Hi Carolyn,
This is my new post:
THE MALWAREBYTES' ANTI-MALWARE LOG
Malwarebytes' Anti-Malware 1.24
Database version: 1014
Windows 6.0.6000
11:12:42 PM 31/07/2008
mbam-log-7-31-2008 (23-12-42).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 152760
Time elapsed: 57 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 24
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 60
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Windows\System32\yayvUljK.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\computer\AppData\Local\Temp\urqnNfFy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\computer\AppData\Local\Temp\stxifxpy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\wbxdpgfelge.dll (Trojan.FakeAlert) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dcf374fa-3b88-4da5-b11e-e3986e60e050} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{dcf374fa-3b88-4da5-b11e-e3986e60e050} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f8ac36d7-f602-4b69-99b5-2a812e05779f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{786a6394-50f1-48cd-93ee-4ed4f5fe8662} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ee7a2769-965a-4f81-ba54-07391b28f6f6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a79f34c7-7417-43ab-99eb-06c8057b88c8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{01ac48c9-9646-4608-b16c-57aff893bcb3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01ac48c9-9646-4608-b16c-57aff893bcb3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SEC (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07edfdfd-6c70-4a41-bf5b-42cff83c55d5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{314e0b3c-4f96-465c-b3e2-dc2333adca0b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{43c32b77-6a04-493b-85d1-87e9e068f675} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{45d8ff5b-af6f-4b26-b438-84407b97aafb} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{91a2ea3f-44a0-4e88-beef-11137707e7c3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.btqd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3255f941 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3255f941 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f8ac36d7-f602-4b69-99b5-2a812e05779f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fdxbameg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayvuljk -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayvuljk -> Delete on reboot.
Folders Infected:
C:\Program Files\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
Files Infected:
C:\Windows\System32\yayvUljK.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\KjlUvyay.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\KjlUvyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\awttRJAR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\RAJRttwa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\RAJRttwa.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\opnkliHw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wHilknpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wHilknpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\uelnytkg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\gktynleu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wVPIXRIa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\aIRXIPVw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\aIRXIPVw.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\urqnNfFy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\computer\AppData\Local\Temp\stxifxpy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\nnnkJDtR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\wbxdpgfelge.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\computer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGYFW0KB\kb456456[1] (Trojan.Vundo) -> Delete on reboot.
C:\Users\computer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWJY2YEI\kb767887[2] (Trojan.Vundo) -> Delete on reboot.
C:\Users\computer\AppData\Local\Temp\byXPghii.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\chxpgtwk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\ckommpsk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\dlaotuvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\efcBttsT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\gbglwanq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\goxxyohu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\mlJBTjiG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\vtUooLFu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\wnjbgfgk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\wvUlKaXo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\xxyXqopn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\nnryjwfa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\rqrRhfda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp000115b1 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp00011802 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp00012174 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp0001251c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp0001498d (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp00016f07 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp0001753e (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\nnnmNdBT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\elvqco.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\enkpdbcq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\llewjuoe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\awtqQKeB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\gffjsbbo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\hotcmw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\iadrdb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\mmnetfry.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ofywmo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\phizpn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\tvmefh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\txujux.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\udnrdxoq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vqamgolt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wmfpncrd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wuupffnw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\zcowkv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\fdxbameg.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
___________________________________________________________
THE COMBOFIX LOG
ComboFix 08-07-31.01 - computer 2008-07-31 23:35:59.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1291 [GMT -4:00]
Running from: C:\Users\computer\Downloads\ComboFix.exe
* Created a new restore point
.
ADS - system32: deleted 12 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\computer\AppData\Roaming\macromedia\Flash Player\#SharedObjects\F6PG9YWA\interclick.com
C:\Users\computer\AppData\Roaming\macromedia\Flash Player\#SharedObjects\F6PG9YWA\interclick.com\ud.sol
C:\Users\computer\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\computer\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Windows\Downloaded Program Files\setup.inf
C:\Windows\system32\AutoRun.inf
C:\Windows\system32\byxkoesb.ini
C:\Windows\system32\ctbiysom.ini
C:\Windows\system32\dcqoehly.ini
C:\Windows\system32\embpwxgp.ini
C:\Windows\system32\idsqtuua.ini
C:\Windows\system32\lysjrsms.ini
C:\Windows\system32\psogxvdy.ini
C:\Windows\system32\rfoipenx.ini
C:\Windows\system32\ufeqnqge.ini
C:\Windows\system32\utqdhvbu.ini
C:\Windows\system32\x64
C:\Windows\system32\yayvUljK.dll
C:\Windows\wbxdpgfelge.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 03:11 --------- d-----w C:\Program Files\Lx_cats
2008-08-01 02:09 --------- d-----w C:\Users\computer\AppData\Roaming\Malwarebytes
2008-08-01 02:08 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-01 02:08 --------- d-----w C:\PROGRA~2\Malwarebytes
2008-07-31 22:39 --------- d-----w C:\PROGRA~2\Google Updater
2008-07-31 00:07 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-07-31 00:07 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-07-23 22:48 --------- d-----w C:\Program Files\Trend Micro
2008-07-16 21:34 --------- d-----w C:\Program Files\Norton AntiVirus
2008-07-16 21:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-16 21:30 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-07-16 21:30 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-07-16 21:30 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-07-16 21:30 --------- d-----w C:\Program Files\Symantec
2008-07-16 03:51 --------- d-----w C:\PROGRA~2\Symantec
2008-07-14 22:14 --------- d-----w C:\Program Files\Sun
2008-07-14 22:14 --------- d-----w C:\Program Files\Java
2008-07-08 02:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-08 02:14 --------- d-----w C:\Program Files\MagicTune Premium
2008-07-08 02:05 --------- d-----w C:\Program Files\SEC
2008-07-06 22:06 --------- d-----w C:\Program Files\KWorld Multimedia
2008-07-06 20:48 --------- d-----w C:\Program Files\CyberLink
2008-07-06 19:47 --------- d-----w C:\Users\computer\AppData\Roaming\ArcSoft
2008-07-05 01:10 --------- dc-h--w C:\PROGRA~2\{BB55CB49-6330-4B53-B9A7-7ACBC2E8F14F}
2008-07-05 01:10 --------- d-----w C:\Program Files\XPC Tools
2008-07-03 00:10 --------- d-----w C:\Users\computer\AppData\Roaming\uTorrent
2008-07-02 22:37 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-07-02 05:45 --------- d-----w C:\PROGRA~2\Avg7
2008-07-02 04:39 --------- d-----w C:\PROGRA~2\WinZip
2008-07-02 04:36 --------- d-----w C:\Program Files\Google
2008-06-25 22:14 --------- d-----w C:\Users\computer\AppData\Roaming\Roxio
2008-06-24 22:44 2,036 ----a-w C:\Users\computer\AppData\Roaming\wklnhst.dat
2008-06-24 22:18 --------- d-----w C:\Program Files\Yahoo!
2008-06-24 22:09 --------- d-----w C:\Program Files\Windows Mail
2008-06-24 03:33 --------- d-----w C:\PROGRA~2\Yahoo!
2008-06-24 03:31 --------- d-----w C:\Users\computer\AppData\Roaming\Yahoo!
2008-06-21 16:42 --------- d-----w C:\PROGRA~2\HPSSUPPLY
2008-06-21 05:26 --------- d-----w C:\Users\computer\AppData\Roaming\HP
2008-06-21 05:23 --------- d-----w C:\PROGRA~2\WEBREG
2008-06-21 05:22 --------- d-----w C:\PROGRA~2\HP
2008-06-21 05:19 --------- d-----w C:\PROGRA~2\Hewlett-Packard
2008-06-21 05:12 --------- d-----w C:\Users\computer\AppData\Roaming\HPAppData
2008-06-21 05:12 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-21 05:11 --------- d-----w C:\Program Files\HP
2008-06-21 05:09 --------- d-----w C:\PROGRA~2\HP Product Assistant
2008-06-21 05:05 --------- d-----w C:\Program Files\Common Files\HP
2008-06-15 21:52 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-06-15 03:37 --------- d-----w C:\Program Files\MSI
2008-06-14 00:56 --------- d-----w C:\PROGRA~2\Roxio
2008-06-14 00:35 --------- d-----w C:\Program Files\LimeWire
2008-06-13 18:14 24,112 ----a-w C:\Windows\system32\drivers\SymIMV.sys
2008-06-13 18:14 13,093 ----a-w C:\Windows\system32\drivers\SymRedir.cat
2008-06-13 18:14 1,611 ----a-w C:\Windows\system32\drivers\SymRedir.inf
2008-06-13 18:13 96,432 ----a-w C:\Windows\system32\drivers\symfw.sys
2008-06-13 18:13 41,008 ----a-w C:\Windows\system32\drivers\symndisv.sys
2008-06-13 18:13 38,576 ----a-w C:\Windows\system32\drivers\symids.sys
2008-06-13 18:13 22,320 ----a-w C:\Windows\system32\drivers\symredrv.sys
2008-06-13 18:13 184,240 ----a-w C:\Windows\system32\drivers\symtdi.sys
2008-06-13 18:13 13,616 ----a-w C:\Windows\system32\drivers\symdns.sys
2008-06-13 00:45 --------- d-----w C:\PROGRA~2\NVIDIA
2008-06-11 03:30 --------- d-----w C:\Program Files\D-Link
2008-06-11 02:14 --------- d-----w C:\Program Files\Zone Labs
2008-06-10 02:20 8,413 ----a-w C:\Windows\system32\drivers\mcstrm.sys
2008-06-10 02:20 --------- d-----w C:\Program Files\Rhapsody
2008-06-09 02:58 --------- d-----w C:\Users\computer\AppData\Roaming\LimeWire
2008-06-09 00:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-09 00:34 --------- d-----w C:\PROGRA~2\WildTangent
2008-06-08 23:30 --------- d-----w C:\Users\computer\AppData\Roaming\Logitech
2008-06-08 23:25 127,034 ------r C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
2008-06-08 23:25 --------- d-----w C:\Program Files\Logitech
2008-06-08 23:24 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-06-08 23:20 --------- d-----w C:\Program Files\Common Files\Logitech
2008-06-08 23:19 --------- d-----w C:\PROGRA~2\Logitech
2008-06-03 21:23 --------- d-----w C:\Program Files\QuickMediaConverter
2008-05-30 16:10 944,184 ----a-w C:\Windows\System32\winload.exe
2008-05-30 16:10 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-05-30 16:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-05-30 16:10 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-05-30 16:10 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-05-30 16:10 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-05-30 16:10 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-05-30 16:10 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-05-30 16:10 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-05-30 16:09 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-05-30 16:09 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-05-30 16:08 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-05-30 16:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-30 16:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-30 16:08 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-30 16:08 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-05-30 16:08 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-30 16:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-30 16:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-30 16:08 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2007-08-30 12:45 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]
2008-04-17 03:44 398776 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD1849EA-8403-4441-8DFF-7575AAE1DC16}]
2008-03-26 14:38 641464 --a------ C:\Program Files\BearShare Applications\Personalization\BearSharePersonalizationIE_v1044.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Users\computer\Desktop\CCleaner.exe" [2008-02-20 10:15 816368]
"BearSharePersonalization"="C:\Program Files\BearShare Applications\Personalization\BearSharePersonalization.exe" [2008-03-26 14:38 1237944]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:34 201728]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-01 15:19 68856]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-26 18:52 1232896]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 20:15 221184]
"DriverUpdaterPro"="C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe" [2008-06-26 05:11 2294272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 09:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 11:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 07:34 155648]
"DPService"="C:\Program Files\HP\DVDPlay\DPService.exe" [2006-12-06 14:38 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-12 20:00 312240]
"LXDDCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-22 18:05 102400]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-28 16:14 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-28 16:17 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-28 16:13 81920]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-02-05 19:32 20480]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 18:34 49152]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-02 00:37 1862144]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 20:15 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-07-30 20:07 1187448]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 05:52 4702208 C:\Windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\Windows\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\Windows\KHALMNPR.Exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-01 15:19:30 124400]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-06-08 19:25:51 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-08 19:20:01 688128]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2008-07-07 22:05:51 49220]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\Windows\pss\Compaq Connections.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link RangeBooster G WUA-2340]
--a------ 2006-09-01 13:09 1880064 C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverUpdaterPro]
--a------ 2008-06-26 05:11 2294272 C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 49152 C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-07-25 16:06 2027792 C:\Program Files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
--a------ 2007-02-12 19:58 291760 C:\Program Files\Lexmark 2500 Series\lxddmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\Windows\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4E6531C2-B399-44CA-BC1D-4CD79823CB52}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9CAD34EF-E124-4DD9-9883-0E29B2ED7927}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9F7E84A9-071F-45FF-9022-D14A35FFA3D3}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{F8A0DDD3-D478-40BC-8484-88E7BC24D1A8}"= TCP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{774B8BB8-7F4A-4A85-A913-65349596E1E8}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{A98B5BDF-E018-4912-A954-14ACB46B03BE}"= C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections:Compaq Connections
"{A7C1907E-1AC8-4DCA-B374-BF0751B844A2}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{F649F75D-C971-4068-ADFA-5A0C9326E116}"= TCP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{0B25BECC-81FB-4E10-B368-AD669340244C}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{82D6A7D6-EE19-4E46-AA39-D5464126C25B}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7B306AEE-94C2-448A-BEBA-24DD03B0E3F2}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{687EB77F-F220-4FF7-B6A6-2886D613F231}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{602313D3-1AEB-4D74-B01B-EAFA412B08A7}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{344181C1-4BF3-47DF-9FC2-E520B0E2629E}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{42FDFFA6-7E31-4507-83D6-4E10B15A1CDC}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{E0B2AE1D-EF93-4489-A114-D30A198B94A4}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{1F913502-B2D9-4436-89FD-BC3D2B4DAA95}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{AA1A4082-A9DE-4F9F-8587-FA490F82B4E8}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{98A9E126-CCB0-4221-8F60-1A7CCBF692DB}C:\\users\\computer\\desktop\\age of empires ii\\empires2.exe"= UDP:C:\users\computer\desktop\age of empires ii\empires2.exe:empires2.exe
"UDP Query User{B3A438C2-2C28-41E7-A7D0-C8227A359779}C:\\users\\computer\\desktop\\age of empires ii\\empires2.exe"= TCP:C:\users\computer\desktop\age of empires ii\empires2.exe:empires2.exe
"{55030AC9-9490-4FD6-B35A-89A5415B02E4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{50250265-DDD1-4685-983B-D9B1D4E4B02B}"= UDP:C:\Windows\System32\lxddcoms.exe:Lexmark Communications System
"{894CD28C-5F87-4E9C-ADD6-C481AF91D579}"= TCP:C:\Windows\System32\lxddcoms.exe:Lexmark Communications System
"{32C6BF36-2F0B-477F-A90F-C4A0AE2ADFFA}"= UDP:C:\Program Files\Lexmark 2500 Series\lxddmon.exe:Device Monitor
"{336665F3-CF9D-428D-AFFB-8C4313B6033F}"= TCP:C:\Program Files\Lexmark 2500 Series\lxddmon.exe:Device Monitor
"{30D94CA5-A458-49A0-BBC9-B52D3FBF5113}"= UDP:C:\Program Files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{630F3290-43C4-49B3-A412-DF462AB4CF46}"= TCP:C:\Program Files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{8F76CF84-6515-4B87-ADBE-768CE66DC1D5}"= UDP:C:\Program Files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{8474174B-7663-4745-818B-6919ACB14E86}"= TCP:C:\Program Files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{2DE4CE91-1CFB-4650-96CF-45D9BE1C89FE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{21C366A4-DCFC-46D9-AAAF-A1BD57B218ED}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{80D22383-C0AC-4339-96E7-3E3409AC4891}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{DFC50077-96A9-4C4A-B609-2CE69B32DE2A}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{BAB79A46-9735-4565-A267-C5DEA2C3E279}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{006F58E7-BFEB-401F-A4E2-FA15BB47180A}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{96E362D6-3105-4BC4-88C2-C8FBFE7681AC}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{09BEF76A-4EB1-4F19-BCC7-64EA391A99ED}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{028A5674-424F-43C9-8D1C-31EDC93D36D2}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4D35C67F-F578-44A1-AE62-591F507BD390}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{2B57ABD4-2D1B-44D9-8514-58116D45663D}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{1DAE39D8-F286-4B96-9217-3DE2A554E66D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{C26A2D6D-65F6-4B65-BBE5-26D551F17AD9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{D8144528-5812-4F0D-885C-14596EC3C42E}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7295B5E5-6BFF-4EEF-9099-66F65B4D10F9}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{93D29F94-8312-405F-9A83-E859728710A7}C:\\program files\\lexmark 2500 series\\lxddamon.exe"= UDP:C:\program files\lexmark 2500 series\lxddamon.exe:Device Monitor Appliaction
"UDP Query User{1E7456BF-E56A-433A-BE96-347FCA3742A6}C:\\program files\\lexmark 2500 series\\lxddamon.exe"= TCP:C:\program files\lexmark 2500 series\lxddamon.exe:Device Monitor Appliaction
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080729.001\IDSvix86.sys [2008-06-03 15:53]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 11:02]
R2 lxdd_device;lxdd_device;C:\Windows\system32\lxddcoms.exe [2007-02-12 19:59]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 14:13]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\A5AGU.sys [2006-05-08 20:10]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-07-29 C:\Windows\Tasks\Norton AntiVirus - Run Full System Scan - computer.job
- C:\Program Files\Norton AntiVirus\Navw32.exe [2007-08-26 13:19]
2008-06-07 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - computer.job
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe []
2008-08-01 C:\Windows\Tasks\User_Feed_Synchronization-{534B33F1-A093-4594-A57F-3CA935647300}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 05:45]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-CamWizard - C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe
MSConfigStartUp-D-Link Wireless G WUA-1340 - C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
MSConfigStartUp-LVCOMSX - C:\Windows\system32\LVCOMSX.EXE
MSConfigStartUp-Picasa Media Detector - C:\Users\computer\Desktop\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-PVR Agent - C:\Program Files\MSI\TV@Anywhere Plus\TVR\Scheduled.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
https://www.google.com/a/sounddes.com/S ... mplcache=2R0 -: HKLM-Main,Start Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR1 -: HKCU-SearchURL,(Default) =
hxxp://www.google.com/keyword/%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O16 -: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
C:\Windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-31 23:39:47
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-31 23:41:34
ComboFix-quarantined-files.txt 2008-08-01 03:41:20
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 121,569,779,712 bytes free
330 --- E O F --- 2008-07-04 07:02:20
________________________________________________________
THE UNINSTALL LIST
AppCore
ccCommon
Component Framework
HijackThis 2.0.2
Java(TM) 6 Update 7
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
MagicTune Premium
Malwarebytes' Anti-Malware
Natural Color Pro
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton Internet Security
Norton Protection Center
OpenOffice.org Installer 1.0
SPBBC 32bit
__________________________________________________________
FRESH HIJACK THIS LOG
Malwarebytes' Anti-Malware 1.24
Database version: 1014
Windows 6.0.6000
11:12:42 PM 31/07/2008
mbam-log-7-31-2008 (23-12-42).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 152760
Time elapsed: 57 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 24
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 60
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Windows\System32\yayvUljK.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\computer\AppData\Local\Temp\urqnNfFy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\computer\AppData\Local\Temp\stxifxpy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\wbxdpgfelge.dll (Trojan.FakeAlert) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dcf374fa-3b88-4da5-b11e-e3986e60e050} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{dcf374fa-3b88-4da5-b11e-e3986e60e050} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f8ac36d7-f602-4b69-99b5-2a812e05779f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{786a6394-50f1-48cd-93ee-4ed4f5fe8662} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ee7a2769-965a-4f81-ba54-07391b28f6f6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a79f34c7-7417-43ab-99eb-06c8057b88c8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{01ac48c9-9646-4608-b16c-57aff893bcb3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01ac48c9-9646-4608-b16c-57aff893bcb3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SEC (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07edfdfd-6c70-4a41-bf5b-42cff83c55d5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{314e0b3c-4f96-465c-b3e2-dc2333adca0b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{43c32b77-6a04-493b-85d1-87e9e068f675} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{45d8ff5b-af6f-4b26-b438-84407b97aafb} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{91a2ea3f-44a0-4e88-beef-11137707e7c3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.btqd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3255f941 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3255f941 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f8ac36d7-f602-4b69-99b5-2a812e05779f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fdxbameg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayvuljk -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayvuljk -> Delete on reboot.
Folders Infected:
C:\Program Files\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
Files Infected:
C:\Windows\System32\yayvUljK.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\KjlUvyay.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\KjlUvyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\awttRJAR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\RAJRttwa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\RAJRttwa.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\opnkliHw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wHilknpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wHilknpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\uelnytkg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\gktynleu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wVPIXRIa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\aIRXIPVw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\aIRXIPVw.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\urqnNfFy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\computer\AppData\Local\Temp\stxifxpy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\nnnkJDtR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\wbxdpgfelge.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\computer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGYFW0KB\kb456456[1] (Trojan.Vundo) -> Delete on reboot.
C:\Users\computer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWJY2YEI\kb767887[2] (Trojan.Vundo) -> Delete on reboot.
C:\Users\computer\AppData\Local\Temp\byXPghii.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\chxpgtwk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\ckommpsk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\dlaotuvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\efcBttsT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\gbglwanq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\goxxyohu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\mlJBTjiG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\vtUooLFu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\wnjbgfgk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\wvUlKaXo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\xxyXqopn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\nnryjwfa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\rqrRhfda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp000115b1 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp00011802 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp00012174 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp0001251c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp0001498d (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp00016f07 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp0001753e (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\nnnmNdBT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\elvqco.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\enkpdbcq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\llewjuoe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\awtqQKeB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\gffjsbbo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\hotcmw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\iadrdb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\mmnetfry.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ofywmo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\phizpn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\tvmefh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\txujux.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\udnrdxoq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vqamgolt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wmfpncrd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wuupffnw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\zcowkv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\fdxbameg.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
___________________________________________________________
ComboFix 08-07-31.01 - computer 2008-07-31 23:35:59.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1291 [GMT -4:00]
Running from: C:\Users\computer\Downloads\ComboFix.exe
* Created a new restore point
.
ADS - system32: deleted 12 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\computer\AppData\Roaming\macromedia\Flash Player\#SharedObjects\F6PG9YWA\interclick.com
C:\Users\computer\AppData\Roaming\macromedia\Flash Player\#SharedObjects\F6PG9YWA\interclick.com\ud.sol
C:\Users\computer\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\computer\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Windows\Downloaded Program Files\setup.inf
C:\Windows\system32\AutoRun.inf
C:\Windows\system32\byxkoesb.ini
C:\Windows\system32\ctbiysom.ini
C:\Windows\system32\dcqoehly.ini
C:\Windows\system32\embpwxgp.ini
C:\Windows\system32\idsqtuua.ini
C:\Windows\system32\lysjrsms.ini
C:\Windows\system32\psogxvdy.ini
C:\Windows\system32\rfoipenx.ini
C:\Windows\system32\ufeqnqge.ini
C:\Windows\system32\utqdhvbu.ini
C:\Windows\system32\x64
C:\Windows\system32\yayvUljK.dll
C:\Windows\wbxdpgfelge.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 03:11 --------- d-----w C:\Program Files\Lx_cats
2008-08-01 02:09 --------- d-----w C:\Users\computer\AppData\Roaming\Malwarebytes
2008-08-01 02:08 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-01 02:08 --------- d-----w C:\PROGRA~2\Malwarebytes
2008-07-31 22:39 --------- d-----w C:\PROGRA~2\Google Updater
2008-07-31 00:07 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-07-31 00:07 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-07-23 22:48 --------- d-----w C:\Program Files\Trend Micro
2008-07-16 21:34 --------- d-----w C:\Program Files\Norton AntiVirus
2008-07-16 21:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-16 21:30 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-07-16 21:30 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-07-16 21:30 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-07-16 21:30 --------- d-----w C:\Program Files\Symantec
2008-07-16 03:51 --------- d-----w C:\PROGRA~2\Symantec
2008-07-14 22:14 --------- d-----w C:\Program Files\Sun
2008-07-14 22:14 --------- d-----w C:\Program Files\Java
2008-07-08 02:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-08 02:14 --------- d-----w C:\Program Files\MagicTune Premium
2008-07-08 02:05 --------- d-----w C:\Program Files\SEC
2008-07-06 22:06 --------- d-----w C:\Program Files\KWorld Multimedia
2008-07-06 20:48 --------- d-----w C:\Program Files\CyberLink
2008-07-06 19:47 --------- d-----w C:\Users\computer\AppData\Roaming\ArcSoft
2008-07-05 01:10 --------- dc-h--w C:\PROGRA~2\{BB55CB49-6330-4B53-B9A7-7ACBC2E8F14F}
2008-07-05 01:10 --------- d-----w C:\Program Files\XPC Tools
2008-07-03 00:10 --------- d-----w C:\Users\computer\AppData\Roaming\uTorrent
2008-07-02 22:37 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-07-02 05:45 --------- d-----w C:\PROGRA~2\Avg7
2008-07-02 04:39 --------- d-----w C:\PROGRA~2\WinZip
2008-07-02 04:36 --------- d-----w C:\Program Files\Google
2008-06-25 22:14 --------- d-----w C:\Users\computer\AppData\Roaming\Roxio
2008-06-24 22:44 2,036 ----a-w C:\Users\computer\AppData\Roaming\wklnhst.dat
2008-06-24 22:18 --------- d-----w C:\Program Files\Yahoo!
2008-06-24 22:09 --------- d-----w C:\Program Files\Windows Mail
2008-06-24 03:33 --------- d-----w C:\PROGRA~2\Yahoo!
2008-06-24 03:31 --------- d-----w C:\Users\computer\AppData\Roaming\Yahoo!
2008-06-21 16:42 --------- d-----w C:\PROGRA~2\HPSSUPPLY
2008-06-21 05:26 --------- d-----w C:\Users\computer\AppData\Roaming\HP
2008-06-21 05:23 --------- d-----w C:\PROGRA~2\WEBREG
2008-06-21 05:22 --------- d-----w C:\PROGRA~2\HP
2008-06-21 05:19 --------- d-----w C:\PROGRA~2\Hewlett-Packard
2008-06-21 05:12 --------- d-----w C:\Users\computer\AppData\Roaming\HPAppData
2008-06-21 05:12 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-21 05:11 --------- d-----w C:\Program Files\HP
2008-06-21 05:09 --------- d-----w C:\PROGRA~2\HP Product Assistant
2008-06-21 05:05 --------- d-----w C:\Program Files\Common Files\HP
2008-06-15 21:52 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-06-15 03:37 --------- d-----w C:\Program Files\MSI
2008-06-14 00:56 --------- d-----w C:\PROGRA~2\Roxio
2008-06-14 00:35 --------- d-----w C:\Program Files\LimeWire
2008-06-13 18:14 24,112 ----a-w C:\Windows\system32\drivers\SymIMV.sys
2008-06-13 18:14 13,093 ----a-w C:\Windows\system32\drivers\SymRedir.cat
2008-06-13 18:14 1,611 ----a-w C:\Windows\system32\drivers\SymRedir.inf
2008-06-13 18:13 96,432 ----a-w C:\Windows\system32\drivers\symfw.sys
2008-06-13 18:13 41,008 ----a-w C:\Windows\system32\drivers\symndisv.sys
2008-06-13 18:13 38,576 ----a-w C:\Windows\system32\drivers\symids.sys
2008-06-13 18:13 22,320 ----a-w C:\Windows\system32\drivers\symredrv.sys
2008-06-13 18:13 184,240 ----a-w C:\Windows\system32\drivers\symtdi.sys
2008-06-13 18:13 13,616 ----a-w C:\Windows\system32\drivers\symdns.sys
2008-06-13 00:45 --------- d-----w C:\PROGRA~2\NVIDIA
2008-06-11 03:30 --------- d-----w C:\Program Files\D-Link
2008-06-11 02:14 --------- d-----w C:\Program Files\Zone Labs
2008-06-10 02:20 8,413 ----a-w C:\Windows\system32\drivers\mcstrm.sys
2008-06-10 02:20 --------- d-----w C:\Program Files\Rhapsody
2008-06-09 02:58 --------- d-----w C:\Users\computer\AppData\Roaming\LimeWire
2008-06-09 00:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-09 00:34 --------- d-----w C:\PROGRA~2\WildTangent
2008-06-08 23:30 --------- d-----w C:\Users\computer\AppData\Roaming\Logitech
2008-06-08 23:25 127,034 ------r C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
2008-06-08 23:25 --------- d-----w C:\Program Files\Logitech
2008-06-08 23:24 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-06-08 23:20 --------- d-----w C:\Program Files\Common Files\Logitech
2008-06-08 23:19 --------- d-----w C:\PROGRA~2\Logitech
2008-06-03 21:23 --------- d-----w C:\Program Files\QuickMediaConverter
2008-05-30 16:10 944,184 ----a-w C:\Windows\System32\winload.exe
2008-05-30 16:10 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-05-30 16:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-05-30 16:10 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-05-30 16:10 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-05-30 16:10 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-05-30 16:10 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-05-30 16:10 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-05-30 16:10 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-05-30 16:09 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-05-30 16:09 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-05-30 16:08 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-05-30 16:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-30 16:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-30 16:08 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-30 16:08 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-05-30 16:08 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-30 16:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-30 16:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-30 16:08 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2007-08-30 12:45 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]
2008-04-17 03:44 398776 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD1849EA-8403-4441-8DFF-7575AAE1DC16}]
2008-03-26 14:38 641464 --a------ C:\Program Files\BearShare Applications\Personalization\BearSharePersonalizationIE_v1044.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Users\computer\Desktop\CCleaner.exe" [2008-02-20 10:15 816368]
"BearSharePersonalization"="C:\Program Files\BearShare Applications\Personalization\BearSharePersonalization.exe" [2008-03-26 14:38 1237944]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:34 201728]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-01 15:19 68856]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-26 18:52 1232896]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 20:15 221184]
"DriverUpdaterPro"="C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe" [2008-06-26 05:11 2294272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 09:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 11:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 07:34 155648]
"DPService"="C:\Program Files\HP\DVDPlay\DPService.exe" [2006-12-06 14:38 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-12 20:00 312240]
"LXDDCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-22 18:05 102400]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-28 16:14 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-28 16:17 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-28 16:13 81920]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-02-05 19:32 20480]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 18:34 49152]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-02 00:37 1862144]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 20:15 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-07-30 20:07 1187448]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 05:52 4702208 C:\Windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\Windows\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\Windows\KHALMNPR.Exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-01 15:19:30 124400]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-06-08 19:25:51 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-08 19:20:01 688128]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2008-07-07 22:05:51 49220]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\Windows\pss\Compaq Connections.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link RangeBooster G WUA-2340]
--a------ 2006-09-01 13:09 1880064 C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverUpdaterPro]
--a------ 2008-06-26 05:11 2294272 C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 49152 C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-07-25 16:06 2027792 C:\Program Files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
--a------ 2007-02-12 19:58 291760 C:\Program Files\Lexmark 2500 Series\lxddmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\Windows\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4E6531C2-B399-44CA-BC1D-4CD79823CB52}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9CAD34EF-E124-4DD9-9883-0E29B2ED7927}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9F7E84A9-071F-45FF-9022-D14A35FFA3D3}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{F8A0DDD3-D478-40BC-8484-88E7BC24D1A8}"= TCP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{774B8BB8-7F4A-4A85-A913-65349596E1E8}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{A98B5BDF-E018-4912-A954-14ACB46B03BE}"= C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections:Compaq Connections
"{A7C1907E-1AC8-4DCA-B374-BF0751B844A2}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{F649F75D-C971-4068-ADFA-5A0C9326E116}"= TCP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{0B25BECC-81FB-4E10-B368-AD669340244C}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{82D6A7D6-EE19-4E46-AA39-D5464126C25B}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7B306AEE-94C2-448A-BEBA-24DD03B0E3F2}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{687EB77F-F220-4FF7-B6A6-2886D613F231}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{602313D3-1AEB-4D74-B01B-EAFA412B08A7}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{344181C1-4BF3-47DF-9FC2-E520B0E2629E}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{42FDFFA6-7E31-4507-83D6-4E10B15A1CDC}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{E0B2AE1D-EF93-4489-A114-D30A198B94A4}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{1F913502-B2D9-4436-89FD-BC3D2B4DAA95}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{AA1A4082-A9DE-4F9F-8587-FA490F82B4E8}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{98A9E126-CCB0-4221-8F60-1A7CCBF692DB}C:\\users\\computer\\desktop\\age of empires ii\\empires2.exe"= UDP:C:\users\computer\desktop\age of empires ii\empires2.exe:empires2.exe
"UDP Query User{B3A438C2-2C28-41E7-A7D0-C8227A359779}C:\\users\\computer\\desktop\\age of empires ii\\empires2.exe"= TCP:C:\users\computer\desktop\age of empires ii\empires2.exe:empires2.exe
"{55030AC9-9490-4FD6-B35A-89A5415B02E4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{50250265-DDD1-4685-983B-D9B1D4E4B02B}"= UDP:C:\Windows\System32\lxddcoms.exe:Lexmark Communications System
"{894CD28C-5F87-4E9C-ADD6-C481AF91D579}"= TCP:C:\Windows\System32\lxddcoms.exe:Lexmark Communications System
"{32C6BF36-2F0B-477F-A90F-C4A0AE2ADFFA}"= UDP:C:\Program Files\Lexmark 2500 Series\lxddmon.exe:Device Monitor
"{336665F3-CF9D-428D-AFFB-8C4313B6033F}"= TCP:C:\Program Files\Lexmark 2500 Series\lxddmon.exe:Device Monitor
"{30D94CA5-A458-49A0-BBC9-B52D3FBF5113}"= UDP:C:\Program Files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{630F3290-43C4-49B3-A412-DF462AB4CF46}"= TCP:C:\Program Files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{8F76CF84-6515-4B87-ADBE-768CE66DC1D5}"= UDP:C:\Program Files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{8474174B-7663-4745-818B-6919ACB14E86}"= TCP:C:\Program Files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{2DE4CE91-1CFB-4650-96CF-45D9BE1C89FE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{21C366A4-DCFC-46D9-AAAF-A1BD57B218ED}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{80D22383-C0AC-4339-96E7-3E3409AC4891}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{DFC50077-96A9-4C4A-B609-2CE69B32DE2A}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{BAB79A46-9735-4565-A267-C5DEA2C3E279}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{006F58E7-BFEB-401F-A4E2-FA15BB47180A}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{96E362D6-3105-4BC4-88C2-C8FBFE7681AC}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{09BEF76A-4EB1-4F19-BCC7-64EA391A99ED}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{028A5674-424F-43C9-8D1C-31EDC93D36D2}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4D35C67F-F578-44A1-AE62-591F507BD390}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{2B57ABD4-2D1B-44D9-8514-58116D45663D}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{1DAE39D8-F286-4B96-9217-3DE2A554E66D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{C26A2D6D-65F6-4B65-BBE5-26D551F17AD9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{D8144528-5812-4F0D-885C-14596EC3C42E}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7295B5E5-6BFF-4EEF-9099-66F65B4D10F9}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{93D29F94-8312-405F-9A83-E859728710A7}C:\\program files\\lexmark 2500 series\\lxddamon.exe"= UDP:C:\program files\lexmark 2500 series\lxddamon.exe:Device Monitor Appliaction
"UDP Query User{1E7456BF-E56A-433A-BE96-347FCA3742A6}C:\\program files\\lexmark 2500 series\\lxddamon.exe"= TCP:C:\program files\lexmark 2500 series\lxddamon.exe:Device Monitor Appliaction
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080729.001\IDSvix86.sys [2008-06-03 15:53]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 11:02]
R2 lxdd_device;lxdd_device;C:\Windows\system32\lxddcoms.exe [2007-02-12 19:59]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 14:13]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\A5AGU.sys [2006-05-08 20:10]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-07-29 C:\Windows\Tasks\Norton AntiVirus - Run Full System Scan - computer.job
- C:\Program Files\Norton AntiVirus\Navw32.exe [2007-08-26 13:19]
2008-06-07 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - computer.job
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe []
2008-08-01 C:\Windows\Tasks\User_Feed_Synchronization-{534B33F1-A093-4594-A57F-3CA935647300}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 05:45]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-CamWizard - C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe
MSConfigStartUp-D-Link Wireless G WUA-1340 - C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
MSConfigStartUp-LVCOMSX - C:\Windows\system32\LVCOMSX.EXE
MSConfigStartUp-Picasa Media Detector - C:\Users\computer\Desktop\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-PVR Agent - C:\Program Files\MSI\TV@Anywhere Plus\TVR\Scheduled.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
https://www.google.com/a/sounddes.com/S ... mplcache=2R0 -: HKLM-Main,Start Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR1 -: HKCU-SearchURL,(Default) =
hxxp://www.google.com/keyword/%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O16 -: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
C:\Windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-31 23:39:47
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-31 23:41:34
ComboFix-quarantined-files.txt 2008-08-01 03:41:20
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 121,569,779,712 bytes free
330 --- E O F --- 2008-07-04 07:02:20
___________________________________________________________
AppCore
ccCommon
Component Framework
HijackThis 2.0.2
Java(TM) 6 Update 7
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
MagicTune Premium
Malwarebytes' Anti-Malware
Natural Color Pro
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton Internet Security
Norton Protection Center
OpenOffice.org Installer 1.0
SPBBC 32bit
___________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:25 PM, on 31/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.google.com/a/sounddes.com/S ... mplcache=2R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: BearSharePersonalization - {DD1849EA-8403-4441-8DFF-7575AAE1DC16} - C:\Program Files\BearShare Applications\Personalization\BearSharePersonalizationIE_v1044.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ccleaner] "C:\Users\computer\Desktop\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [BearSharePersonalization] "C:\Program Files\BearShare Applications\Personalization\BearSharePersonalization.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader1006.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail.com/mail/w2/resourc ... den-ca.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -
http://mechanicbrain69.spaces.live.com/ ... den-ca.cabO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12229 bytes
Thanks again and Godbless!!!!
Much appreciated,
Ted