ComboFix log below:
ComboFix 08-07-26.1 - DAVID 2008-07-30 11:16:38.1 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.600 [GMT 1:00]
Running from: C:\Documents and Settings\DAVID\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\DAVID\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\DAVID\Application Data\ShoppingReport
C:\Documents and Settings\DAVID\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\DAVID\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\DAVID\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\DAVID\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\DAVID\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\DAVID\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\DAVID\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
C:\WINDOWS\BM1e3c22e6.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aatyfssr.ini
C:\WINDOWS\system32\abbsvunx.dll
C:\WINDOWS\system32\abmhtl.dll
C:\WINDOWS\system32\abtoamvp.ini
C:\WINDOWS\system32\abtoamvp.ini2
C:\WINDOWS\system32\abtoamvp.tmp
C:\WINDOWS\system32\addgwura.dll
C:\WINDOWS\system32\aeasdpwb.ini
C:\WINDOWS\system32\agagrqio.ini
C:\WINDOWS\system32\agjjcigq.ini
C:\WINDOWS\system32\agsgemub.dll
C:\WINDOWS\system32\ahbnmfpm.ini
C:\WINDOWS\system32\aibmcgex.dll
C:\WINDOWS\system32\aiobnrfx.ini
C:\WINDOWS\system32\ajcevhpl.ini
C:\WINDOWS\system32\ajncnswj.ini
C:\WINDOWS\system32\amavpmqf.ini
C:\WINDOWS\system32\aotprvow.dll
C:\WINDOWS\system32\apmnjcfa.ini
C:\WINDOWS\system32\aqjner.dll
C:\WINDOWS\system32\arsybdqu.ini
C:\WINDOWS\system32\atwlmgtc.dll
C:\WINDOWS\system32\audnvhlb.ini
C:\WINDOWS\system32\aufcdjvq.dll
C:\WINDOWS\system32\aurisbgh.ini
C:\WINDOWS\system32\avdfchmd.dll
C:\WINDOWS\system32\axholb.dll
C:\WINDOWS\system32\axtatkfn.dll
C:\WINDOWS\system32\aybonkfm.ini
C:\WINDOWS\system32\aymberpp.ini
C:\WINDOWS\system32\aysibqfw.ini
C:\WINDOWS\system32\ayussfsy.ini
C:\WINDOWS\system32\bbesur.dll
C:\WINDOWS\system32\bctrrhak.ini
C:\WINDOWS\system32\beiwjbxs.dll
C:\WINDOWS\system32\bffpxcnh.ini
C:\WINDOWS\system32\bfhjicox.ini
C:\WINDOWS\system32\bhbgtgfa.dll
C:\WINDOWS\system32\bjedmtnv.ini
C:\WINDOWS\system32\bmbdweuc.dll
C:\WINDOWS\system32\bnfsibmp.ini
C:\WINDOWS\system32\bqpuijff.dll
C:\WINDOWS\system32\bsdcppoi.dll
C:\WINDOWS\system32\btqcmrwk.ini
C:\WINDOWS\system32\btuxrmyr.ini
C:\WINDOWS\system32\butorbie.ini
C:\WINDOWS\system32\bvkykdim.ini
C:\WINDOWS\system32\bvlcmulm.ini
C:\WINDOWS\system32\bxnreyst.dll
C:\WINDOWS\system32\bypmoqhm.dll
C:\WINDOWS\system32\catrbddw.dll
C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\cbadd.ini2
C:\WINDOWS\system32\CeMnmnmp.ini
C:\WINDOWS\system32\CeMnmnmp.ini2
C:\WINDOWS\system32\chvnhfkt.ini
C:\WINDOWS\system32\cibpybuq.ini
C:\WINDOWS\system32\cinubclm.ini
C:\WINDOWS\system32\cixoctmd.ini
C:\WINDOWS\system32\cjfhedfm.ini
C:\WINDOWS\system32\cmfcmtxa.ini
C:\WINDOWS\system32\cmouhorf.ini
C:\WINDOWS\system32\cmulassp.ini
C:\WINDOWS\system32\CMWFNXyb.ini
C:\WINDOWS\system32\CMWFNXyb.ini2
C:\WINDOWS\system32\cncllwyv.ini
C:\WINDOWS\system32\cpnmtptu.dll
C:\WINDOWS\system32\cprobmgw.ini
C:\WINDOWS\system32\cqulpyyp.ini
C:\WINDOWS\system32\csxtgxoa.dll
C:\WINDOWS\system32\ctebtwse.ini
C:\WINDOWS\system32\cxhmjgkm.ini
C:\WINDOWS\system32\damcivkb.dll
C:\WINDOWS\system32\damlhgjb.ini
C:\WINDOWS\system32\davtghcq.ini
C:\WINDOWS\system32\dczcny.dll
C:\WINDOWS\system32\dgfvjesv.ini
C:\WINDOWS\system32\dhotpfcr.dll
C:\WINDOWS\system32\diasmbrw.ini
C:\WINDOWS\system32\djvrelbf.dll
C:\WINDOWS\system32\dkafqfry.dll
C:\WINDOWS\system32\dkpkwitu.ini
C:\WINDOWS\system32\dLkUwGgh.ini
C:\WINDOWS\system32\dLkUwGgh.ini2
C:\WINDOWS\system32\dmnhgypq.ini
C:\WINDOWS\system32\dngwbhah.ini
C:\WINDOWS\system32\dnudin.dll
C:\WINDOWS\system32\dosnjljv.dll
C:\WINDOWS\system32\dpmqyoxq.dll
C:\WINDOWS\system32\dqgbmuha.dll
C:\WINDOWS\system32\dqpixgwx.dll
C:\WINDOWS\system32\drcvfejd.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\dspibkjn.ini
C:\WINDOWS\system32\dtpdjqaw.ini
C:\WINDOWS\system32\dunfgamg.ini
C:\WINDOWS\system32\duqeshbe.ini
C:\WINDOWS\system32\dvarssgj.dll
C:\WINDOWS\system32\dxwuolnb.dll
C:\WINDOWS\system32\dydvmonm.dll
C:\WINDOWS\system32\eaupjvuv.dll
C:\WINDOWS\system32\ebwpnmpl.ini
C:\WINDOWS\system32\edspsluh.ini
C:\WINDOWS\system32\eghbkmjc.ini
C:\WINDOWS\system32\eiliosxm.dll
C:\WINDOWS\system32\ekbobvae.ini
C:\WINDOWS\system32\emensjcd.ini
C:\WINDOWS\system32\eoftcdol.ini
C:\WINDOWS\system32\eoftcdol.ini2
C:\WINDOWS\system32\eoftcdol.tmp
C:\WINDOWS\system32\eOXIknmp.ini
C:\WINDOWS\system32\eOXIknmp.ini2
C:\WINDOWS\system32\epbwqfjd.dll
C:\WINDOWS\system32\epxhlpia.ini
C:\WINDOWS\system32\eqmqgqba.ini
C:\WINDOWS\system32\ervalgnl.dll
C:\WINDOWS\system32\eslovobi.ini
C:\WINDOWS\system32\evipvdhg.dll
C:\WINDOWS\system32\exftshsa.ini
C:\WINDOWS\system32\exqgvucg.ini
C:\WINDOWS\system32\faateult.dll
C:\WINDOWS\system32\fadgpioj.dll
C:\WINDOWS\system32\fafwjrre.ini
C:\WINDOWS\system32\fcpnjyln.ini
C:\WINDOWS\system32\fdilpdnh.ini
C:\WINDOWS\system32\fdminvfr.dll
C:\WINDOWS\system32\fenjdwev.ini
C:\WINDOWS\system32\ffgsabht.dll
C:\WINDOWS\system32\FgfggMoq.ini
C:\WINDOWS\system32\FgfggMoq.ini2
C:\WINDOWS\system32\fhrtuptf.dll
C:\WINDOWS\system32\fhvysfkw.ini
C:\WINDOWS\system32\fhwrgjdw.dll
C:\WINDOWS\system32\fidugiuj.ini
C:\WINDOWS\system32\fmgukchc.ini
C:\WINDOWS\system32\fnoexujv.dll
C:\WINDOWS\system32\foysfbbg.ini
C:\WINDOWS\system32\fpllmcux.dll
C:\WINDOWS\system32\fpnlldxx.ini
C:\WINDOWS\system32\frpoashw.ini
C:\WINDOWS\system32\ftfojweu.ini
C:\WINDOWS\system32\fvwcmssq.dll
C:\WINDOWS\system32\fwaqpnvn.ini
C:\WINDOWS\system32\fwegdwpf.ini
C:\WINDOWS\system32\fxuihdpm.dll
C:\WINDOWS\system32\fxulwddv.ini
C:\WINDOWS\system32\gbpfssil.dll
C:\WINDOWS\system32\gegjijmr.dll
C:\WINDOWS\system32\gfwqtbkk.ini
C:\WINDOWS\system32\gixodrkd.ini
C:\WINDOWS\system32\giywlewd.ini
C:\WINDOWS\system32\gjdgpgee.dll
C:\WINDOWS\system32\gknswquw.dll
C:\WINDOWS\system32\gkrbqcti.ini
C:\WINDOWS\system32\glaowjox.dll
C:\WINDOWS\system32\gmrgocyw.dll
C:\WINDOWS\system32\gnbtncwp.ini
C:\WINDOWS\system32\gnefywkb.dll
C:\WINDOWS\system32\gnfiuq.dll
C:\WINDOWS\system32\goibgacj.dll
C:\WINDOWS\system32\gpelfixm.ini
C:\WINDOWS\system32\gppjigox.ini
C:\WINDOWS\system32\gsokqmmw.dll
C:\WINDOWS\system32\guwhwljy.ini
C:\WINDOWS\system32\gwqhbkcn.dll
C:\WINDOWS\system32\hacmbxvu.ini
C:\WINDOWS\system32\hamghpue.ini
C:\WINDOWS\system32\haophw.dll
C:\WINDOWS\system32\hcwtuvwq.dll
C:\WINDOWS\system32\hdbhvokh.ini
C:\WINDOWS\system32\hggfqugv.ini
C:\WINDOWS\system32\hhuksrux.dll
C:\WINDOWS\system32\hihvnqos.dll
C:\WINDOWS\system32\hjydltlr.ini
C:\WINDOWS\system32\hkjrvppu.ini
C:\WINDOWS\system32\hncxpffb.dll
C:\WINDOWS\system32\hNTEeMoq.ini
C:\WINDOWS\system32\hNTEeMoq.ini2
C:\WINDOWS\system32\HOXbefii.ini
C:\WINDOWS\system32\HOXbefii.ini2
C:\WINDOWS\system32\hqgxqydm.ini
C:\WINDOWS\system32\hqltpaqx.ini
C:\WINDOWS\system32\hqqhqwlp.dll
C:\WINDOWS\system32\hskuqxth.dll
C:\WINDOWS\system32\hteeiseo.dll
C:\WINDOWS\system32\htvraixl.ini
C:\WINDOWS\system32\hvfbtcun.dll
C:\WINDOWS\system32\hvtkglkc.ini
C:\WINDOWS\system32\iastktvd.ini
C:\WINDOWS\system32\icpoedst.dll
C:\WINDOWS\system32\icslbe.dll
C:\WINDOWS\system32\igiuiskl.ini
C:\WINDOWS\system32\ihtnaynv.ini
C:\WINDOWS\system32\ijafqncq.dll
C:\WINDOWS\system32\ijsdqiit.dll
C:\WINDOWS\system32\ikapscnp.ini
C:\WINDOWS\system32\iklfncsn.dll
C:\WINDOWS\system32\inivacax.ini
C:\WINDOWS\system32\ionxdsfv.ini
C:\WINDOWS\system32\ipasfbqo.ini
C:\WINDOWS\system32\ipqjgcjn.ini
C:\WINDOWS\system32\iqllhwwf.dll
C:\WINDOWS\system32\iuqvjjlv.ini
C:\WINDOWS\system32\ixhineto.dll
C:\WINDOWS\system32\iygeyigq.dll
C:\WINDOWS\system32\iylkxeop.ini
C:\WINDOWS\system32\jabrcgci.dll
C:\WINDOWS\system32\jagfffmw.ini
C:\WINDOWS\system32\jbayiaug.dll
C:\WINDOWS\system32\jbcueqvx.dll
C:\WINDOWS\system32\jcndxvsn.dll
C:\WINDOWS\system32\jctmgyct.dll
C:\WINDOWS\system32\jdqhgblq.ini
C:\WINDOWS\system32\jedvstsu.ini
C:\WINDOWS\system32\jejjmpcq.ini
C:\WINDOWS\system32\jfkhamcb.ini
C:\WINDOWS\system32\jgpztz.dll
C:\WINDOWS\system32\jhvstcof.ini
C:\WINDOWS\system32\jhysxbfn.ini
C:\WINDOWS\system32\jiboyxls.dll
C:\WINDOWS\system32\jkbdcovy.ini
C:\WINDOWS\system32\jkkkql.dll
C:\WINDOWS\system32\jnkkirax.ini
C:\WINDOWS\system32\jpbxhrql.ini
C:\WINDOWS\system32\jptejuxq.ini
C:\WINDOWS\system32\jtbrdwcw.dll
C:\WINDOWS\system32\juhksfco.ini
C:\WINDOWS\system32\juoqajat.dll
C:\WINDOWS\system32\jwfewlup.ini
C:\WINDOWS\system32\jyqpkfsx.ini
C:\WINDOWS\system32\kewuuytr.dll
C:\WINDOWS\system32\kfdiirvk.dll
C:\WINDOWS\system32\kfxtfloc.dll
C:\WINDOWS\system32\khvijpuu.dll
C:\WINDOWS\system32\kiiemsbs.ini
C:\WINDOWS\system32\kjbektgf.ini
C:\WINDOWS\system32\kkkrad.dll
C:\WINDOWS\system32\kllgmcpo.dll
C:\WINDOWS\system32\kmypeulr.ini
C:\WINDOWS\system32\knivgghy.ini
C:\WINDOWS\system32\koekbigt.ini
C:\WINDOWS\system32\kpvwnoyh.ini
C:\WINDOWS\system32\kqdiydds.ini
C:\WINDOWS\system32\kretvehi.ini
C:\WINDOWS\system32\krmlhmlj.ini
C:\WINDOWS\system32\ktaqohoi.ini
C:\WINDOWS\system32\ktdfdhuk.dll
C:\WINDOWS\system32\ktmggfcq.ini
C:\WINDOWS\system32\kujydytp.dll
C:\WINDOWS\system32\kvdeccfi.ini
C:\WINDOWS\system32\kwbmpqkl.ini
C:\WINDOWS\system32\kwuwusev.ini
C:\WINDOWS\system32\kxjanqeg.ini
C:\WINDOWS\system32\kycgdbdq.ini
C:\WINDOWS\system32\lahkxrlc.dll
C:\WINDOWS\system32\levubwtd.dll
C:\WINDOWS\system32\lfpitswl.dll
C:\WINDOWS\system32\lfspajia.ini
C:\WINDOWS\system32\lgmbahct.ini
C:\WINDOWS\system32\lguspmvw.dll
C:\WINDOWS\system32\lhcarybi.dll
C:\WINDOWS\system32\lhfarefo.dll
C:\WINDOWS\system32\lhonmlgn.ini
C:\WINDOWS\system32\ljfexdrq.dll
C:\WINDOWS\system32\ljwqwdoq.dll
C:\WINDOWS\system32\lkjvdmwb.dll
C:\WINDOWS\system32\lkofqpjk.dll
C:\WINDOWS\system32\lmbcgqbi.dll
C:\WINDOWS\system32\LnqsYxyb.ini
C:\WINDOWS\system32\LnqsYxyb.ini2
C:\WINDOWS\system32\lqevfogm.ini
C:\WINDOWS\system32\lqjpjltl.ini
C:\WINDOWS\system32\lqufsyvo.dll
C:\WINDOWS\system32\lrvytlrr.ini
C:\WINDOWS\system32\lsagiywm.dll
C:\WINDOWS\system32\lswupltr.dll
C:\WINDOWS\system32\ltnewtge.ini
C:\WINDOWS\system32\ltrtmmat.ini
C:\WINDOWS\system32\lucifrhd.ini
C:\WINDOWS\system32\lufcvagf.ini
C:\WINDOWS\system32\lusggggo.dll
C:\WINDOWS\system32\lvklqesh.dll
C:\WINDOWS\system32\lvrvjlip.dll
C:\WINDOWS\system32\mammtdig.ini
C:\WINDOWS\system32\mbloydeu.ini
C:\WINDOWS\system32\mbnwvpnk.dll
C:\WINDOWS\system32\mbyamdip.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdswtwie.dll
C:\WINDOWS\system32\meiuhvsy.dll
C:\WINDOWS\system32\metdtkqq.ini
C:\WINDOWS\system32\mgwufcwu.ini
C:\WINDOWS\system32\mhjoarlo.ini
C:\WINDOWS\system32\mijgigah.ini
C:\WINDOWS\system32\mikgiqpo.dll
C:\WINDOWS\system32\miokdnqw.ini
C:\WINDOWS\system32\misoxhlc.ini
C:\WINDOWS\system32\mitwtfip.dll
C:\WINDOWS\system32\mixtdgqw.dll
C:\WINDOWS\system32\mkecemup.ini
C:\WINDOWS\system32\mnognbov.dll
C:\WINDOWS\system32\mpjeyp.dll
C:\WINDOWS\system32\mrdwyifp.dll
C:\WINDOWS\system32\mrvwqtbt.ini
C:\WINDOWS\system32\msjohjtv.ini
C:\WINDOWS\system32\mtfbqdik.dll
C:\WINDOWS\system32\mwpghkaa.dll
C:\WINDOWS\system32\mwqdcpck.ini
C:\WINDOWS\system32\myaioids.dll
C:\WINDOWS\system32\myrusq.dll
C:\WINDOWS\system32\myukgpkb.dll
C:\WINDOWS\system32\narbpduc.ini
C:\WINDOWS\system32\ndjywnjo.ini
C:\WINDOWS\system32\ndtkcsux.dll
C:\WINDOWS\system32\nffgguqq.ini
C:\WINDOWS\system32\nhnoykyw.ini
C:\WINDOWS\system32\nhwwgbrd.dll
C:\WINDOWS\system32\nigqjhiw.dll
C:\WINDOWS\system32\njxnrfta.ini
C:\WINDOWS\system32\nlhykuhw.dll
C:\WINDOWS\system32\nmsvsbvx.ini
C:\WINDOWS\system32\nnqBIkkj.ini
C:\WINDOWS\system32\nnqBIkkj.ini2
C:\WINDOWS\system32\noeepebv.dll
C:\WINDOWS\system32\ntyjcdyd.dll
C:\WINDOWS\system32\nvskfdup.dll
C:\WINDOWS\system32\nxhmwcbl.ini
C:\WINDOWS\system32\nycrgv.dll
C:\WINDOWS\system32\nyofqxfi.dll
C:\WINDOWS\system32\oaxmrect.ini
C:\WINDOWS\system32\obtuhpjf.dll
C:\WINDOWS\system32\obvgrima.ini
C:\WINDOWS\system32\odnvjwrx.ini
C:\WINDOWS\system32\odsoqacf.ini
C:\WINDOWS\system32\oealrufo.dll
C:\WINDOWS\system32\ofxujpgu.dll
C:\WINDOWS\system32\ogexqlap.dll
C:\WINDOWS\system32\ogkhjogy.dll
C:\WINDOWS\system32\oguvmrnj.ini
C:\WINDOWS\system32\oikbhopb.dll
C:\WINDOWS\system32\oilswhpq.dll
C:\WINDOWS\system32\olqqlcox.dll
C:\WINDOWS\system32\omsbmarb.ini
C:\WINDOWS\system32\ooodnllg.dll
C:\WINDOWS\system32\oqstryfk.ini
C:\WINDOWS\system32\oschkdeg.ini
C:\WINDOWS\system32\osmdtlir.dll
C:\WINDOWS\system32\otiaobgq.ini
C:\WINDOWS\system32\otjmveye.ini
C:\WINDOWS\system32\oucivrvk.dll
C:\WINDOWS\system32\ouguwvxh.ini
C:\WINDOWS\system32\OVEOnqru.ini
C:\WINDOWS\system32\OVEOnqru.ini2
C:\WINDOWS\system32\oysjkmex.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\papbsyvd.dll
C:\WINDOWS\system32\pbisrndq.ini
C:\WINDOWS\system32\pcofdxjb.dll
C:\WINDOWS\system32\pfkeweko.ini
C:\WINDOWS\system32\phpucsae.ini
C:\WINDOWS\system32\pifxfior.dll
C:\WINDOWS\system32\pisbebua.ini
C:\WINDOWS\system32\pjhkbouw.dll
C:\WINDOWS\system32\pjmgfoek.dll
C:\WINDOWS\system32\pkttmqoa.ini
C:\WINDOWS\system32\pmbojdgu.ini
C:\WINDOWS\system32\pmvchwnd.ini
C:\WINDOWS\system32\pnjatygu.dll
C:\WINDOWS\system32\pqbaxclr.dll
C:\WINDOWS\system32\pqxlnvhg.ini
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\pubghwgi.dll
C:\WINDOWS\system32\puobsukm.ini
C:\WINDOWS\system32\puqqrlpj.dll
C:\WINDOWS\system32\purpdmst.ini
C:\WINDOWS\system32\pvapmtbh.dll
C:\WINDOWS\system32\pwjtrnou.ini
C:\WINDOWS\system32\pxjlwnkw.dll
C:\WINDOWS\system32\pxqdyavn.ini
C:\WINDOWS\system32\pxtejf.dll
C:\WINDOWS\system32\pxwpbmxa.ini
C:\WINDOWS\system32\pykpnalt.ini
C:\WINDOWS\system32\qapswldt.ini
C:\WINDOWS\system32\qcpjienr.ini
C:\WINDOWS\system32\qfywjrxc.ini
C:\WINDOWS\system32\qicogkfj.ini
C:\WINDOWS\system32\qikqanyt.ini
C:\WINDOWS\system32\qitflxkl.ini
C:\WINDOWS\system32\qjxvcjuu.ini
C:\WINDOWS\system32\qotsotjp.ini
C:\WINDOWS\system32\qpuosktv.dll
C:\WINDOWS\system32\qqowcihy.ini
C:\WINDOWS\system32\qquhdssx.dll
C:\WINDOWS\system32\qrbwjscg.ini
C:\WINDOWS\system32\qricthfw.dll
C:\WINDOWS\system32\qrifmvcx.ini
C:\WINDOWS\system32\qrqss.bak1
C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\qsvwysxg.ini
C:\WINDOWS\system32\qtkbuyny.dll
C:\WINDOWS\system32\qtukcclv.ini
C:\WINDOWS\system32\qvmtticj.ini
C:\WINDOWS\system32\qvqnrvlo.ini
C:\WINDOWS\system32\qxcyfxxr.ini
C:\WINDOWS\system32\rapkhkky.dll
C:\WINDOWS\system32\rbblucfw.ini
C:\WINDOWS\system32\rbwhdmyj.ini
C:\WINDOWS\system32\rckekcuy.dll
C:\WINDOWS\system32\RCMllnpo.ini
C:\WINDOWS\system32\RCMllnpo.ini2
C:\WINDOWS\system32\rdmljdyd.ini
C:\WINDOWS\system32\reuqoqbl.dll
C:\WINDOWS\system32\rjrojgdj.ini
C:\WINDOWS\system32\rkokvjdr.ini
C:\WINDOWS\system32\rqegcged.ini
C:\WINDOWS\system32\rrvptokd.ini
C:\WINDOWS\system32\rshuarmq.dll
C:\WINDOWS\system32\rwejwh.dll
C:\WINDOWS\system32\rxguemca.ini
C:\WINDOWS\system32\rxhafjrk.ini
C:\WINDOWS\system32\rxixiipj.dll
C:\WINDOWS\system32\salrnmpj.dll
C:\WINDOWS\system32\sbwhigrt.ini
C:\WINDOWS\system32\shpylskp.dll
C:\WINDOWS\system32\shyfkosu.dll
C:\WINDOWS\system32\sibmgcjj.ini
C:\WINDOWS\system32\sigfpprh.dll
C:\WINDOWS\system32\sjlgacjf.dll
C:\WINDOWS\system32\slxyobij.ini
C:\WINDOWS\system32\sntqvere.dll
C:\WINDOWS\system32\solxwooy.dll
C:\WINDOWS\system32\sptosthb.ini
C:\WINDOWS\system32\srauheod.ini
C:\WINDOWS\system32\sreqxh.dll
C:\WINDOWS\system32\srfqesqw.ini
C:\WINDOWS\system32\srohsbnk.dll
C:\WINDOWS\system32\sthfddto.ini
C:\WINDOWS\system32\swaccdnm.dll
C:\WINDOWS\system32\swfsbptd.ini
C:\WINDOWS\system32\sxcbluaa.ini
C:\WINDOWS\system32\sxdcve.dll
C:\WINDOWS\system32\SYaIRqss.ini
C:\WINDOWS\system32\SYaIRqss.ini2
C:\WINDOWS\system32\sylauqxe.ini
C:\WINDOWS\system32\tarxxgam.dll
C:\WINDOWS\system32\tavwymjd.ini
C:\WINDOWS\system32\tbkvwngl.ini
C:\WINDOWS\system32\tbrhvwuv.ini
C:\WINDOWS\system32\tcskjrrf.dll
C:\WINDOWS\system32\tcxmwgmk.dll
C:\WINDOWS\system32\tfioprkr.dll
C:\WINDOWS\system32\tgstofvh.ini
C:\WINDOWS\system32\timchfrd.ini
C:\WINDOWS\system32\tisbmdbh.ini
C:\WINDOWS\system32\tjbkavpt.ini
C:\WINDOWS\system32\tjejwmvd.dll
C:\WINDOWS\system32\tkqylrdj.ini
C:\WINDOWS\system32\tlhsxmvh.dll
C:\WINDOWS\system32\tlismbbl.ini
C:\WINDOWS\system32\tlpvvyem.ini
C:\WINDOWS\system32\tpbxafxt.dll
C:\WINDOWS\system32\tqksvpur.ini
C:\WINDOWS\system32\tqqoeftk.ini
C:\WINDOWS\system32\tstwa.bak1
C:\WINDOWS\system32\tstwa.bak2
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\tstwa.tmp
C:\WINDOWS\system32\ttouvcnc.ini
C:\WINDOWS\system32\tuixnqhv.ini
C:\WINDOWS\system32\tyhciaxo.dll
C:\WINDOWS\system32\uadpdcoe.ini
C:\WINDOWS\system32\ubjfjuut.ini
C:\WINDOWS\system32\ucewku.dll
C:\WINDOWS\system32\ucokjlct.ini
C:\WINDOWS\system32\udcbxysx.ini
C:\WINDOWS\system32\UDcJlUtv.ini
C:\WINDOWS\system32\UDcJlUtv.ini2
C:\WINDOWS\system32\ufnvulqh.dll
C:\WINDOWS\system32\ufysguie.dll
C:\WINDOWS\system32\ugklbggn.dll
C:\WINDOWS\system32\uklwfufe.dll
C:\WINDOWS\system32\ukylbmgh.ini
C:\WINDOWS\system32\ulrjjnjd.ini
C:\WINDOWS\system32\umtclrmh.dll
C:\WINDOWS\system32\uniulenc.dll
C:\WINDOWS\system32\unyfkywf.dll
C:\WINDOWS\system32\uokugwbp.ini
C:\WINDOWS\system32\uqurtgeq.ini
C:\WINDOWS\system32\utqnqwwe.ini
C:\WINDOWS\system32\uupatejd.dll
C:\WINDOWS\system32\uwdfriry.dll
C:\WINDOWS\system32\uwxtxiyy.ini
C:\WINDOWS\system32\uxafodmo.ini
C:\WINDOWS\system32\uyncio.dll
C:\WINDOWS\system32\vctmwnia.dll
C:\WINDOWS\system32\VEdfPqss.ini
C:\WINDOWS\system32\VEdfPqss.ini2
C:\WINDOWS\system32\vfbyxhmf.dll
C:\WINDOWS\system32\vgqsjpay.ini
C:\WINDOWS\system32\vgxfrcen.ini
C:\WINDOWS\system32\vkgdjb.dll
C:\WINDOWS\system32\vlelmtjx.ini
C:\WINDOWS\system32\vlqjsoqv.ini
C:\WINDOWS\system32\vnlrhrep.dll
C:\WINDOWS\system32\vrybejhl.dll
C:\WINDOWS\system32\vsdaxsnn.dll
C:\WINDOWS\system32\vssgyjai.dll
C:\WINDOWS\system32\vwaxwado.ini
C:\WINDOWS\system32\vwijxyqr.ini
C:\WINDOWS\system32\vxrebxst.ini
C:\WINDOWS\system32\wadxvnlk.ini
C:\WINDOWS\system32\WaGhRtwa.ini
C:\WINDOWS\system32\WaGhRtwa.ini2
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wbbqlagl.ini
C:\WINDOWS\system32\wefvpfhq.dll
C:\WINDOWS\system32\wgcylrex.dll
C:\WINDOWS\system32\WGfeLRqr.ini
C:\WINDOWS\system32\WGfeLRqr.ini2
C:\WINDOWS\system32\whhgyvdf.dll
C:\WINDOWS\system32\wkjqonid.ini
C:\WINDOWS\system32\wkmuilvh.dll
C:\WINDOWS\system32\wktkrjki.ini
C:\WINDOWS\system32\woerpoka.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\wpekulmk.dll
C:\WINDOWS\system32\wssdkvma.dll
C:\WINDOWS\system32\wswmxwxn.ini
C:\WINDOWS\system32\wteglaqp.ini
C:\WINDOWS\system32\wtgrjpcp.dll
C:\WINDOWS\system32\wuuhcstt.dll
C:\WINDOWS\system32\wvphuxja.dll
C:\WINDOWS\system32\wxlnyspn.ini
C:\WINDOWS\system32\wxytgpno.ini
C:\WINDOWS\system32\wycogrmg.ini
C:\WINDOWS\system32\xcpboccv.ini
C:\WINDOWS\system32\xerlycgw.ini
C:\WINDOWS\system32\xfmicbrl.ini
C:\WINDOWS\system32\xftnatmw.dll
C:\WINDOWS\system32\xglfrc.dll
C:\WINDOWS\system32\xhmnxudg.ini
C:\WINDOWS\system32\xhtdpxvg.dll
C:\WINDOWS\system32\xixkmylj.dll
C:\WINDOWS\system32\xjpvydfx.ini
C:\WINDOWS\system32\xkoqcj.dll
C:\WINDOWS\system32\xlkstoqu.ini
C:\WINDOWS\system32\xmbfqjrl.dll
C:\WINDOWS\system32\xmfoaxbx.ini
C:\WINDOWS\system32\xnrwshuv.ini
C:\WINDOWS\system32\xodidgsb.ini
C:\WINDOWS\system32\xottmqxj.ini
C:\WINDOWS\system32\xswrsgip.ini
C:\WINDOWS\system32\xumvfbib.ini
C:\WINDOWS\system32\xvekslcb.dll
C:\WINDOWS\system32\xvslhlfi.ini
C:\WINDOWS\system32\xxfymqdc.ini
C:\WINDOWS\system32\xxqffbly.ini
C:\WINDOWS\system32\yafbbjdv.ini
C:\WINDOWS\system32\yaisvaao.dll
C:\WINDOWS\system32\yfoxdfir.dll
C:\WINDOWS\system32\ygjoxpih.ini
C:\WINDOWS\system32\yhreskrd.dll
C:\WINDOWS\system32\yiyyfdbd.dll
C:\WINDOWS\system32\ykvxujot.dll
C:\WINDOWS\system32\yospwmbl.dll
C:\WINDOWS\system32\yptpxhqy.ini
C:\WINDOWS\system32\yqqxyqvb.ini
C:\WINDOWS\system32\yrmpqeee.dll
C:\WINDOWS\system32\yrwbkabb.ini
C:\WINDOWS\system32\yummfijv.ini
C:\WINDOWS\system32\yvvjodji.dll
C:\WINDOWS\system32\ywoyybmx.dll
C:\WINDOWS\system32\ywxsbshg.ini
C:\WINDOWS\system32\yxtunyfa.dll
C:\WINDOWS\system32\yyoqsltj.dll
C:\WINDOWS\system32\yyvngkcu.dll
C:\WINDOWS\system32\znpyjq.dll
C:\xcrashdump.dat
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 )))))))))))))))))))))))))))))))
.
2008-07-30 11:24 . 2008-07-30 11:24 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-07-30 10:37 . 2008-07-30 10:37 <DIR> d--hs---- C:\FOUND.064
2008-07-25 21:47 . 2008-07-25 21:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-25 17:46 . 2008-07-25 17:46 <DIR> d-------- C:\Program Files\Easy SpyRemover
2008-07-25 16:55 . 2006-08-18 22:50 <DIR> d-------- C:\Documents and Settings\NICOLA\iss
2008-07-25 16:55 . 2008-07-25 16:55 <DIR> d-------- C:\Documents and Settings\NICOLA\Application Data\Symantec
2008-07-25 16:55 . 2008-07-25 16:55 <DIR> d-------- C:\Documents and Settings\NICOLA\Application Data\ArcSoft
2008-07-25 16:55 . 2006-08-18 22:49 <DIR> d-------- C:\Documents and Settings\NICOLA\Application Data\Acer
2008-07-25 16:55 . 2008-07-25 16:55 <DIR> d-------- C:\Documents and Settings\NICOLA
2008-07-25 16:45 . 2008-07-25 16:45 <DIR> d-------- C:\Documents and Settings\MATTHEW\Application Data\Symantec
2008-07-25 16:44 . 2008-07-25 16:45 <DIR> d-------- C:\Documents and Settings\MATTHEW\Application Data\ArcSoft
2008-07-25 16:43 . 2006-08-18 22:50 <DIR> d-------- C:\Documents and Settings\MATTHEW\iss
2008-07-25 16:43 . 2006-08-18 22:49 <DIR> d-------- C:\Documents and Settings\MATTHEW\Application Data\Acer
2008-07-25 16:43 . 2008-07-25 16:43 <DIR> d-------- C:\Documents and Settings\MATTHEW
2008-07-25 16:18 . 2006-08-18 22:50 <DIR> d-------- C:\Documents and Settings\BETH\iss
2008-07-25 16:18 . 2008-07-25 16:18 <DIR> d-------- C:\Documents and Settings\BETH\Application Data\Symantec
2008-07-25 16:18 . 2008-07-25 16:18 <DIR> d-------- C:\Documents and Settings\BETH\Application Data\ArcSoft
2008-07-25 16:18 . 2006-08-18 22:49 <DIR> d-------- C:\Documents and Settings\BETH\Application Data\Acer
2008-07-25 16:18 . 2008-07-25 16:18 <DIR> d-------- C:\Documents and Settings\BETH
2008-07-25 15:58 . 2008-07-25 15:58 <DIR> d-------- C:\Program Files\Access Boss 3
2008-07-25 14:55 . 2006-08-18 21:40 <DIR> d-------- C:\Documents and Settings\BETH(2)\Templates(2)
2008-07-25 14:55 . 2006-08-18 21:40 <DIR> d--h----- C:\Documents and Settings\BETH(2)\Local Settings(2)
2008-07-25 14:55 . 2006-08-18 21:40 <DIR> d--h----- C:\Documents and Settings\BETH(2)\Application Data(2)
2008-07-25 14:55 . 2008-07-25 14:55 <DIR> d---s---- C:\Documents and Settings\BETH(2)
2008-07-25 13:19 . 2006-08-18 21:40 <DIR> d-------- C:\Documents and Settings\Nicola(2)\Templates(2)
2008-07-25 13:19 . 2006-08-18 21:40 <DIR> d-------- C:\Documents and Settings\Nicola(2)\Local Settings(2)
2008-07-25 13:19 . 2006-08-18 21:40 <DIR> d--h----- C:\Documents and Settings\Nicola(2)\Application Data(2)
2008-07-25 13:19 . 2008-07-25 13:19 <DIR> d---s---- C:\Documents and Settings\Nicola(2)
2008-07-25 09:30 . 2008-07-25 09:30 <DIR> d-------- C:\VundoFix Backups
2008-07-23 22:47 . 2008-07-23 22:47 <DIR> d--hs---- C:\FOUND.063
2008-07-23 21:31 . 2008-07-30 10:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-23 21:31 . 2008-07-23 21:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-23 21:30 . 2008-07-23 21:30 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-07-23 21:29 . 2008-07-23 21:29 <DIR> d-------- C:\Program Files\ArcSoft
2008-07-23 12:28 . 2008-07-23 12:28 <DIR> d--hs---- C:\FOUND.062
2008-07-23 12:21 . 2008-07-23 12:21 <DIR> d-------- C:\Documents and Settings\DAVID\Application Data\ArcSoft
2008-07-23 12:21 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-07-23 12:20 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-07-23 12:17 . 2008-07-23 12:17 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\DivX
2008-07-23 12:17 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2008-07-23 12:17 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\dllcache\mpe.sys
2008-07-23 12:16 . 2007-03-15 18:51 227,072 -ra------ C:\WINDOWS\system32\drivers\U6000ALL.sys
2008-07-23 12:16 . 2004-08-04 00:56 18,432 --a------ C:\WINDOWS\system32\dllcache\bdaplgin.ax
2008-07-23 12:16 . 2004-08-04 00:56 18,432 --a------ C:\WINDOWS\system32\BdaPlgIn.ax
2008-07-23 12:16 . 2004-08-03 23:10 11,776 --a------ C:\WINDOWS\system32\drivers\BdaSup.sys
2008-07-23 12:16 . 2004-08-03 23:10 11,776 --a------ C:\WINDOWS\system32\dllcache\bdasup.sys
2008-07-23 12:15 . 2008-07-23 12:15 <DIR> d-------- C:\Program Files\Mydrv
2008-07-22 23:12 . 2008-07-22 23:12 <DIR> d--hs---- C:\FOUND.061
2008-07-22 02:07 . 2008-07-23 10:47 2,386 ---hs---- C:\WINDOWS\system32\fqhsqeud.ini
2008-07-21 21:56 . 2008-07-21 21:56 <DIR> d--hs---- C:\FOUND.060
2008-07-21 02:08 . 2008-07-22 02:04 2,086 ---hs---- C:\WINDOWS\system32\qskxtxhv.ini
2008-07-20 02:07 . 2008-07-20 21:19 1,674 ---hs---- C:\WINDOWS\system32\wpkvqmao.ini
2008-07-19 16:00 . 2008-07-19 15:55 1,014 --ahs---- C:\WINDOWS\system32\wcthkjjs.ini
2008-07-19 15:41 . 2008-07-19 15:42 1,014 ---hs---- C:\WINDOWS\system32\wcthkjjs.tmp
2008-07-18 17:07 . 2008-07-18 17:07 1,439,094 ---hs---- C:\WINDOWS\system32\kwuwusev.tmp
2008-07-18 11:11 . 2008-07-18 11:11 <DIR> d--hs---- C:\FOUND.059
2008-07-18 10:36 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-10 03:51 . 2008-07-10 03:51 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-07-10 03:29 . 2008-07-10 03:29 <DIR> d--hs---- C:\FOUND.058
2008-07-08 18:51 . 2008-07-08 18:51 <DIR> d--hs---- C:\FOUND.057
2008-07-07 21:31 . 2008-07-07 21:31 <DIR> d--hs---- C:\FOUND.056
2008-07-07 16:24 . 2008-07-07 16:24 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-07 10:44 . 2008-07-07 10:44 <DIR> d--hs---- C:\FOUND.055
2008-07-06 00:33 . 2008-07-06 00:33 <DIR> d-------- C:\Program Files\CamStudio
2008-07-05 12:46 . 2008-07-05 12:46 <DIR> d--hs---- C:\FOUND.054
2008-07-02 01:36 . 2008-07-02 01:36 <DIR> d--hs---- C:\FOUND.053
2008-06-27 17:37 . 2008-06-27 17:37 111,168 --a------ C:\WINDOWS\system32\wmzkoh.dll
2008-06-27 17:37 . 2008-06-27 17:37 111,168 --a------ C:\WINDOWS\system32\aevrvfph.dll
2008-06-25 17:38 . 2008-06-25 17:38 111,680 --a------ C:\WINDOWS\system32\ferwpvhx.dll
2008-06-22 15:23 . 2008-07-30 10:42 110,350 --a------ C:\WINDOWS\BM1e3c22e6.xml
2008-06-22 15:22 . 2008-06-22 15:22 <DIR> d--hs---- C:\FOUND.052
2008-06-19 04:44 . 2008-06-19 04:44 <DIR> d--hs---- C:\FOUND.051
2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll
2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2008-06-11 11:07 . 2008-06-11 11:07 <DIR> d-------- C:\Documents and Settings\DAVID\Application Data\Symantec
2008-06-11 11:04 . 2008-06-11 11:04 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-06-11 11:02 . 2008-06-11 11:02 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-06-11 11:00 . 2008-06-12 13:10 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-11 11:00 . 2008-06-12 13:10 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-11 11:00 . 2008-06-12 13:10 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-11 11:00 . 2008-06-12 13:10 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-10 13:10 . 2008-06-10 13:10 <DIR> d--hs---- C:\FOUND.050
2008-06-09 19:58 . 2008-06-09 19:58 <DIR> d--hs---- C:\FOUND.049
2008-06-08 23:05 . 2008-06-08 23:05 <DIR> d--hs---- C:\FOUND.048
2008-06-06 20:21 . 2008-06-06 20:21 <DIR> d--hs---- C:\FOUND.047
2008-06-04 15:17 . 2008-06-04 15:17 <DIR> d--hs---- C:\FOUND.046
2008-06-03 22:46 . 2008-06-03 22:46 <DIR> d--hs---- C:\FOUND.045
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 13:14 31,280 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-30 02:08 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-03 12:05 94,511 --sh--w C:\WINDOWS\system32\ppeauegi.tmp
2008-04-21 06:57 666,624 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-21 06:57 666,624 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-17 10:47 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 01:02 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 05:58 7581696]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"IRReceive"="C:\WINDOWS\system32\IRReceive.exe" [2007-06-01 17:01 675913]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe [2008-07-23 21:29:59 249856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 11:02]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 12:20]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
S3 U6000ALL;U6000 TV Box(ALL);C:\WINDOWS\system32\DRIVERS\U6000ALL.sys [2007-03-15 18:51]
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2008-07-30 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - s!2C:\Program Files\Windows Live Toolbar\MSNTBUP.EXESYSTEM0< []
2008-07-10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - :C:\Program Files\Apple Software Update\SoftwareUpdate.exe-taskSYSTEM0 []
2008-07-14 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - DAVID.job - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 02:19]
2008-07-01 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - JAMES.job - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 02:19]
.
- - - - ORPHANS REMOVED - - - -
BHO-{6C0A4F2F-6A2B-41BD-B92F-CE33A8E03C1E} - C:\Documents and Settings\DAVID\Local Settings\Temporary Internet Files\Content.IE5\6JK7A583\3077ahntdksr[1].dll
BHO-{8B9743C1-9AB4-41A4-8AC7-B23AA84E58C0} - C:\WINDOWS\system32\ddcApNDU.dll
BHO-{D758C006-6F2B-4FBB-834D-609BD6FC7078} - C:\WINDOWS\system32\ddabc.dll
HKLM-Run-1d0f117a - C:\WINDOWS\system32\gmrgocyw.dll
HKLM-Run-Easy SpyRemover - C:\Program Files\Easy SpyRemover\EasySpyRemover.exe
HKLM-Run-BM1e3c22e6 - C:\WINDOWS\system32\tpbxafxt.dll
Notify-ssqrq - C:\WINDOWS\system32\ssqrq.dll
Notify-cbxxxxy - cbxxxxy.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
hxxp://en.uk.acer.yahoo.com/R0 -: HKCU-Main,Search Page =
hxxp://www.google.comR0 -: HKCU-Main,Search Bar =
hxxp://www.google.com/ieR0 -: HKLM-Main,Default_Search_URL =
hxxp://www.google.com/ieR0 -: HKLM-Main,Start Page =
hxxp://en.uk.acer.yahoo.comR0 -: HKCU-Search,SearchAssistant =
hxxp://www.google.com/ieR1 -: HKCU-SearchURL,(Default) =
hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant =
hxxp://www.google.com/ieO8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 -: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?4082c65fcdde43018626f68d2c7630c1
O8 -: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?4082c65fcdde43018626f68d2c7630c1
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-30 11:29:32
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-07-30 11:31:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-30 10:31:04
Pre-Run: 40,685,731,840 bytes free
Post-Run: 40,529,854,464 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
840 --- E O F --- 2008-07-23 09:49:11
Hijackthis log below:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:28, on 30/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\IRReceive.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://en.uk.acer.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://en.uk.acer.yahoo.comR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [IRReceive] C:\WINDOWS\system32\IRReceive.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
O8 - Extra context menu item: &Windows Live Search -
res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: Open in new background tab -
res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?4082c65fcdde43018626f68d2c7630c1
O8 - Extra context menu item: Open in new foreground tab -
res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?4082c65fcdde43018626f68d2c7630c1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) -
http://messenger.zone.msn.com/binary/Up ... b57176.cabO16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/So ... b56986.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://messenger.zone.msn.com/binary/ZI ... b56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 8983 bytes
On switching the laptop on this morning before loading combofix, I got a blue screen saying that there was a file inconsistency. This has happened frequently recently. Is this caused by the virus?
Got there at last, I hope. Thank you for your patience.