Thanks for the good vacation wish - it was a blast! Now, back to seeing if I am or can get clean on this computer!
Upon arriving home, an automatic AVG scan noticed a change in an additional file besides just the kernel32.dll file, this time on a file with no file type extension at C:\WINNT\system32\drivers\etc\hosts
Also, the spelling difference was a typo: the file AVG has consistently listed as "changed" since this problem began is kernel32.dll and now also the file "hosts".
Still there is no odd behaviour from the system which seems to be running fine.
AVG logs follow the others in the order they were asked for.
Note that I have separated the logs by a few spaces and have capitalized the intros to each to make them easier to distinguish, as well as having numbered them:
1) HERE IS THE AUTORUNS LOG:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
+ C:\WINNT\system32\userinit.exe Userinit Logon Application Microsoft Corporation c:\winnt\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
+ Explorer.exe Windows Explorer Microsoft Corporation c:\winnt\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ Acrobat Assistant 7.0 AcroTray Adobe Systems Inc. d:\program files\adobe\acrobat\distillr\acrotray.exe
+ AVG7_CC AVG Control Center GRISOFT, s.r.o. d:\program files\grisoft\avg\avgcc.exe
+ Lexmark X6100 Series Lexmark X6100 Series Button Manager Lexmark International, Inc. c:\program files\lexmark x6100 series\lxbfbmgr.exe
+ Norton Ghost 9.0 Tray Application Symantec Corporation d:\program files\norton\ghost\agent\ghosttray.exe
+ NvCplDaemon NVIDIA Display Properties Extension NVIDIA Corporation c:\winnt\system32\nvcpl.dll
+ NvMediaCenter NVIDIA Media Center Library NVIDIA Corporation c:\winnt\system32\nvmctray.dll
+ nwiz NVIDIA nView Wizard, Version 110.14 NVIDIA Corporation c:\winnt\system32\nwiz.exe
+ QuickTime Task QuickTime Task Apple Computer, Inc. d:\program files\quicktime\qttask.exe
+ SoundMAX SoundMAX Control Center Analog Devices, Inc. c:\program files\analog devices\soundmax\smax4.exe
+ SoundMAXPnP SMax4PNP MFC Application Analog Devices, Inc. c:\program files\analog devices\soundmax\smax4pnp.exe
+ SunJavaUpdateSched Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc. c:\program files\java\jre1.5.0_11\bin\jusched.exe
+ Synchronization Manager Microsoft Synchronization Manager Microsoft Corporation c:\winnt\system32\mobsync.exe
+ THGuard TrojanHunter Guard Mischel Internet Security d:\program files\trojanhunter 4.2\thguard.exe
+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe
+ Tweak UI User interface customization toy Microsoft Corporation c:\winnt\system32\tweakui.cpl
+ ZoneAlarm Client ZoneAlarm Client Zone Labs, LLC d:\program files\zonealarm\zlclient.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
+ Adobe Acrobat Speed Launcher.lnk c:\winnt\installer\{ac76ba86-1033-f400-7760-000000000002}\sc_acrobat.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
+ MemTurbo.lnk MemTurbo SoftwareOnline.com, Inc. d:\program files\memturbo\memturbo.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ AWMON Ad-Watch System Protector Lavasoft Sweden d:\program files\lavasoft\ad-aware se professional\ad-watch.exe
+ DeskSlide DeskSlide Application George Obada d:\program files\deskslide\deskslide.exe
+ internat.exe Keyboard Language Indicator Applet Microsoft Corporation c:\winnt\system32\internat.exe
+ Norton SystemWorks Symantec Internal Component Symantec Corporation d:\program files\norton\system works\cfgwiz.exe
+ SpybotSD TeaTimer System settings protector Safer Networking Limited d:\program files\spybot - search & destroy\teatimer.exe
HKLM\SOFTWARE\Classes\Protocols\Filter
+ application/octet-stream Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\winnt\system32\mscoree.dll
+ application/x-complus Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\winnt\system32\mscoree.dll
+ application/x-msdownload Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\winnt\system32\mscoree.dll
+ Class Install Handler OLE32 Extensions for Win32 Microsoft Corporation c:\winnt\system32\urlmon.dll
+ deflate OLE32 Extensions for Win32 Microsoft Corporation c:\winnt\system32\urlmon.dll
+ gzip OLE32 Extensions for Win32 Microsoft Corporation c:\winnt\system32\urlmon.dll
+ lzdhtml OLE32 Extensions for Win32 Microsoft Corporation c:\winnt\system32\urlmon.dll
+ text/webviewhtml Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
HKLM\SOFTWARE\Classes\Protocols\Handler
+ about Microsoft (R) HTML Viewer Microsoft Corporation c:\winnt\system32\mshtml.dll
+ cdl OLE32 Extensions for Win32 Microsoft Corporation c:\winnt\system32\urlmon.dll
+ file OLE32 Extensions for Win32 Microsoft Corporation c:\winnt\system32\urlmon.dll
+ ftp OLE32 Extensions for Win32 Microsoft Corporation c:\winnt\system32\urlmon.dll
+ gopher OLE32 Extensions for Win32 Microsoft Corporation c:\winnt\system32\urlmon.dll
+ http OLE32 Extensions for Win32 Microsoft Corporation c:\winnt\system32\urlmon.dll
+ https OLE32 Extensions for Win32 Microsoft Corporation c:\winnt\system32\urlmon.dll
+ its Microsoft® InfoTech Storage System Library Microsoft Corporation c:\winnt\system32\itss.dll
+ javascript Microsoft (R) HTML Viewer Microsoft Corporation c:\winnt\system32\mshtml.dll
+ local OLE32 Extensions for Win32 Microsoft Corporation c:\winnt\system32\urlmon.dll
+ mailto Microsoft (R) HTML Viewer Microsoft Corporation c:\winnt\system32\mshtml.dll
+ mhtml Microsoft Internet Messaging API Microsoft Corporation c:\winnt\system32\inetcomm.dll
+ mk OLE32 Extensions for Win32 Microsoft Corporation c:\winnt\system32\urlmon.dll
+ ms-its Microsoft® InfoTech Storage System Library Microsoft Corporation c:\winnt\system32\itss.dll
+ res Microsoft (R) HTML Viewer Microsoft Corporation c:\winnt\system32\mshtml.dll
+ sysimage Microsoft (R) HTML Viewer Microsoft Corporation c:\winnt\system32\mshtml.dll
+ vbscript Microsoft (R) HTML Viewer Microsoft Corporation c:\winnt\system32\mshtml.dll
+ vnd.ms.radio Windows Media Player 2 ActiveX Control Microsoft Corporation c:\winnt\system32\msdxm.ocx
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: About:Home
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ Address Book 5 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe
+ Browser Customizations Microsoft Internet Explorer Customization DLL Microsoft Corporation c:\winnt\system32\iedkcs32.dll
+ CRLUpdate UPDCRL Microsoft Corporation c:\winnt\system32\updcrl.exe
+ EnableRevocation Microsoft(C) Register Server Microsoft Corporation c:\winnt\system32\regsvr32.exe
+ Internet Explorer 6 IE 5.0 Per-User Install Utility Microsoft Corporation c:\winnt\system32\ie4uinit.exe
+ Internet Explorer Access Windows NT User Data Migration Tool Microsoft Corporation c:\winnt\system32\shmgrate.exe
+ Microsoft Outlook Express 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe
+ Microsoft Windows Media Player ADVPACK Microsoft Corporation c:\winnt\system32\advpack.dll
+ n/a Microsoft .NET IE SECURITY REGISTRATION Microsoft Corporation c:\winnt\system32\mscories.dll
+ NetMeeting 3.01 ADVPACK Microsoft Corporation c:\winnt\system32\advpack.dll
+ Outlook Express Access Windows NT User Data Migration Tool Microsoft Corporation c:\winnt\system32\shmgrate.exe
+ Windows Desktop Update Microsoft(C) Register Server Microsoft Corporation c:\winnt\system32\regsvr32.exe
+ Windows Media Player Microsoft Windows Media Player Setup Utility Microsoft Corporation c:\winnt\inf\unregmp2.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
+ Browseui preloader Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Component Categories cache daemon Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ Network.ConnectionTray Network Connections Shell Microsoft Corporation c:\winnt\system32\netshell.dll
+ SysTray Systray shell service object Microsoft Corporation c:\winnt\system32\stobject.dll
+ WebCheck Web Site Monitor Microsoft Corporation c:\winnt\system32\webcheck.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ shell32.dll Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Web Folders c:\program files\common files\microsoft shared\web folders\msonsext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ &Address Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ &Links Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ .CAB file viewer Cabinet File Viewer Shell Extension Microsoft Corporation c:\winnt\system32\cabview.dll
+ Accessible Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ ActiveDesktop Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ ActiveX Cache Folder Object Control Viewer Microsoft Corporation c:\winnt\system32\occache.dll
+ Add encryption item to context menus in explorer Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ Address Bar Parser Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Address EditBox Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Adobe.Acrobat.ContextMenu Adobe Acrobat Context Menu Adobe Systems Inc. d:\program files\adobe\acrobat\acrobat elements\contextmenu.dll
+ Augmented Shell Folder Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Augmented Shell Folder 2 Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ AVG7 Find Extension AVG Shell Extension GRISOFT, s.r.o. d:\program files\grisoft\avg\avgse.dll
+ AVG7 Shell Extension AVG Shell Extension GRISOFT, s.r.o. d:\program files\grisoft\avg\avgse.dll
+ BandProxy Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Briefcase Windows Briefcase Microsoft Corporation c:\winnt\system32\syncui.dll
+ Briefcase Folder Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ CDF Extension Copy Hook Shell Doc Object and Control Library Microsoft Corporation c:\winnt\system32\shdocvw.dll
+ Channel File Channel Definition File Viewer Microsoft Corporation c:\winnt\system32\cdfview.dll
+ Channel Handler Object Channel Definition File Viewer Microsoft Corporation c:\winnt\system32\cdfview.dll
+ Channel Menu Channel Definition File Viewer Microsoft Corporation c:\winnt\system32\cdfview.dll
+ Channel Properties Channel Definition File Viewer Microsoft Corporation c:\winnt\system32\cdfview.dll
+ Channel Shortcut Channel Definition File Viewer Microsoft Corporation c:\winnt\system32\cdfview.dll
+ CmdFileIcon Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ Code Download Agent Web Site Monitor Microsoft Corporation c:\winnt\system32\webcheck.dll
+ ConnectionAgent Web Site Monitor Microsoft Corporation c:\winnt\system32\webcheck.dll
+ Cryptext File Encryption Shell Extension c:\winnt\system32\shellext\cryptext.dll
+ Crypto PKO Extension Crypto Shell Extensions Microsoft Corporation c:\winnt\system32\cryptext.dll
+ Crypto Sign Extension Crypto Shell Extensions Microsoft Corporation c:\winnt\system32\cryptext.dll
+ Custom MRU AutoCompleted List Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Darwin App Publisher Shell Application Manager Microsoft Corporation c:\winnt\system32\appwiz.cpl
+ Desktop Explorer NVIDIA Desktop Explorer, Version 110.14 NVIDIA Corporation c:\winnt\system32\nvshell.dll
+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 110.14 NVIDIA Corporation c:\winnt\system32\nvshell.dll
+ Directory Context Menu Verbs Directory Service Common UI Microsoft Corporation c:\winnt\system32\dsuiext.dll
+ Directory Namespace Directory Service UI Microsoft Corporation c:\winnt\system32\dsfolder.dll
+ Directory Object Find Directory Service Find Microsoft Corporation c:\winnt\system32\dsquery.dll
+ Directory Property UI Directory Service Common UI Microsoft Corporation c:\winnt\system32\dsuiext.dll
+ Directory Query UI Directory Service Find Microsoft Corporation c:\winnt\system32\dsquery.dll
+ Directory Start/Search Find Directory Service Find Microsoft Corporation c:\winnt\system32\dsquery.dll
+ Disk Copy Extension Windows DiskCopy Microsoft Corporation c:\winnt\system32\diskcopy.dll
+ Disk Quota UI Windows Shell Disk Quota UI DLL Microsoft Corporation c:\winnt\system32\dskquoui.dll
+ Display Adapter CPL Extension Advanced display adapter properties Microsoft Corporation c:\winnt\system32\deskadp.dll
+ Display Control Panel HTML Extensions Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ Display Monitor CPL Extension Advanced display monitor properties Microsoft Corporation c:\winnt\system32\deskmon.dll
+ Display TroubleShoot CPL Extension Advanced display performance properties Microsoft Corporation c:\winnt\system32\deskperf.dll
+ Download Status Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ DS Security Page Directory Service Security UI Microsoft Corporation c:\winnt\system32\dssec.dll
+ Explorer Band Shell Doc Object and Control Library Microsoft Corporation c:\winnt\system32\shdocvw.dll
+ EzCddax extension d:\program files\easy cdda extractor\ezcddax9.dll
+ Favorites Band Shell Doc Object and Control Library Microsoft Corporation c:\winnt\system32\shdocvw.dll
+ File Property Page Extension Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ File Types Page Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ Folder Options Property Page Extension Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ Folder Shortcut Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ Fonts Windows Font Folder Microsoft Corporation c:\winnt\system32\fontext.dll
+ For &People... Find People Microsoft Corporation c:\program files\outlook express\wabfind.dll
+ Fusion Cache Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\winnt\system32\mscoree.dll
+ Global Folder Settings Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ History Shell Doc Object and Control Library Microsoft Corporation c:\winnt\system32\shdocvw.dll
+ HTML Thumbnail Extractor Thumbnail View Extension Microsoft Corporation c:\winnt\system32\thumbvw.dll
+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\winnt\system32\hticons.dll
+ ICC Profile Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\winnt\system32\icmui.dll
+ ICM Monitor Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\winnt\system32\icmui.dll
+ ICM Printer Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\winnt\system32\icmui.dll
+ ICM Scanner Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\winnt\system32\icmui.dll
+ IE4 Suite Splash Screen Shell Doc Object and Control Library Microsoft Corporation c:\winnt\system32\shdocvw.dll
+ In-pane search Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Installed Apps Enumerator Shell Application Manager Microsoft Corporation c:\winnt\system32\appwiz.cpl
+ Internet Name Space Shell Doc Object and Control Library Microsoft Corporation c:\winnt\system32\shdocvw.dll
+ InternetShortcut Shell Doc Object and Control Library Microsoft Corporation c:\winnt\system32\shdocvw.dll
+ ISFBand OC Shell Doc Object and Control Library Microsoft Corporation c:\winnt\system32\shdocvw.dll
+ IShellFolderBand Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ LNK file thumbnail interface delegator Thumbnail View Extension Microsoft Corporation c:\winnt\system32\thumbvw.dll
+ Media Band Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Menu Band Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Menu Desk Bar Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Menu Shell Folder Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Menu Site Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Microsoft AutoComplete Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Microsoft Browser Architecture Shell Doc Object and Control Library Microsoft Corporation c:\winnt\system32\shdocvw.dll
+ Microsoft BrowserBand Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Microsoft CopyTo Service Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ Microsoft Data Link Microsoft Data Access - OLE DB Core Services Microsoft Corporation c:\program files\common files\system\ole db\oledb32.dll
+ Microsoft History AutoComplete List Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Microsoft Internet Toolbar Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Microsoft MoveTo Service Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ Microsoft Multiple AutoComplete List Container Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Microsoft New Object Service Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ Microsoft Office Binder Unbind Microsoft Office Binder Document Unbinder Microsoft Corporation d:\program files\ms office\office\1033\unbind.dll
+ Microsoft Outlook Custom Icon Handler Microsoft Outlook Shell Hook for Start/Find Microsoft Corporation d:\program files\ms office\office\olkfstub.dll
+ Microsoft SendTo Service Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ Microsoft Shell Folder AutoComplete List Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Microsoft Url History Service Shell Doc Object and Control Library Microsoft Corporation c:\winnt\system32\shdocvw.dll
+ Microsoft Url Search Hook Shell Doc Object and Control Library Microsoft Corporation c:\winnt\system32\shdocvw.dll
+ MIME File Types Hook Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ MMC Icon Handler MMC Shell Extension DLL Microsoft Corporation c:\winnt\system32\mmcshext.dll
+ Mounted Volume Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ MRU AutoComplete List Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Multimedia File Property Sheet Control Panel Drivers Applet Microsoft Corporation c:\winnt\system32\mmsys.cpl
+ Multiscan zlavscan shell extension Zone Labs, LLC d:\program files\zonealarm\zlavscan.dll
+ My Computer Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ MyDocs Copy Hook My Documents Folder UI Microsoft Corporation c:\winnt\system32\mydocs.dll
+ MyDocs Drop Target My Documents Folder UI Microsoft Corporation c:\winnt\system32\mydocs.dll
+ MyDocs Folder My Documents Folder UI Microsoft Corporation c:\winnt\system32\mydocs.dll
+ MyDocs Properties My Documents Folder UI Microsoft Corporation c:\winnt\system32\mydocs.dll
+ Network and Dial-up Connections Network Connections Shell Microsoft Corporation c:\winnt\system32\netshell.dll
+ NTFS Security Page Security Shell Extension Microsoft Corporation c:\winnt\system32\rshx32.dll
+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 110.14 NVIDIA Corporation c:\winnt\system32\nvshell.dll
+ Office Graphics Filters Thumbnail Extractor Thumbnail View Extension Microsoft Corporation c:\winnt\system32\thumbvw.dll
+ Offline Files Folder Client Side Caching UI Microsoft Corporation c:\winnt\system32\cscui.dll
+ Offline Files Folder Options Client Side Caching UI Microsoft Corporation c:\winnt\system32\cscui.dll
+ Offline Files Menu Client Side Caching UI Microsoft Corporation c:\winnt\system32\cscui.dll
+ OLE Docfile Property Page OLE DocFile Property Page Microsoft Corporation c:\winnt\system32\docprop.dll
+ Open With Context Menu Handler Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ PlusPack CPL Extension Effects Control Panel extension Microsoft Corporation c:\winnt\system32\plustab.dll
+ PostAgent Web Site Monitor Microsoft Corporation c:\winnt\system32\webcheck.dll
+ Printers Security Page Security Shell Extension Microsoft Corporation c:\winnt\system32\rshx32.dll
+ Registry Tree Options Utility Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Scheduled Tasks Task Scheduler interface DLL Microsoft Corporation c:\winnt\system32\mstask.dll
+ Search Assistant OC Shell Doc Object and Control Library Microsoft Corporation c:\winnt\system32\shdocvw.dll
+ Search Band Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Sendmail service Send Mail Microsoft Corporation c:\winnt\system32\sendmail.dll
+ Sendmail service Send Mail Microsoft Corporation c:\winnt\system32\sendmail.dll
+ Shell Application Manager Shell Application Manager Microsoft Corporation c:\winnt\system32\appwiz.cpl
+ Shell Automation Folder View Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ Shell Automation Inproc Service Shell Doc Object and Control Library Microsoft Corporation c:\winnt\system32\shdocvw.dll
+ Shell Automation Service Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ Shell Band Site Menu Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Shell DeskBar Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Shell DeskBarApp Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Shell DocObject Viewer Shell Doc Object and Control Library Microsoft Corporation c:\winnt\system32\shdocvw.dll
+ Shell Drag and Drop helper Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ Shell extensions for Microsoft Windows Network objects Network object shell UI Microsoft Corporation c:\winnt\system32\ntlanui2.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. d:\program files\real\rpshell.dll
+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\winnt\system32\ntshrui.dll
+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\winnt\system32\ntshrui.dll
+ Shell extensions for Windows Script Host Microsoft (r) Shell Extension for Windows Script Host Microsoft Corporation c:\winnt\system32\wshext.dll
+ Shell Favorite Folder Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ Shell Icon Handler for Application References Application Deployment Support Library Microsoft Corporation c:\winnt\system32\dfshim.dll
+ Shell properties for a DS object Directory Service UI Microsoft Corporation c:\winnt\system32\dsfolder.dll
+ Shell Rebar BandSite Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Shell Scrap DataHandler Shell scrap object handler Microsoft Corporation c:\winnt\system32\shscrap.dll
+ ShellLink for Application References Application Deployment Support Library Microsoft Corporation c:\winnt\system32\dfshim.dll
+ Start Menu Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ Subscription Folder Web Site Monitor Microsoft Corporation c:\winnt\system32\webcheck.dll
+ Subscription Mgr Web Site Monitor Microsoft Corporation c:\winnt\system32\webcheck.dll
+ Summary Info Thumbnail handler (DOCFILES) Thumbnail View Extension Microsoft Corporation c:\winnt\system32\thumbvw.dll
+ Tasks Folder Icon Handler Task Scheduler interface DLL Microsoft Corporation c:\winnt\system32\mstask.dll
+ Tasks Folder Shell Extension Task Scheduler interface DLL Microsoft Corporation c:\winnt\system32\mstask.dll
+ Temporary Internet Files Shell Doc Object and Control Library Microsoft Corporation c:\winnt\system32\shdocvw.dll
+ Temporary Internet Files Shell Doc Object and Control Library Microsoft Corporation c:\winnt\system32\shdocvw.dll
+ The Internet Shell Doc Object and Control Library Microsoft Corporation c:\winnt\system32\shdocvw.dll
+ Thumbnail Image Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Thumbnails Thumbnail View Extension Microsoft Corporation c:\winnt\system32\thumbvw.dll
+ Track Popup Bar Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Tracking Shell Menu Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ TrayAgent Web Site Monitor Microsoft Corporation c:\winnt\system32\webcheck.dll
+ TridentImageExtractor Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ TrojanHunter Menu Shell Extension d:\program files\trojanhunter 4.2\contmenu.dll
+ User Assist Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ Web Printer Shell Extension Print UI DLL Microsoft Corporation c:\winnt\system32\printui.dll
+ Web Search Shell Browser UI Library Microsoft Corporation c:\winnt\system32\browseui.dll
+ WebCheck Web Site Monitor Microsoft Corporation c:\winnt\system32\webcheck.dll
+ WebCheck SyncMgr Handler Web Site Monitor Microsoft Corporation c:\winnt\system32\webcheck.dll
+ WebCheckChannelAgent Web Site Monitor Microsoft Corporation c:\winnt\system32\webcheck.dll
+ WebCheckWebCrawler Web Site Monitor Microsoft Corporation c:\winnt\system32\webcheck.dll
+ WinRAR shell extension d:\program files\winrar\rarext.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ Fax Tiff Data Column Provider Fax Tiff Data Column Provider Microsoft Corporation c:\winnt\system32\faxshell.dll
+ PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. d:\program files\adobe\acrobat\activex\pdfshell.dll
+ ShAVColumnProvider class DocProp2 Microsoft Corporation c:\winnt\system32\docprop2.dll
+ Version Column Provider DocProp2 Microsoft Corporation c:\winnt\system32\docprop2.dll
+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871} Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ {24F14F01-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ {24F14F02-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Adobe PDF Conversion Toolbar Helper Adobe IE plugin Adobe Systems Incorporated d:\program files\adobe\acrobat\acrobat\acroiefavclient.dll
+ Adobe PDF Reader Link Helper Adobe Acrobat IE Helper Version 7.0 for ActiveX Adobe Systems Incorporated d:\program files\adobe\acrobat\activex\acroiehelper.dll
+ SSVHelper Class Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc. c:\program files\java\jre1.5.0_11\bin\ssv.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
+ shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation c:\winnt\system32\shdocvw.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ acroiefavclient.dll Adobe IE plugin Adobe Systems Incorporated d:\program files\adobe\acrobat\acrobat\acroiefavclient.dll
+ msdxm.ocx Windows Media Player 2 ActiveX Control Microsoft Corporation c:\winnt\system32\msdxm.ocx
Task Scheduler
+ Norton SystemWorks One Button Checkup.job One Button Checkup Symantec Corporation d:\program files\norton\system works\obc.exe
+ Symantec Drmc.job Symantec Shared File Symantec Corporation c:\program files\common files\symantec shared\symdrmc.exe
HKLM\System\CurrentControlSet\Services
+ Automatic LiveUpdate Scheduler Manages the scheduling of Automatic LiveUpdate sessions Symantec Corporation c:\program files\symantec\liveupdate\aluschedulersvc.exe
+ Avg7Alrt AVG Alert Manager GRISOFT, s.r.o. d:\program files\grisoft\avg\avgamsvr.exe
+ Avg7UpdSvc AVG Update Service GRISOFT, s.r.o. d:\program files\grisoft\avg\avgupsvc.exe
+ Browser Maintains an up-to-date list of computers on your network and supplies the list to programs that request it. Microsoft Corporation c:\winnt\system32\services.exe
+ ccEvtMgr Symantec Event Manager Symantec Corporation c:\program files\common files\symantec shared\ccevtmgr.exe
+ ccSetMgr Symantec Settings Manager Symantec Corporation c:\program files\common files\symantec shared\ccsetmgr.exe
+ Dhcp Manages network configuration by registering and updating IP addresses and DNS names. Microsoft Corporation c:\winnt\system32\services.exe
+ dmserver Logical Disk Manager Watchdog Service Microsoft Corporation c:\winnt\system32\services.exe
+ Dnscache Resolves and caches Domain Name System (DNS) names. Microsoft Corporation c:\winnt\system32\services.exe
+ Eventlog Logs event messages issued by programs and Windows. Event Log reports contain information that can be useful in diagnosing problems. Reports are viewed in Event Viewer. Microsoft Corporation c:\winnt\system32\services.exe
+ GEARSecurity gearsec GEAR Software c:\winnt\system32\gearsec.exe
+ lanmanserver Provides RPC support and file, print, and named pipe sharing. Microsoft Corporation c:\winnt\system32\services.exe
+ lanmanworkstation Provides network connections and communications. Microsoft Corporation c:\winnt\system32\services.exe
+ LexBceS LexBce Service Lexmark International, Inc. c:\winnt\system32\lexbces.exe
+ LmHosts Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Microsoft Corporation c:\winnt\system32\services.exe
+ Messenger Sends and receives messages transmitted by administrators or by the Alerter service. Microsoft Corporation c:\winnt\system32\services.exe
+ Norton Ghost Administrative service for scheduling and disk imaging. Symantec Corporation d:\program files\norton\ghost\agent\pqv2isvc.exe
+ NProtectService Protects files deleted from command line prompt and applications Symantec Corporation d:\program files\norton\system works\norton utilities\nprotect.exe
+ NtmsSvc Manages removable media, drives, and libraries. Microsoft Corporation c:\winnt\system32\ntmssvc.dll
+ NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\winnt\system32\nvsvc32.exe
+ PlugPlay Manages device installation and configuration and notifies programs of device changes. Microsoft Corporation c:\winnt\system32\services.exe
+ PolicyAgent Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Microsoft Corporation c:\winnt\system32\lsass.exe
+ ProtectedStorage Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Microsoft Corporation c:\winnt\system32\services.exe
+ RemoteRegistry Allows remote registry manipulation. Microsoft Corporation c:\winnt\system32\regsvc.exe
+ RpcSs Provides the endpoint mapper and other miscellaneous RPC services. Microsoft Corporation c:\winnt\system32\rpcss.dll
+ SamSs Stores security information for local user accounts. Microsoft Corporation c:\winnt\system32\lsass.exe
+ Schedule Enables a program to run at a designated time. Microsoft Corporation c:\winnt\system32\mstask.exe
+ ScsiAccess d:\program files\proshow gold\scsiaccess.exe
+ seclogon Enables starting processes under alternate credentials Microsoft Corporation c:\winnt\system32\services.exe
+ SENS Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. Microsoft Corporation c:\winnt\system32\sens.dll
+ SharedAccess Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. Microsoft Corporation c:\winnt\system32\ipnathlp.dll
+ SoundMAX Agent Service (default) SoundMAX service agent component Analog Devices, Inc. c:\program files\analog devices\soundmax\smagent.exe
+ Speed Disk service Used to schedule disk defragmentation Symantec Corporation d:\program files\norton\system works\norton utilities\speed disk\nopdb.exe
+ Spooler Loads files to memory for later printing. Microsoft Corporation c:\winnt\system32\spoolsv.exe
+ StiSvc Still Image Devices Monitor Microsoft Corporation c:\winnt\system32\stisvc.exe
+ Symantec Core LC Symantec Core LC Symantec Corporation c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe
+ TrkWks Sends notifications of files moving between NTFS volumes in a network domain. Microsoft Corporation c:\winnt\system32\services.exe
+ vsmon Monitors internet traffic and generates alerts for disallowed access. Zone Labs, LLC c:\winnt\system32\zonelabs\vsmon.exe
+ WinMgmt Provides system management information. Microsoft Corporation c:\winnt\system32\wbem\winmgmt.exe
+ wuauserv Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. Microsoft Corporation c:\winnt\system32\wuauserv.dll
HKLM\System\CurrentControlSet\Services
+ ACPI ACPI Driver for NT Microsoft Corporation c:\winnt\system32\drivers\acpi.sys
+ aeaudio Andrea Audio Noise Cancellation Driver Andrea Electronics Corporation c:\winnt\system32\drivers\aeaudio.sys
+ AFD Ancillary Function Driver for WinSock Microsoft Corporation c:\winnt\system32\drivers\afd.sys
+ aic78xx Adaptec CHIM Family SCSI miniport Microsoft Corporation c:\winnt\system32\drivers\aic78xx.sys
+ AsyncMac RAS Asynchronous Media Driver Microsoft Corporation c:\winnt\system32\drivers\asyncmac.sys
+ atapi IDE/ATAPI Port Driver Microsoft Corporation c:\winnt\system32\drivers\atapi.sys
+ Atmarpc ATM ARP Client Protocol Microsoft Corporation c:\winnt\system32\drivers\atmarpc.sys
+ audstub AudStub Driver Microsoft Corporation c:\winnt\system32\drivers\audstub.sys
+ Avg7Core AVG Scanning Engine GRISOFT, s.r.o. c:\winnt\system32\drivers\avg7core.sys
+ Avg7RsNT AVG Resident Anti-Virus Shield GRISOFT, s.r.o. c:\winnt\system32\drivers\avg7rsnt.sys
+ Avg7RsW AVG Resident Shield Unload Helper GRISOFT, s.r.o. c:\winnt\system32\drivers\avg7rsw.sys
+ AvgClean AVG7 Clean Driver GRISOFT, s.r.o. c:\winnt\system32\drivers\avgclean.sys
+ catchme File not found: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys
+ CCDECODE WDM Closed Caption VBI Codec Microsoft Corporation c:\winnt\system32\drivers\ccdecode.sys
+ Cdrom SCSI CD-ROM Driver Microsoft Corporation c:\winnt\system32\drivers\cdrom.sys
+ CDRPDACC CD Device Access Arrowkey d:\program files\321 studios\shared\cdrpdacc.sys
+ CO_Mon c:\winnt\system32\drivers\co_mon.sys
+ Disk PnP Disk Driver Microsoft Corporation c:\winnt\system32\drivers\disk.sys
+ dmio NT Disk Manager I/O Driver VERITAS Software Corp. c:\winnt\system32\drivers\dmio.sys
+ dmload NT Disk Manager Startup Driver VERITAS Software Corp. c:\winnt\system32\drivers\dmload.sys
+ DMusic Microsoft DirectMusic Software Synthesizer (WDM) Microsoft Corporation c:\winnt\system32\drivers\dmusic.sys
+ Fdc Floppy Disk Controller Driver Microsoft Corporation c:\winnt\system32\drivers\fdc.sys
+ Flpydisk Floppy Driver Microsoft Corporation c:\winnt\system32\drivers\flpydisk.sys
+ FltMgr File System Filter Manager Driver Microsoft Corporation c:\winnt\system32\drivers\fltmgr.sys
+ Ftdisk FT Disk Driver Microsoft Corporation c:\winnt\system32\drivers\ftdisk.sys
+ gmer GMER Driver
http://www.gmer.net GMER c:\winnt\system32\drivers\gmer.sys
+ Gpc Generic Packet Classifier Microsoft Corporation c:\winnt\system32\drivers\msgpc.sys
+ hidusb USB Miniport Driver for Input Devices Microsoft Corporation c:\winnt\system32\drivers\hidusb.sys
+ i8042prt i8042 Port Driver Microsoft Corporation c:\winnt\system32\drivers\i8042prt.sys
+ IpFilterDriver IP Traffic Filter Driver Microsoft Corporation c:\winnt\system32\drivers\ipfltdrv.sys
+ IpInIp IP in IP Tunnel Driver Microsoft Corporation c:\winnt\system32\drivers\ipinip.sys
+ IpNat IP Network Address Translator Microsoft Corporation c:\winnt\system32\drivers\ipnat.sys
+ IPSEC IPSEC driver Microsoft Corporation c:\winnt\system32\drivers\ipsec.sys
+ IRENUM Infra-Red Bus Enumerator Microsoft Corporation c:\winnt\system32\drivers\irenum.sys
+ isapnp PNP ISA Bus Driver Microsoft Corporation c:\winnt\system32\drivers\isapnp.sys
+ Kbdclass Keyboard Class Driver Microsoft Corporation c:\winnt\system32\drivers\kbdclass.sys
+ kbdhid HID Mouse Filter Driver Microsoft Corporation c:\winnt\system32\drivers\kbdhid.sys
+ kmixer Kernel Mode Audio Mixer Microsoft Corporation c:\winnt\system32\drivers\kmixer.sys
+ MidiSyn SoundMAX Wavetable Synthesizer (WDM) Analog Devices, Inc. c:\winnt\system32\drivers\midisyn.sys
+ Mouclass Mouse Class Driver Microsoft Corporation c:\winnt\system32\drivers\mouclass.sys
+ mouhid HID Mouse Filter Driver Microsoft Corporation c:\winnt\system32\drivers\mouhid.sys
+ MPE Microsoft MPE to IP Filter Microsoft Corporation c:\winnt\system32\drivers\mpe.sys
+ MRxSmb MRXSMB Microsoft Corporation c:\winnt\system32\drivers\mrxsmb.sys
+ MSKSSRV MS KS Server Microsoft Corporation c:\winnt\system32\drivers\mskssrv.sys
+ MSPCLOCK MS Proxy Clock Microsoft Corporation c:\winnt\system32\drivers\mspclock.sys
+ MSPQM MS Proxy Quality Manager Microsoft Corporation c:\winnt\system32\drivers\mspqm.sys
+ MSTEE WDM Tee/Communication Transform Filter Microsoft Corporation c:\winnt\system32\drivers\mstee.sys
+ NABTSFEC WDM NABTS/FEC VBI Codec Microsoft Corporation c:\winnt\system32\drivers\nabtsfec.sys
+ Nbf NetBEUI Protocol Microsoft Corporation c:\winnt\system32\drivers\nbf.sys
+ NdisTapi Remote Access NDIS TAPI Driver Microsoft Corporation c:\winnt\system32\drivers\ndistapi.sys
+ Ndisuio NDIS Usermode I/O Protocol Microsoft Corporation c:\winnt\system32\drivers\ndisuio.sys
+ NdisWan Remote Access NDIS WAN Driver Microsoft Corporation c:\winnt\system32\drivers\ndiswan.sys
+ NetBIOS NetBIOS Interface Microsoft Corporation c:\winnt\system32\drivers\netbios.sys
+ NetBT NetBios over Tcpip Microsoft Corporation c:\winnt\system32\drivers\netbt.sys
+ NetDetect Network Card Detection driver Microsoft Corporation c:\winnt\system32\drivers\netdtect.sys
+ NPDriver Norton Protection Driver Symantec Corporation c:\winnt\system32\drivers\npdriver.sys
+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 81.98 NVIDIA Corporation c:\winnt\system32\drivers\nv4_mini.sys
+ NwlnkFlt IPX Traffic Filter Driver Microsoft Corporation c:\winnt\system32\drivers\nwlnkflt.sys
+ NwlnkFwd IPX Traffic Forwarder Driver Microsoft Corporation c:\winnt\system32\drivers\nwlnkfwd.sys
+ openhci Open Host Controller Interface USB Driver Microsoft Corporation c:\winnt\system32\drivers\openhci.sys
+ Parallel Parallel Printer Driver Microsoft Corporation c:\winnt\system32\drivers\parallel.sys
+ Parport Parallel Port Driver Microsoft Corporation c:\winnt\system32\drivers\parport.sys
+ PCI NT Plug and Play PCI Enumerator Microsoft Corporation c:\winnt\system32\drivers\pci.sys
+ PCIIde Generic PCI IDE Bus Driver Microsoft Corporation c:\winnt\system32\drivers\pciide.sys
+ Pcouffin Patin-Couffin low level access layer for CD devices VSO Software c:\winnt\system32\drivers\pcouffin.sys
+ PptpMiniport WAN Miniport (PPTP) Microsoft Corporation c:\winnt\system32\drivers\raspptp.sys
+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\winnt\system32\drivers\ptilink.sys
+ RasAcd Remote Access Auto Connection Driver Microsoft Corporation c:\winnt\system32\drivers\rasacd.sys
+ Rasl2tp WAN Miniport (L2TP) Microsoft Corporation c:\winnt\system32\drivers\rasl2tp.sys
+ Raspti Direct Parallel Microsoft Corporation c:\winnt\system32\drivers\raspti.sys
+ RCA RCA filter Microsoft Corporation c:\winnt\system32\drivers\rca.sys
+ Rdbss Rdbss Microsoft Corporation c:\winnt\system32\drivers\rdbss.sys
+ redbook Redbook Audio Filter Driver Microsoft Corporation c:\winnt\system32\drivers\redbook.sys
+ SDdriver SDDRIVER Symantec Corporation c:\winnt\system32\drivers\sddriver.sys
+ senfilt Sensaura WDM 3D Audio Driver Sensaura c:\winnt\system32\drivers\senfilt.sys
+ serenum Serial Port Enumerator Microsoft Corporation c:\winnt\system32\drivers\serenum.sys
+ Serial Serial Device Driver Microsoft Corporation c:\winnt\system32\drivers\serial.sys
+ SiSGbe2K NDIS 5.0 Miniport Driver for SiS191/SiS190 Ethernet Device Silicon Integrated Systems Corp. c:\winnt\system32\drivers\sisgbe2k.sys
+ SLIP Microsoft Slip Deframing Filter Minidriver Microsoft Corporation c:\winnt\system32\drivers\slip.sys
+ smwdm SoundMAX Integrated Digital Audio Analog Devices, Inc. c:\winnt\system32\drivers\smwdm.sys
+ srescan srescan Zone Labs, LLC c:\winnt\system32\zonelabs\srescan.sys
+ Srv Srv Microsoft Corporation c:\winnt\system32\drivers\srv.sys
+ sscdbus SAMSUNG USB Composite Device Driver MCCI c:\winnt\system32\drivers\sscdbus.sys
+ sscdmdfl SAMSUNG CDMA Modem Filter MCCI c:\winnt\system32\drivers\sscdmdfl.sys
+ sscdmdm SAMSUNG CDMA Modem Drivers MCCI c:\winnt\system32\drivers\sscdmdm.sys
+ streamip Microsoft IP Driver Microsoft Corporation c:\winnt\system32\drivers\streamip.sys
+ swenum Plug and Play Software Device Enumerator Microsoft Corporation c:\winnt\system32\drivers\swenum.sys
+ swmidi Microsoft GS Wavetable Synthesizer Microsoft Corporation c:\winnt\system32\drivers\swmidi.sys
+ SymEvent Symantec Event Library Symantec Corporation c:\program files\symantec\symevent.sys
+ symlcbrd Symantec Core Component Symantec Corporation c:\winnt\system32\drivers\symlcbrd.sys
+ sysaudio System Audio WDM Filter Microsoft Corporation c:\winnt\system32\drivers\sysaudio.sys
+ Tcpip TCP/IP Protocol Driver Microsoft Corporation c:\winnt\system32\drivers\tcpip.sys
+ Update Update Driver Microsoft Corporation c:\winnt\system32\drivers\update.sys
+ usbehci EHCI eUSB Miniport Driver Microsoft Corporation c:\winnt\system32\drivers\usbehci.sys
+ usbhub Default Hub Driver for USB Microsoft Corporation c:\winnt\system32\drivers\usbhub.sys
+ usbhub20 Default Hub Driver for USB 2.0 Microsoft Corporation c:\winnt\system32\drivers\usbhub20.sys
+ usbprint USB Printer driver Microsoft Corporation c:\winnt\system32\drivers\usbprint.sys
+ usbscan USB Scanner Driver Microsoft Corporation c:\winnt\system32\drivers\usbscan.sys
+ USBSTOR USB Mass Storage Class Driver Microsoft Corporation c:\winnt\system32\drivers\usbstor.sys
+ VgaSave VGA/Super VGA Video Driver Microsoft Corporation c:\winnt\system32\drivers\vga.sys
+ vsdatant TrueVector Device Driver Zone Labs, LLC c:\winnt\system32\vsdatant.sys
+ Wanarp Remote Access IP ARP Driver Microsoft Corporation c:\winnt\system32\drivers\wanarp.sys
+ wdmaud MMSYSTEM Wave/Midi API mapper Microsoft Corporation c:\winnt\system32\drivers\wdmaud.sys
+ WmBEnum Logitech WingMan Virtual Bus Enumerator Driver Logitech Inc. c:\winnt\system32\drivers\wmbenum.sys
+ WmFilter Logitech WingMan Hid Filter Driver Logitech Inc. c:\winnt\system32\drivers\wmfilter.sys
+ WmVirHid Logitech WingMan Virtual Hid Device Driver Logitech Inc. c:\winnt\system32\drivers\wmvirhid.sys
+ WmXlCore Logitech WingMan Translation Driver Logitech Inc. c:\winnt\system32\drivers\wmxlcore.sys
+ WSTCODEC WDM WST Codec Driver Microsoft Corporation c:\winnt\system32\drivers\wstcodec.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
+ autocheck autochk * Auto Check Utility Microsoft Corporation c:\winnt\system32\autochk.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
+ Your Image File Name Here without a path Symbolic Debugger for Windows 2000 Microsoft Corporation c:\winnt\system32\ntsd.exe
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
+ advapi32 Advanced Windows 32 Base API Microsoft Corporation c:\winnt\system32\advapi32.dll
+ comdlg32 Common Dialogs DLL Microsoft Corporation c:\winnt\system32\comdlg32.dll
+ gdi32 GDI Client DLL Microsoft Corporation c:\winnt\system32\gdi32.dll
+ imagehlp Windows NT Image Helper Microsoft Corporation c:\winnt\system32\imagehlp.dll
+ kernel32 Windows NT BASE API Client DLL Microsoft Corporation c:\winnt\system32\kernel32.dll
+ lz32 LZ Expand/Compress API DLL Microsoft Corporation c:\winnt\system32\lz32.dll
+ ole32 Microsoft OLE for Windows Microsoft Corporation c:\winnt\system32\ole32.dll
+ oleaut32 Microsoft Corporation c:\winnt\system32\oleaut32.dll
+ olecli32 Object Linking and Embedding Client Library Microsoft Corporation c:\winnt\system32\olecli32.dll
+ olecnv32 Microsoft OLE for Windows Microsoft Corporation c:\winnt\system32\olecnv32.dll
+ olesvr32 Object Linking and Embedding Server Library Microsoft Corporation c:\winnt\system32\olesvr32.dll
+ olethk32 Microsoft OLE for Windows Microsoft Corporation c:\winnt\system32\olethk32.dll
+ rpcrt4 Remote Procedure Call Runtime Microsoft Corporation c:\winnt\system32\rpcrt4.dll
+ shell32 Windows Shell Common Dll Microsoft Corporation c:\winnt\system32\shell32.dll
+ url Internet Shortcut Shell Extension DLL Microsoft Corporation c:\winnt\system32\url.dll
+ urlmon OLE32 Extensions for Win32 Microsoft Corporation c:\winnt\system32\urlmon.dll
+ user32 Windows 2000 USER API Client DLL Microsoft Corporation c:\winnt\system32\user32.dll
+ version Version Checking and File Installation Libraries Microsoft Corporation c:\winnt\system32\version.dll
+ wininet Internet Extensions for Win32 Microsoft Corporation c:\winnt\system32\wininet.dll
+ wldap32 Win32 LDAP API DLL Microsoft Corporation c:\winnt\system32\wldap32.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ crypt32chain Crypto API32 Microsoft Corporation c:\winnt\system32\crypt32.dll
+ cryptnet Crypto Network Related API Microsoft Corporation c:\winnt\system32\cryptnet.dll
+ cscdll Offline Network Agent Microsoft Corporation c:\winnt\system32\cscdll.dll
+ sclgntfy Secondary Logon Service Notification DLL Microsoft Corporation c:\winnt\system32\sclgntfy.dll
+ SensLogn Common DLL to receive Winlogon notifications Microsoft Corporation c:\winnt\system32\wlnotify.dll
+ wzcnotif Wireless Zero Configuration Service UI Microsoft Corporation c:\winnt\system32\wzcdlg.dll
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{097DCC31-53F2-421C-842E-496B68B6A5BD}] DATAGRAM 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\winnt\system32\msafd.dll
+ MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{097DCC31-53F2-421C-842E-496B68B6A5BD}] SEQPACKET 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\winnt\system32\msafd.dll
+ MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{3CD29930-6D17-4DD3-B2A2-0E7BF8ECB156}] DATAGRAM 6 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\winnt\system32\msafd.dll
+ MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{3CD29930-6D17-4DD3-B2A2-0E7BF8ECB156}] SEQPACKET 6 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\winnt\system32\msafd.dll
+ MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{A31013BE-D54C-476B-B7CD-05E73ADEB3F1}] DATAGRAM 7 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\winnt\system32\msafd.dll
+ MSAFD NetBIOS [\Device\Nbf_NdisWanNbfIn{A31013BE-D54C-476B-B7CD-05E73ADEB3F1}] SEQPACKET 7 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\winnt\system32\msafd.dll
+ MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{567B5B20-1B08-4B22-B929-CCA320509A09}] DATAGRAM 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\winnt\system32\msafd.dll
+ MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{567B5B20-1B08-4B22-B929-CCA320509A09}] SEQPACKET 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\winnt\system32\msafd.dll
+ MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{5E643D81-83CE-41CD-942E-432D9DD73844}] DATAGRAM 9 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\winnt\system32\msafd.dll
+ MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{5E643D81-83CE-41CD-942E-432D9DD73844}] SEQPACKET 9 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\winnt\system32\msafd.dll
+ MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{A586A6BF-B7C8-462D-86A3-2D93DBE2CC5E}] DATAGRAM 8 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\winnt\system32\msafd.dll
+ MSAFD NetBIOS [\Device\Nbf_NdisWanNbfOut{A586A6BF-B7C8-462D-86A3-2D93DBE2CC5E}] SEQPACKET 8 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\winnt\system32\msafd.dll
+ MSAFD NetBIOS [\Device\Nbf_{15D4E2FE-16D1-42D2-8486-61C9986D71E1}] DATAGRAM 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\winnt\system32\msafd.dll
+ MSAFD NetBIOS [\Device\Nbf_{15D4E2FE-16D1-42D2-8486-61C9986D71E1}] SEQPACKET 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\winnt\system32\msafd.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{15D4E2FE-16D1-42D2-8486-61C9986D71E1}] DATAGRAM 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\winnt\system32\msafd.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{15D4E2FE-16D1-42D2-8486-61C9986D71E1}] SEQPACKET 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\winnt\system32\msafd.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{1743D244-09C1-487B-A809-37F1038EF62E}] DATAGRAM 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\winnt\system32\msafd.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{1743D244-09C1-487B-A809-37F1038EF62E}] SEQPACKET 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\winnt\system32\msafd.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E62F7943-0EF8-464E-A781-E8C09C4F8DE4}] DATAGRAM 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\winnt\system32\msafd.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E62F7943-0EF8-464E-A781-E8C09C4F8DE4}] SEQPACKET 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\winnt\system32\msafd.dll
+ MSAFD Tcpip [RAW/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\winnt\system32\msafd.dll
+ MSAFD Tcpip [TCP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\winnt\system32\msafd.dll
+ MSAFD Tcpip [UDP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\winnt\system32\msafd.dll
+ RSVP TCP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\winnt\system32\rsvpsp.dll
+ RSVP UDP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\winnt\system32\rsvpsp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ Adobe PDF Port Acrobat ® PDF Port Adobe Systems Incorporated. c:\winnt\system32\adobepdf.dll
+ BJ Language Monitor Langage Monitor for Canon Bubble-Jet Printer Microsoft Corporation c:\winnt\system32\cnbjmon.dll
+ Lexmark Network Port LEXLMPM DLL Lexmark International, Inc. c:\winnt\system32\lexlmpm.dll
+ Local Port Local Spooler DLL Microsoft Corporation c:\winnt\system32\localspl.dll
+ PJL Language Monitor Spooler Setup DLL Microsoft Corporation c:\winnt\system32\pjlmon.dll
+ Standard TCP/IP Port Standard TCP/IP Port Monitor DLL Microsoft Corporation c:\winnt\system32\tcpmon.dll
+ USB Monitor Standard USB printing Port Monitor DLL Microsoft Corporation c:\winnt\system32\usbmon.dll
+ Windows NT Fax Monitor Fax Print Monitor Microsoft Corporation c:\winnt\system32\msfaxmon.dll
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
+ digest.dll Digest SSPI Authentication Package Microsoft Corporation c:\winnt\system32\digest.dll
+ msapsspc.dll DPA Client for 32 bit platforms Microsoft Corporation c:\winnt\system32\msapsspc.dll
+ msnsspc.dll MSN Client for 32 bit platforms Microsoft Corporation c:\winnt\system32\msnsspc.dll
+ schannel.dll TLS / SSL Security Provider Microsoft Corporation c:\winnt\system32\schannel.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
+ msv1_0 Microsoft Authentication Package v1.0 Microsoft Corporation c:\winnt\system32\msv1_0.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
+ scecli Windows Security Configuration Editor Client Engine Microsoft Corporation c:\winnt\system32\scecli.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
+ kerberos Kerberos Security Package Microsoft Corporation c:\winnt\system32\kerberos.dll
+ msv1_0 Microsoft Authentication Package v1.0 Microsoft Corporation c:\winnt\system32\msv1_0.dll
+ schannel TLS / SSL Security Provider Microsoft Corporation c:\winnt\system32\schannel.dll
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
+ LanmanWorkstation Microsoft Windows Network Microsoft Corporation c:\winnt\system32\ntlanman.dll
2a) NOW, HERE IS THE COMBOFIX LOG, WHICH I FOUND:
"Derek" - 07/11/2007 18:57:50 - ComboFix 07-07-10.1 - Service Pack 4
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\nm
((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))
2007-07-11 18:56 51,200 --a------ C:\WINNT\nircmd.exe
2007-07-11 16:57 <DIR> d-------- C:\WINNT\system32\Kaspersky Lab
2007-07-11 16:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-07-10 14:07 552 --a------ C:\WINNT\system32\d3d8caps.dat
2007-07-10 13:55 122,880 --ah----- C:\DOCUME~1\SYSTEM\NTUSER.DAT
2007-06-27 17:01 90,112 --a------ C:\WINNT\system32\odbcint.dll
2007-06-27 17:01 61,440 --a------ C:\WINNT\system32\odbccu32.dll
2007-06-27 17:01 61,440 --a------ C:\WINNT\system32\odbccr32.dll
2007-06-27 17:01 45,632 --a------ C:\WINNT\system32\cliconfg.exe
2007-06-27 17:01 4,656 --a------ C:\WINNT\system32\ds16gt.dll
2007-06-27 17:01 36,864 --a------ C:\WINNT\system32\mscpxl32.dll
2007-06-27 17:01 32,768 --a------ C:\WINNT\system32\odbcad32.exe
2007-06-27 17:01 28,672 --a------ C:\WINNT\system32\dbnmpntw.dll
2007-06-27 17:01 26,224 --a------ C:\WINNT\system32\odbc16gt.dll
2007-06-27 17:01 24,576 --a------ C:\WINNT\system32\dbmsvinn.dll
2007-06-27 17:01 24,576 --a------ C:\WINNT\system32\dbmsrpcn.dll
2007-06-27 17:01 24,576 --a------ C:\WINNT\system32\dbmsgnet.dll
2007-06-27 17:01 20,480 --a------ C:\WINNT\system32\msorc32r.dll
2007-06-27 17:01 20,480 --a------ C:\WINNT\system32\dbmsadsn.dll
2007-06-27 17:01 180,800 --a------ C:\WINNT\system32\sqlunirl.dll
2007-06-27 17:01 16,384 --a------ C:\WINNT\system32\odbc32gt.dll
2007-06-27 17:01 16,384 --a------ C:\WINNT\system32\ds32gt.dll
2007-06-27 17:01 147,456 --a------ C:\WINNT\system32\odbctrac.dll
2007-06-27 17:01 131,072 --a------ C:\WINNT\system32\msorcl32.dll
2007-06-27 17:01 127,552 --a------ C:\WINNT\system32\cliconfg.dll
2007-06-27 17:01 126,976 --a------ C:\WINNT\system32\msdart.dll
2007-06-20 15:17 <DIR> d-------- C:\WINNT\system32\SoftwareDistribution
2007-06-12 23:32 <DIR> d-------- C:\Program Files\Comical
2007-06-12 13:47 <DIR> d-a------ C:\WINNT\system32\appmgmt
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-29 06:09:34 28,672 ----a-w C:\WINNT\system32\drivers\CO_Mon.sys
2007-06-12 18:47:51 -------- d-----w C:\Program Files\emoze
2007-04-25 07:52:16 147,216 ----a-w C:\WINNT\system32\SCHANNEL.DLL
2007-04-18 15:56:26 5,241,359 ------w C:\AVG7QT.DAT
2007-04-17 03:47:36 33,624 ----a-w C:\WINNT\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINNT\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINNT\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINNT\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINNT\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINNT\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINNT\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINNT\system32\wups2.dll
2007-04-16 12:44:08 54,032 ----a-w C:\WINNT\system32\mpr.dll
2007-04-13 00:12:56 4,212 ---h--w C:\WINNT\system32\zllictbl.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
06-12-18 04:16 59032 --a------ D:\Program Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
05-05-31 01:04 853672 --a------ D:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
06-12-15 03:23 440056 --a------ C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
06-12-18 04:18 231160 --a------ D:\Program Files\Adobe\Acrobat\Acrobat\AcroIEFavClient.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 14:05 C:\WINNT\system32\mobsync.exe]
"Tweak UI"="TWEAKUI.CPL" [00-06-18 13:03 C:\WINNT\system32\TWEAKUI.CPL]
"Lexmark X6100 Series"="C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [03-09-23 01:01 ]
"THGuard"="D:\Program Files\TrojanHunter 4.2\THGuard.exe" [05-02-19 15:36 ]
"Norton Ghost 9.0"="D:\Program Files\Norton\Ghost\Agent\GhostTray.exe" [04-07-29 03:41 ]
"Acrobat Assistant 7.0"="D:\Program Files\Adobe\Acrobat\Distillr\Acrotray.exe" [06-01-12 19:52 ]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [04-10-14 08:11 ]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [04-09-23 11:41 ]
"@"="" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06-08-10 10:11 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [06-12-15 03:23 ]
"ZoneAlarm Client"="D:\Program Files\ZoneAlarm\zlclient.exe" [07-03-09 00:02 ]
"AVG7_CC"="D:\PROGRA~1\Grisoft\AVG\avgcc.exe" [07-04-21 08:40 ]
"nwiz"="nwiz.exe" [05-12-10 02:06 C:\WINNT\system32\nwiz.exe]
"QuickTime Task"="D:\Program Files\Quicktime\qttask.exe" [06-08-09 22:32 ]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [99-12-07 07:00 C:\WINNT\system32\internat.exe]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [05-05-31 01:04 ]
"Norton SystemWorks"="D:\Program Files\Norton\System Works\cfgwiz.exe" [04-09-09 21:12 ]
"AWMON"="D:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [05-05-25 11:12 ]
"DeskSlide"="D:\Program Files\DeskSlide\DeskSlide.exe" [06-06-27 21:31 ]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=01000000
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINNT\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINNT\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINNT\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"D:\Program Files\Adobe\Acrobat\Distillr\Acrotray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINNT\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe]
C:\Program Files\Common Files\Symantec Shared\SymTray.exe SetReg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Contents of the 'Scheduled Tasks' folder
2007-07-08 16:23:51 C:\WINNT\tasks\Norton SystemWorks One Button Checkup.job
2007-07-11 05:02:59 C:\WINNT\tasks\Symantec Drmc.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-07-11 19:04:04
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINNT\system32\Perflib_Perfdata_c9c.dat
scan completed successfully
hidden files: 1
**************************************************************************
Completion time: 2007-07-11 19:06:51 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-07-11 19:06
--- E O F ---
2b) THERE WAS ALSO A FILE at C:\ CALLED ComboFix-quarantined-files.txt AND IT FOLLOWS IN CASE IT IS NECESSARY:
- Code: Select all
07-07-11 18:59 352 --a------ C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf
Folder PATH listing
Volume serial number is 0006FE80 A888:7B57
C:\QOOBOX
\---Quarantine
\---Registry_backups
services_nm.reg.cf
3) HERE IS THE FIND VBS.BAT LOG FILE:
Volume in drive C has no label.
Volume Serial Number is A888-7B57
Directory of C:\ComboFix
07/08/07 09:23p 15,399 FProps.vbs
1 File(s) 15,399 bytes
Directory of C:\Documents and Settings\Administrator\Desktop
07/12/07 11:07a 347,253 Silent Runners.vbs
1 File(s) 347,253 bytes
Directory of C:\WINNT\system32
12/07/99 07:00a 3,708 pubprn.vbs
1 File(s) 3,708 bytes
Total Files Listed:
3 File(s) 366,360 bytes
0 Dir(s) 7,699,726,336 bytes free
4) HERE IS THE NEW HIJACKTHIS LOG FILE:
Logfile of HijackThis v1.99.1
Scan saved at 4:11:27 PM, on 8/01/07
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\PROGRA~1\Grisoft\AVG\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\GEARSec.exe
D:\Program Files\Norton\Ghost\Agent\PQV2iSvc.exe
D:\PROGRA~1\Norton\SYSTEM~1\NORTON~1\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
D:\Program Files\ProShow Gold\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\PROGRA~1\Norton\SYSTEM~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT