:54:24 ----A---- C:\WINDOWS\imsins.BAK
2008-10-19 22:53:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956390_0$
2008-10-19 22:03:30 ----A---- C:\WINDOWS\qacoj.vbs
2008-10-19 22:03:30 ----A---- C:\Program Files\Common Files\orudoq.dll
2008-10-19 22:03:30 ----A---- C:\Documents and Settings\All Users\Application Data\ywamy.exe
2008-10-19 22:03:30 ----A---- C:\Documents and Settings\All Users\Application Data\alakirequr.vbs
2008-10-19 17:13:48 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-10-19 17:13:45 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-10-19 17:13:42 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-10-19 17:13:42 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-10-19 17:13:10 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-10-19 17:13:10 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-10-19 17:12:35 ----N---- C:\WINDOWS\system32\setupn.exe
2008-10-19 17:12:29 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-19 17:12:27 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-10-19 17:12:26 ----N---- C:\WINDOWS\system32\qutil.dll
2008-10-19 17:12:23 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-10-19 17:12:23 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-10-19 17:12:23 ----N---- C:\WINDOWS\system32\qagent.dll
2008-10-19 17:12:21 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-10-19 17:12:17 ----N---- C:\WINDOWS\system32\onex.dll
2008-10-19 17:11:55 ----N---- C:\WINDOWS\system32\napstat.exe
2008-10-19 17:11:55 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-10-19 17:11:55 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-10-19 17:11:53 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-10-19 17:11:52 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-10-19 17:11:49 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-10-19 17:11:49 ----N---- C:\WINDOWS\system32\mssha.dll
2008-10-19 17:11:26 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-10-19 17:11:25 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-19 17:11:25 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-10-19 17:11:24 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-10-19 17:10:54 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-10-19 17:10:54 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-10-19 17:10:53 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-10-19 17:10:53 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-10-19 17:10:52 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-10-19 17:10:52 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-10-19 17:10:34 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-10-19 17:10:33 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-10-19 17:09:38 ----A---- C:\WINDOWS\005912_.tmp
2008-10-19 17:09:30 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-10-19 17:09:30 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-10-19 17:09:29 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-10-19 17:09:29 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-10-19 17:09:28 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-10-19 17:09:28 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-10-19 17:09:27 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-10-19 17:09:27 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-10-19 17:09:00 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-10-19 17:09:00 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-10-19 17:09:00 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-10-19 17:08:59 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-10-19 17:08:59 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-10-19 17:08:59 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-10-19 17:08:59 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-10-19 17:08:51 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-10-19 17:08:51 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-10-19 17:08:47 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-10-19 17:08:40 ----N---- C:\WINDOWS\system32\credssp.dll
2008-10-19 17:08:27 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-19 17:08:27 ----N---- C:\WINDOWS\system32\azroles.dll
2008-10-19 17:08:05 ----N---- C:\WINDOWS\system32\aaclient.dll

======List of files/folders modified in the last 1 months======

2008-11-05 04:33:07 ----D---- C:\WINDOWS\Temp
2008-11-05 04:31:07 ----D---- C:\WINDOWS\SYSTEM32
2008-11-05 04:30:48 ----HD---- C:\WINDOWS\INF
2008-11-05 04:30:18 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-11-05 04:30:02 ----D---- C:\WINDOWS\Help
2008-11-05 04:28:56 ----AD---- C:\WINDOWS
2008-11-05 04:27:30 ----D---- C:\Program Files\Mozilla Firefox
2008-11-05 04:21:51 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-04 21:51:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-04 07:14:18 ----SHD---- C:\WINDOWS\Installer
2008-11-04 07:13:42 ----HD---- C:\Config.Msi
2008-11-04 07:09:22 ----D---- C:\WINDOWS\system32\DRIVERS
2008-11-04 07:05:58 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-04 07:05:55 ----D---- C:\Program Files\Common Files
2008-11-04 07:05:55 ----AD---- C:\Program Files
2008-11-04 06:41:02 ----D---- C:\WINDOWS\system32\CONFIG
2008-11-04 06:38:29 ----A---- C:\WINDOWS\system.ini
2008-11-04 06:27:56 ----D---- C:\WINDOWS\AppPatch
2008-11-04 06:23:00 ----SD---- C:\WINDOWS\Tasks
2008-10-27 13:24:31 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-27 13:24:30 ----D---- C:\WINDOWS\PCHealth
2008-10-27 12:30:22 ----D---- C:\WINDOWS\SECURITY
2008-10-24 06:25:03 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-24 03:00:42 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-23 22:22:27 ----D---- C:\Program Files\Adobe
2008-10-23 22:15:52 ----D---- C:\Program Files\Common Files\Adobe
2008-10-23 17:58:35 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-10-23 17:53:21 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-23 17:53:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-23 17:52:39 ----D---- C:\Documents and Settings\Kirsten Green\Application Data\McAfee
2008-10-23 16:05:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-23 16:05:14 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-23 15:58:01 ----D---- C:\Program Files\MSN Messenger
2008-10-21 03:25:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-21 03:23:56 ----D---- C:\WINDOWS\Debug
2008-10-21 03:17:11 ----D---- C:\WINDOWS\system32\Setup
2008-10-21 03:17:09 ----D---- C:\Program Files\Internet Explorer
2008-10-21 03:17:08 ----D---- C:\WINDOWS\system32\WBEM
2008-10-21 03:17:06 ----RSD---- C:\WINDOWS\Fonts
2008-10-21 00:29:26 ----D---- C:\Program Files\Messenger
2008-10-21 00:00:27 ----D---- C:\WINDOWS\WinSxS
2008-10-20 23:59:55 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-20 23:58:50 ----D---- C:\WINDOWS\system32\INETSRV
2008-10-20 23:58:48 ----D---- C:\WINDOWS\network diagnostic
2008-10-20 23:58:47 ----D---- C:\WINDOWS\IME
2008-10-20 23:57:30 ----D---- C:\WINDOWS\system32\en-US
2008-10-20 23:57:29 ----D---- C:\WINDOWS\system32\USMT
2008-10-20 23:57:05 ----D---- C:\WINDOWS\system32\bits
2008-10-20 23:57:04 ----D---- C:\WINDOWS\peernet
2008-10-20 23:57:03 ----D---- C:\Program Files\Movie Maker
2008-10-20 23:36:17 ----D---- C:\WINDOWS\system32\Restore
2008-10-20 23:36:16 ----D---- C:\WINDOWS\system32\NPP
2008-10-20 23:36:15 ----D---- C:\WINDOWS\MUI
2008-10-20 23:36:09 ----D---- C:\WINDOWS\MSAGENT
2008-10-20 23:36:03 ----D---- C:\WINDOWS\SRCHASST
2008-10-20 23:36:00 ----D---- C:\Program Files\NetMeeting
2008-10-20 23:35:51 ----D---- C:\WINDOWS\system32\Com
2008-10-20 23:35:41 ----D---- C:\Program Files\Windows Media Player
2008-10-20 23:35:38 ----D---- C:\Program Files\Windows NT
2008-10-20 23:35:38 ----D---- C:\Program Files\Outlook Express
2008-10-20 23:35:26 ----D---- C:\Program Files\Common Files\System
2008-10-20 23:34:26 ----D---- C:\WINDOWS\system32\OOBE
2008-10-20 23:34:18 ----D---- C:\WINDOWS\SYSTEM
2008-10-20 23:19:04 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-20 23:18:25 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-20 22:56:50 ----D---- C:\WINDOWS\EHome
2008-10-20 16:20:52 ----D---- C:\Documents and Settings\Kirsten Green\Application Data\Move Networks
2008-10-20 15:43:40 ----D---- C:\Program Files\CHM To PDF Converter PRO
2008-10-20 15:40:01 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-10-20 15:39:53 ----D---- C:\Program Files\Viewpoint
2008-10-20 14:47:09 ----D---- C:\Program Files\Lavasoft
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 1448 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 1448 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 1448 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-15 18:24:12 ----A---- C:\WINDOWS\ModemLog_PCTEL 2304WT V.92 MDC Modem.txt
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-07 12:19:42 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-08-24 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-08-24 2560]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-01-09 107608]
R1 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-08-15 143834]
R1 SandBox;SandBox; C:\WINDOWS\system32\DRIVERS\SandBox.sys [2008-03-12 449184]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-08-15 206464]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2004-06-08 8413]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2002-08-29 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2002-08-29 55936]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 afw;Lavasoft firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2008-02-28 206400]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-05-22 625024]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-06-02 43136]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-12-22 71496]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-12-22 34184]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2006-12-22 170408]
R3 mfesmfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfesmfk.sys [2006-12-22 37480]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-08-15 30630]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-12-05 28352]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081103.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081103.003\navex15.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 odysseyIM3;Odyssey Network Services Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2004-03-11 62865]
R3 Ptserial;W2K Pctel Serial Device Driver; C:\WINDOWS\System32\DRIVERS\ptserial.sys [2002-11-06 135260]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-04-25 220176]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2004-05-13 182688]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WLAN11G;Westell 802.11g Wireless PC Card; C:\WINDOWS\system32\DRIVERS\WLAN11G.sys [2004-04-21 386816]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 ATWPKT2;ATWPKT2; \??\C:\Program Files\America Online 8.0\ATWPKT2.SYS []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\KIRSTE~1\LOCALS~1\Temp\catchme.sys []
S3 Dot4;IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\hphid407.sys [2000-08-04 50320]
S3 Dot4Usb;USB to IEEE-1284.4 Translation Driver; C:\WINDOWS\system32\DRIVERS\hphius07.sys [2000-08-04 17904]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-08-15 25898]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver; C:\WINDOWS\System32\DRIVERS\el575nd5.sys [2001-08-17 69692]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 EraserUtilDrv10621;EraserUtilDrv10621; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10621.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-02 85969]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 mferkdk;McAfee Inc.; C:\WINDOWS\system32\drivers\mferkdk.sys [2006-12-22 32008]
S3 NETMW145;Belkin N1 Wireless Notebook Card Service for Windows XP; C:\WINDOWS\system32\DRIVERS\NETMW145.sys [2006-08-16 553984]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2003-03-19 16509]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-01-15 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-05-22 254043]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472]
R2 McAfee HackerWatch Service;McAfee HackerWatch Service; C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe [2007-01-09 540776]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2007-01-05 361560]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2007-01-11 2209320]
R2 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-01-16 362064]
R2 mcpromgr;McAfee Protection Manager; C:\PROGRA~1\McAfee\MSC\mcpromgr.exe [2007-01-05 493144]
R2 McRedirector;McAfee Redirector Service; c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe [2007-01-15 248416]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2006-12-22 144960]
R2 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-01-25 643664]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-01-15 839720]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S2 acssrv;Lavasoft Client Security Service; C:\PROGRA~1\Lavasoft\PERSON~1\acs.exe [2008-04-22 1171456]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 Emproxy;McAfee E-mail Proxy; C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe [2007-01-12 341584]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 138168]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 mcmispupdmgr;McAfee Update Manager; C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe [2007-01-05 689752]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
Attached Files
File Type: txt rsitlog.txt (57.2 KB, 28 views)
kirsten290 is offline  
Old 11-04-2008, 04:15 PM   #8
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Quote:
It was a Win32 error which made me reboot my computer.
If there's another error message, please note the exact and complete error message, thanks. While I'm sure you're doing the best you can, the above description is not enough to go on.

Why do you now have Symantec AntiVirus installed as well as McAfee?

While this may seem like greater protection, it can cause problems including slowdowns and system hangs. Choose one to keep and uninstall the other.

Any antivirus program must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:
re-install the program -> reboot -> uninstall
-----------------------------------------------------------------------

Please do not make any system changes except those I instruct while we're working together. To do otherwise may prove counterproductive.


S& D Spybot's Tea Timer

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
  • See this link for a tutorial

Using Internet Explorer, Download ResetTeaTimer.bat by right-clicking on the link, and choosing Save As. Save it to your desktop, or somewhere you can find it easily.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

Disable all other protection applications.

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

Double click on Combo-Fix.exe once again to run it.

If ComboFix needs to reboot the machine, restart back into safe mode to allow ComboFix to complete it's routine. Once a log has been produced, restart in normal mode, and post that log. It will be saved at C:\ComboFix.txt
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 11-04-2008, 06:33 PM   #9
Guest
 
Join Date: Oct 2008
Posts: 10
OS:



Hi,
Thank you for your prompt reply. I have removed McAfee from my computer and disabled the Spy bot R&D. Here is the new log from Combofix. No errors occurred this time while running combofix.
Attached Files
File Type: txt combofixlog.txt (28.0 KB, 27 views)
kirsten290 is offline  
Old 11-04-2008, 07:13 PM   #10
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Good job.

Now, please disable your protections applications, and then double click on Combo-Fix.exe once again to run it. It should prompt you to allow an update. Please allow it. It should also ask you to install the Recovery Console, as shown in my initial post. Please allow that as well.

Post the new log when that's completed. Also post a new HijackThis log.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 11-05-2008, 06:15 PM   #11
Guest
 
Join Date: Oct 2008
Posts: 10
OS:



Hi,
I did as you said and disabled my protection. When running combofix it failed to update. However it was finally able to install the recovery console. Here is the logs for combofix and hijackthis. Thank you

ComboFix 08-11-04.02 - gree6912 2008-11-05 16:45:07.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.165 [GMT -5:00]
Running from: c:\documents and settings\Kirsten Green\Desktop\Combo-Fix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-10-05 to 2008-11-05 )))))))))))))))))))))))))))))))
.

2008-11-04 20:11 . 2008-11-04 20:11 0 --a------ c:\windows\vpc32.INI
2008-11-04 07:09 . 2006-09-18 17:55 109,744 --a------ c:\windows\SYSTEM32\DRIVERS\SYMEVENT.SYS
2008-11-04 07:09 . 2006-09-18 17:55 48,816 --a------ c:\windows\SYSTEM32\S32EVNT1.DLL
2008-11-04 07:05 . 2008-11-05 16:54 <DIR> d-------- c:\program files\Symantec AntiVirus
2008-11-04 07:05 . 2008-11-04 07:12 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-04 07:05 . 2008-11-04 07:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-11-03 00:30 . 2008-11-03 00:30 <DIR> d-------- C:\rsit
2008-10-27 13:23 . 2008-10-27 17:22 <DIR> d-------- c:\program files\Windows Defender
2008-10-27 12:46 . 2008-10-27 12:49 <DIR> d-------- c:\documents and settings\Administrator\Application Data\GTek
2008-10-27 12:23 . 2008-10-27 12:23 <DIR> d--h----- c:\windows\SYSTEM32\GroupPolicy
2008-10-23 22:20 . 2008-10-23 22:20 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-10-23 16:04 . 2008-10-15 11:34 337,408 --------- c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-23 16:02 . 2008-11-05 04:34 <DIR> d-------- c:\program files\Trend Micro
2008-10-20 23:57 . 2008-10-20 23:57 <DIR> d-------- c:\windows\SYSTEM32\scripting
2008-10-20 23:57 . 2008-10-20 23:57 <DIR> d-------- c:\windows\SYSTEM32\en
2008-10-20 23:57 . 2008-10-20 23:57 <DIR> d-------- c:\windows\l2schemas
2008-10-20 22:04 . 2008-10-27 17:29 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-10-20 22:03 . 2008-10-20 22:03 <DIR> d-------- c:\program files\SpywareBlaster
2008-10-20 15:51 . 2008-06-19 17:24 28,544 --a------ c:\windows\SYSTEM32\DRIVERS\pavboot.sys
2008-10-20 15:49 . 2008-10-20 15:49 <DIR> d-------- c:\program files\Panda Security
2008-10-20 14:47 . 2008-03-12 12:31 449,184 --a------ c:\windows\SYSTEM32\DRIVERS\SandBox.sys
2008-10-20 14:47 . 2008-02-28 14:32 206,400 --a------ c:\windows\SYSTEM32\DRIVERS\afw.sys
2008-10-20 14:47 . 2007-10-25 19:17 49 --a------ c:\windows\transp.gif
2008-10-20 14:46 . 2008-10-20 14:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-20 13:59 . 2008-10-27 13:22 <DIR> d-------- c:\program files\Microsoft AntiSpyware
2008-10-20 13:54 . 2008-11-04 07:10 <DIR> d-------- c:\program files\Symantec
2008-10-20 13:52 . 2008-10-20 13:53 <DIR> d-------- C:\SAV
2008-10-19 22:58 . 2008-10-19 22:58 118 --a------ c:\windows\SYSTEM32\MRT.INI
2008-10-19 22:54 . 2008-10-24 03:02 1,393 --a------ c:\windows\imsins.BAK
2008-10-19 22:03 . 2008-10-19 22:03 19,853 --a------ c:\windows\oteqen.ban
2008-10-19 22:03 . 2008-10-19 22:03 18,398 --a------ c:\windows\nyqitabexa.pif
2008-10-19 22:03 . 2008-10-19 22:03 16,788 --a------ c:\windows\eteloja.sys
2008-10-19 22:03 . 2008-10-19 22:03 16,125 --a------ c:\windows\ibijoquz.db
2008-10-19 22:03 . 2008-10-19 22:03 15,982 --a------ c:\documents and settings\All Users\Application Data\ywamy.exe
2008-10-19 22:03 . 2008-10-19 22:03 15,917 --a------ c:\windows\soce.dat
2008-10-19 22:03 . 2008-10-19 22:03 15,450 --a------ c:\windows\qacoj.vbs
2008-10-19 22:03 . 2008-10-19 22:03 15,391 --a------ c:\documents and settings\All Users\Application Data\alakirequr.vbs
2008-10-19 22:03 . 2008-10-19 22:03 14,769 --a------ c:\windows\SYSTEM32\pohagipe.scr
2008-10-19 22:03 . 2008-10-19 22:03 14,718 --a------ c:\program files\Common Files\orudoq.dll
2008-10-19 22:03 . 2008-10-19 22:03 12,222 --a------ c:\program files\Common Files\fonasudybo.scr
2008-10-19 22:03 . 2008-10-19 22:03 11,707 --a------ c:\documents and settings\Kirsten Green\Application Data\ocehij.scr
2008-10-19 21:21 . 2008-09-08 05:41 333,824 --------- c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-10-19 21:20 . 2008-08-14 05:11 2,189,184 --------- c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
2008-10-19 21:20 . 2008-08-14 05:09 2,145,280 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-10-19 21:20 . 2008-08-14 04:33 2,066,048 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2008-10-19 21:20 . 2008-08-14 04:33 2,023,936 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-10-19 21:20 . 2008-09-15 07:12 1,846,400 --------- c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-10-19 17:13 . 2008-04-13 19:12 712,704 --------- c:\windows\SYSTEM32\windowscodecs.dll
2008-10-19 17:13 . 2008-04-13 19:12 346,112 --------- c:\windows\SYSTEM32\windowscodecsext.dll
2008-10-19 17:13 . 2008-04-13 19:12 276,992 --------- c:\windows\SYSTEM32\wmphoto.dll
2008-10-19 17:13 . 2008-04-13 19:12 69,120 --------- c:\windows\SYSTEM32\wlanapi.dll
2008-10-19 17:13 . 2008-04-13 19:12 53,248 --------- c:\windows\SYSTEM32\tsgqec.dll
2008-10-19 17:13 . 2008-04-13 19:12 50,688 --------- c:\windows\SYSTEM32\tspkg.dll
2008-10-19 17:12 . 2008-04-13 19:12 412,160 --------- c:\windows\SYSTEM32\photometadatahandler.dll
2008-10-19 17:12 . 2008-04-13 19:12 291,328 --------- c:\windows\SYSTEM32\qagentrt.dll
2008-10-19 17:12 . 2008-04-13 19:12 290,304 --------- c:\windows\SYSTEM32\rhttpaa.dll
2008-10-19 17:12 . 2008-04-13 19:12 150,528 --------- c:\windows\SYSTEM32\qagent.dll
2008-10-19 17:12 . 2008-04-13 19:12 144,384 --------- c:\windows\SYSTEM32\onex.dll
2008-10-19 17:12 . 2008-04-13 19:12 76,800 --------- c:\windows\SYSTEM32\qutil.dll
2008-10-19 17:12 . 2008-04-13 19:12 62,464 --------- c:\windows\SYSTEM32\qcliprov.dll
2008-10-19 17:12 . 2008-04-13 19:12 61,952 --------- c:\windows\SYSTEM32\rasqec.dll
2008-10-19 17:12 . 2008-04-13 19:12 32,768 --------- c:\windows\SYSTEM32\setupn.exe
2008-10-19 17:12 . 2008-04-13 13:40 10,240 --------- c:\windows\SYSTEM32\DRIVERS\sffp_mmc.sys
2008-10-19 17:10 . 2008-04-13 19:11 61,440 --------- c:\windows\SYSTEM32\kmsvc.dll
2008-10-19 17:10 . 2008-04-13 19:11 37,376 --------- c:\windows\SYSTEM32\l2gpstore.dll
2008-10-19 17:10 . 2008-04-13 19:12 10,752 --------- c:\windows\SYSTEM32\smtpapi.dll
2008-10-19 17:10 . 2008-04-13 19:12 9,728 --------- c:\windows\SYSTEM32\rwnh.dll
2008-10-19 17:10 . 2008-04-13 19:09 6,144 --------- c:\windows\SYSTEM32\kbdpash.dll
2008-10-19 17:10 . 2008-04-13 19:09 6,144 --------- c:\windows\SYSTEM32\kbdnepr.dll
2008-10-19 17:10 . 2008-04-13 19:09 6,144 --------- c:\windows\SYSTEM32\kbdiultn.dll
2008-10-19 17:10 . 2008-04-13 19:09 6,144 --------- c:\windows\SYSTEM32\kbdbhc.dll
2008-10-19 17:10 . 2007-06-21 00:52 974 --------- c:\windows\SYSTEM32\pid.inf
2008-10-19 17:08 . 2008-04-13 19:11 233,472 --------- c:\windows\SYSTEM32\azroles.dll
2008-10-19 17:08 . 2008-04-13 19:11 136,192 --------- c:\windows\SYSTEM32\aaclient.dll
2008-10-19 17:08 . 2008-04-13 19:11 57,856 --------- c:\windows\SYSTEM32\dot3cfg.dll
2008-10-19 17:08 . 2008-04-13 19:11 48,640 --------- c:\windows\SYSTEM32\dhcpqec.dll
2008-10-19 17:08 . 2008-04-13 19:11 39,936 --------- c:\windows\SYSTEM32\dot3gpclnt.dll
2008-10-19 17:08 . 2008-04-13 19:11 39,936 --------- c:\windows\SYSTEM32\dimsroam.dll
2008-10-19 17:08 . 2008-04-13 19:11 26,112 --------- c:\windows\SYSTEM32\dot3api.dll
2008-10-19 17:08 . 2008-04-13 19:11 19,456 --------- c:\windows\SYSTEM32\dimsntfy.dll
2008-10-19 17:08 . 2008-04-13 19:11 12,800 --------- c:\windows\SYSTEM32\credssp.dll
2008-10-19 17:08 . 2008-04-13 19:11 9,216 --------- c:\windows\SYSTEM32\dot3dlg.dll
2008-10-19 17:08 . 2008-04-13 19:11 7,168 --------- c:\windows\SYSTEM32\bitsprx4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 12:43 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-11-05 01:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-24 03:15 --------- d-----w c:\program files\Common Files\Adobe
2008-10-23 22:53 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-10-23 22:52 --------- d-----w c:\documents and settings\Kirsten Green\Application Data\McAfee
2008-10-23 21:05 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-23 20:58 --------- d-----w c:\program files\MSN Messenger
2008-10-20 21:20 --------- d-----w c:\documents and settings\Kirsten Green\Application Data\Move Networks
2008-10-20 20:43 --------- d-----w c:\program files\CHM To PDF Converter PRO
2008-10-20 20:40 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-10-20 20:39 --------- d-----w c:\program files\Viewpoint
2008-10-20 19:47 --------- d-----w c:\program files\Lavasoft
2008-10-20 03:03 15,995 ----a-w c:\program files\Common Files\jypopiw._dl
2008-10-20 03:03 15,129 ----a-w c:\program files\Common Files\ynozuka.dl
2008-10-20 03:03 12,933 ----a-w c:\program files\Common Files\gyrewiqur._sy
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-20 05:30 666,112 ----a-w c:\windows\SYSTEM32\wininet.dll
2008-08-20 05:30 666,112 ------w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
2008-08-20 05:30 619,520 ------w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
2008-08-20 05:30 3,067,904 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-08-20 05:30 1,499,136 ------w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w c:\windows\SYSTEM32\DLLCACHE\afd.sys
2008-08-14 09:33 2,066,048 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
2006-05-08 19:39 66,728 ----a-w c:\documents and settings\Kirsten Green\Application Data\GDIPFONTCACHEV1.DAT
2001-11-21 14:10 18,330,960 ----a-w c:\program files\Oxpsp1.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2004-11-11 212992]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 57344]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2006-11-07 50736]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]
"Mobipocket Web Companion"="c:\progra~1\COMMON~1\MOBIPO~1\webcomp.exe" [2005-01-05 1601536]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-12-07 1884160]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-07-17 28672]
"DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2002-11-01 208560]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-05-22 327680]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HostManager"="c:\program files\Common Files\AOL\1124387161\ee\AOLHostManager.exe" [2005-08-02 159832]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 40960]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-15 180269]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"lavasoftFeedBack"="c:\program files\Lavasoft\Personal Firewall\feedback.exe" [2008-04-22 413696]
"lavasoftMonitor"="c:\progra~1\Lavasoft\PERSON~1\op_mon.exe" [2008-04-25 1207296]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"SiteAdvisor"="c:\program files\SiteAdvisor\6253\SiteAdv.exe" [BU]
"PCTVOICE"="pctspk.exe" [2002-07-18 c:\windows\SYSTEM32\pctspk.exe]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-28 c:\windows\SYSTEM32\Ati2mdxx.exe]
"WD Button Manager"="WDBtnMgr.exe" [2006-11-05 c:\windows\SYSTEM32\WDBtnMgr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 443968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DataViz Messenger.lnk - c:\windows\DvzCommon\DvzMsgr.exe [2003-02-06 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Westell 802.11g Wireless LAN Utility.lnk - c:\wlan11g\WLANMON.exe [2006-05-27 778240]
Windows Desktop Search.lnk - c:\program files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [2005-09-20 17:10:04 238080]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=c:\windows\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Backup Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk
backup=c:\windows\pss\WD Backup Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kirsten Green^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\Kirsten Green\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-12-17 12:28 684032 c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2006-11-05 12:53 190464 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-01-26 10:46 53248 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2004-01-26 10:46 118784 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-09-27 20:17 443968 c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-11-21 12:38 35328 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2003-12-26 14:57 1531904 c:\program files\Yahoo!\Messenger\YPager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\aol\\1124387161\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 SandBox;SandBox;c:\windows\system32\DRIVERS\SandBox.sys [2008-03-12 449184]
R3 afw;Lavasoft firewall driver;c:\windows\system32\DRIVERS\afw.sys [2008-02-28 206400]
R3 WLAN11G;Westell 802.11g Wireless PC Card;c:\windows\system32\DRIVERS\WLAN11G.sys [2004-04-21 386816]
S2 acssrv;Lavasoft Client Security Service;c:\progra~1\Lavasoft\PERSON~1\acs.exe [2008-04-22 1171456]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\DRIVERS\el575nd5.sys [2001-08-17 69692]
S3 EraserUtilDrv10621;EraserUtilDrv10621;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10621.sys [ ]
S3 NETMW145;Belkin N1 Wireless Notebook Card Service for Windows XP;c:\windows\system32\DRIVERS\NETMW145.sys [2006-08-16 553984]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a066b7b0-898d-11dc-8150-000d5630417a}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-11-03 c:\windows\Tasks\At1.job
- c:\windows\system32\6f1g4RPh.exe []

2008-11-04 c:\windows\Tasks\At10.job
- c:\windows\system32\6f1g4RPh.exe []

2008-11-04 c:\windows\Tasks\At11.job
- c:\windows\system32\6f1g4RPh.exe []

2008-11-04 c:\windows\Tasks\At12.job
- c:\windows\system32\6f1g4RPh.exe []

2008-11-04 c:\windows\Tasks\At13.job
- c:\windows\system32\6f1g4RPh.exe []

2008-11-04 c:\windows\Tasks\At14.job
- c:\windows\system32\6f1g4RPh.exe []

2008-11-04 c:\windows\Tasks\At15.job
- c:\windows\system32\6f1g4RPh.exe []

2008-11-04 c:\windows\Tasks\At16.job
- c:\windows\system32\6f1g4RPh.exe []

2008-11-04 c:\windows\Tasks\At17.job
- c:\windows\system32\6f1g4RPh.exe []

2008-11-05 c:\windows\Tasks\At18.job
- c:\windows\system32\6f1g4RPh.exe []

2008-11-04 c:\windows\Tasks\At19.job
- c:\windows\system32\6f1g4RPh.exe []

2008-11-03 c:\windows\Tasks\At2.job
- c:\windows\system32\6f1g4RPh.exe []

2008-11-05 c:\windows\Tasks\At20.job
- c:\windows\system32\6f1g4RPh.exe []

2008-11-05 c:\windows\Tasks\At21.job
- c:\windows\system32\6f1g4RPh.exe []

2008-11-05 c:\windows\Tasks\At22.job
- c:\windows\system32\6f1g4RPh.exe []

2008-10-31 c:\windows\Tasks\At23.job
- c:\windows\system32\6f1g4RPh.exe []

2008-10-30 c:\windows\Tasks\At24.job
- c:\windows\system32\6f1g4RPh.exe []

2008-11-03 c:\windows\Tasks\At25.job
- c:\windows\system32\7B37w6K5.exe []

2008-11-03 c:\windows\Tasks\At26.job
- c:\windows\system32\7B37w6K5.exe []

2008-11-03 c:\windows\Tasks\At27.job
- c:\windows\system32\7B37w6K5.exe []

2008-10-30 c:\windows\Tasks\At28.job
- c:\windows\system32\7B37w6K5.exe []

2008-10-30 c:\windows\Tasks\At29.job
- c:\windows\system32\7B37w6K5.exe []

2008-11-03 c:\windows\Tasks\At3.job
- c:\windows\system32\6f1g4RPh.exe []

2008-11-05 c:\windows\Tasks\At30.job
- c:\windows\system32\7B37w6K5.exe []

2008-11-05 c:\windows\Tasks\At31.job
- c:\windows\system32\7B37w6K5.exe []

2008-11-05 c:\windows\Tasks\At32.job
- c:\windows\system32\7B37w6K5.exe []

2008-11-04 c:\windows\Tasks\At33.job
- c:\windows\system32\7B37w6K5.exe []

2008-11-04 c:\windows\Tasks\At34.job
- c:\windows\system32\7B37w6K5.exe []

2008-11-04 c:\windows\Tasks\At35.job
- c:\windows\system32\7B37w6K5.exe []

2008-11-04 c:\windows\Tasks\At36.job
- c:\windows\system32\7B37w6K5.exe []

2008-11-04 c:\windows\Tasks\At37.job
- c:\windows\system32\7B37w6K5.exe []

2008-11-04 c:\windows\Tasks\At38.job
- c:\windows\system32\7B37w6K5.exe []

2008-11-04 c:\windows\Tasks\At39.job
- c:\windows\system32\7B37w6K5.exe []

2008-10-30 c:\windows\Tasks\At4.job
- c:\windows\system32\6f1g4RPh.exe []

2008-11-04 c:\windows\Tasks\At40.job
- c:\windows\system32\7B37w6K5.exe []

2008-11-04 c:\windows\Tasks\At41.job
- c:\windows\system32\7B37w6K5.exe []

2008-11-05 c:\windows\Tasks\At42.job
- c:\windows\system32\7B37w6K5.exe []

2008-11-04 c:\windows\Tasks\At43.job
- c:\windows\system32\7B37w6K5.exe []

2008-11-05 c:\windows\Tasks\At44.job
- c:\windows\system32\7B37w6K5.exe []

2008-11-05 c:\windows\Tasks\At45.job
- c:\windows\system32\7B37w6K5.exe []

2008-11-05 c:\windows\Tasks\At46.job
- c:\windows\system32\7B37w6K5.exe []

2008-10-31 c:\windows\Tasks\At47.job
- c:\windows\system32\7B37w6K5.exe []

2008-10-30 c:\windows\Tasks\At48.job
- c:\windows\system32\7B37w6K5.exe []

2008-10-30 c:\windows\Tasks\At5.job
- c:\windows\system32\6f1g4RPh.exe []

2008-11-05 c:\windows\Tasks\At6.job
- c:\windows\system32\6f1g4RPh.exe []

2008-11-05 c:\windows\Tasks\At7.job
- c:\windows\system32\6f1g4RPh.exe []

2008-11-05 c:\windows\Tasks\At8.job
- c:\windows\system32\6f1g4RPh.exe []

2008-11-04 c:\windows\Tasks\At9.job
- c:\windows\system32\6f1g4RPh.exe []

2008-10-30 c:\windows\Tasks\SpywareBot Scheduled Scan.job
- c:\program files\SpywareBot\SpywareBot.exe []

2008-10-30 c:\windows\Tasks\SpywareBot Scheduled Scan.job
- c:\program files\SpywareBot []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Kirsten Green\Application Data\Mozilla\Firefox\Profiles\xm4wh46p.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-11-05 16:57:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Dell\AccessDirect\dadtray.exe
c:\program files\Common Files\aol\1124387161\ee\AOLServiceHost.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\SYSTEM32\HPZipm12.exe
c:\program files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
c:\program files\Java\jre1.6.0_05\bin\jucheck.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-11-05 17:25:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-05 22:25:37
ComboFix2.txt 2008-11-05 02:03:03

Pre-Run: 5,007,073,280 bytes free
Post-Run: 4,978,700,288 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

425 --- E O F --- 2008-10-24 11:25:09

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:44 PM, on 11/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\AOL\1124387161\ee\AOLHostManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\Lavasoft\PERSON~1\op_mon.exe
C:\Program Files\Common Files\AOL\1124387161\ee\AOLServiceHost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\WLAN11G\WLANMON.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://red.clientapps.yahoo.com/cust...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124387161\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [lavasoftFeedBack] "C:\Program Files\Lavasoft\Personal Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [lavasoftMonitor] C:\PROGRA~1\Lavasoft\PERSON~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe -m
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Westell 802.11g Wireless LAN Utility.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?5cc68dcc575e4bb5817050d9e93bedfb
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?5cc68dcc575e4bb5817050d9e93bedfb
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: https://*.mcafee.com
O16 - DPF: Yahoo! Word Racer - https://download.games.yahoo.com/game...ts/y/wt0_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {473EB4B9-6641-4FE4-9A0D-AB0EFAE34FA8} (ELSReg Class) - https://pocketconsult.elsevier.com.li...//ELSProxy.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsof...?1138454918294
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - https://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O23 - Service: Lavasoft Client Security Service (acssrv) - Lavasoft AB - C:\PROGRA~1\Lavasoft\PERSON~1\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 14053 bytes
Attached Files
File Type: txt combolog2.txt (28.0 KB, 21 views)
File Type: txt hijackthis2.txt (13.7 KB, 28 views)
kirsten290 is offline  
Old 11-05-2008, 06:35 PM   #12
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Good job. While you may have received a message that ComboFix failed to update and would continue with the existing version, it did in fact update. I can see that in the log header. Thanks for letting me know.


Next steps............

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
  1. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  2. Open notepad and copy/paste the text in the quotebox below into it:

    Quote:
    File::
    c:\windows\oteqen.ban
    c:\windows\nyqitabexa.pif
    c:\windows\eteloja.sys
    c:\windows\ibijoquz.db
    c:\documents and settings\All Users\Application Data\ywamy.exe
    c:\windows\soce.dat
    c:\windows\qacoj.vbs
    c:\documents and settings\All Users\Application Data\alakirequr.vbs
    c:\windows\SYSTEM32\pohagipe.scr
    c:\Program Files\Common Files\orudoq.dll
    c:\Program Files\Common Files\fonasudybo.scr
    c:\documents and settings\Kirsten Green\Application Data\ocehij.scr
    c:\Program Files\Common Files\jypopiw._dl
    c:\Program Files\Common Files\ynozuka.dl
    c:\Program Files\Common Files\gyrewiqur._sy
    c:\windows\system32\6f1g4RPh.exe
    c:\windows\system32\7B37w6K5.exe
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At10.job
    c:\windows\Tasks\At11.job
    c:\windows\Tasks\At12.job
    c:\windows\Tasks\At13.job
    c:\windows\Tasks\At14.job
    c:\windows\Tasks\At15.job
    c:\windows\Tasks\At16.job
    c:\windows\Tasks\At17.job
    c:\windows\Tasks\At18.job
    c:\windows\Tasks\At19.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At20.job
    c:\windows\Tasks\At21.job
    c:\windows\Tasks\At22.job
    c:\windows\Tasks\At23.job
    c:\windows\Tasks\At24.job
    c:\windows\Tasks\At25.job
    c:\windows\Tasks\At26.job
    c:\windows\Tasks\At27.job
    c:\windows\Tasks\At28.job
    c:\windows\Tasks\At29.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At30.job
    c:\windows\Tasks\At31.job
    c:\windows\Tasks\At32.job
    c:\windows\Tasks\At33.job
    c:\windows\Tasks\At34.job
    c:\windows\Tasks\At35.job
    c:\windows\Tasks\At36.job
    c:\windows\Tasks\At37.job
    c:\windows\Tasks\At38.job
    c:\windows\Tasks\At39.job
    c:\windows\Tasks\At4.job
    c:\windows\Tasks\At40.job
    c:\windows\Tasks\At41.job
    c:\windows\Tasks\At42.job
    c:\windows\Tasks\At43.job
    c:\windows\Tasks\At44.job
    c:\windows\Tasks\At45.job
    c:\windows\Tasks\At46.job
    c:\windows\Tasks\At47.job
    c:\windows\Tasks\At48.job
    c:\windows\Tasks\At5.job
    c:\windows\Tasks\At6.job
    c:\windows\Tasks\At7.job
    c:\windows\Tasks\At8.job
    c:\windows\Tasks\At9.job


    Registry::
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"=-


    Save this as CFScript.txt




    Referring to the picture above, drag CFScript.txt into ComboFix.exe


  3. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  4. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------

  5. Please perform this online scan to help look for remnants

    Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs
    • Turn off the real time scanner of any existing antivirus program while performing the online scan.

    Click Accept, when prompted to download and install the program files and database of malware definitions.
    • Click Run at the Security prompt.
    • The program will then begin downloading and installing and will also update the database.
    • Please be patient as this can take several minutes.
    • Once the update is complete, click on Settings. Uncheck Mail databases.
    • Next, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
    • Click View scan report at the bottom.
    • Click the Save Report As... button.
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

  7. Post logs from

    ComboFix (C:\ComboFix.txt)
    Kaspersky online scan


    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 11-07-2008, 12:56 PM   #13
Guest
 
Join Date: Oct 2008
Posts: 10
OS:



Hi. Here are those two logs. Thanks!
Attached Files
File Type: txt kasperskylog.txt (3.5 KB, 23 views)
File Type: txt combofixlog3.txt (24.5 KB, 27 views)
kirsten290 is offline  
Old 11-07-2008, 04:20 PM   #14
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.


Using Windows Explorer, or Windows Search, locate and delete the following:

C:\Documents and Settings\Kirsten Green\My Documents\setupxv.exe
c:\windows\Tasks\SpywareBot Scheduled Scan.job


Let me know if you have any trouble with that.

---------------------------------------------------------------------------------------------

Most of the other items found by Kaspersky are in Symantec quarantine. Symantec empties it's quarantine on a schedule, and the items there can cause you no harm. There should also be a way to finally delete Symantec quaratined items from within the user interface. See if this guide helps.

https://www.d.umn.edu/itss/security/nav/quarantine.html

---------------------------------------------------------------------------------------------

C:\System Volume Information\ is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be resetting/clearing the cache in a little while; this will be done by uninstalling ComboFix as instructed below.

Your logs appear clean.You should be good to go. We still have a few items to address.

Go to -> Run -> copy/paste in the following single line command & click OK

combofix /u



This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:
  • Microsoft Windows Update - https://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items
  • Winpatrol

    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.

  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
    • Download Host.zip to your desktop.
    • From your Desktop right-click (hosts.zip) and select:
      Extract All from the menu.
    • Click Next, click Next, select the option:
      "Show Extracted files", click Finish
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.
  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

    Do not install more than one AntiVirus program because they will conflict with each other.

  • FIREWALL
    Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here

    Do not install more than one firewall program because they will conflict with each other.

Scan here https://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Here are some additional utilities that will further enhance your safety.
  • https://www.trillian.cc ? Trillian or https://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • https://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

  • https://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

  • https://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 11-08-2008, 07:31 AM   #15
Guest
 
Join Date: Oct 2008
Posts: 10
OS:



Thank you so much for your help! When I try to uninstall Combofix an error occurs. It says Windows cannot find 'CF30724.exe'. Make sure you typed the name correctly, and then try again. I copied and pasted the name multiple times and I keep receiving the same error.
kirsten290 is offline  
Old 11-08-2008, 07:36 AM   #16
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Is ComboFix.exe still on your desktop?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 11-10-2008, 07:51 PM   #17
Guest
 
Join Date: Oct 2008
Posts: 10
OS:



Yes Combofix is still on my desktop
kirsten290 is offline  
Old 11-10-2008, 07:58 PM   #18
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



The simplest solution might be to run ComboFix once again, making sure your protection applications are all disabled, and then once it's completed it's tasks, run the ComboFix /u command.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 11-11-2008, 03:43 PM   #19
Guest
 
Join Date: Oct 2008
Posts: 10
OS:



Combofix was successfully uninstalled. Thank you so much for your help!
kirsten290 is offline  
Old 11-11-2008, 05:25 PM   #20
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



That's great! Glad to have helped.

Surf Safely, and Think Prevention!

Since this issue is resolved, this topic will be archived.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:22 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts