Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Can not remove Addware & SpyWare,Virtumande

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 10th, 2008, 4:37 pm

was unable to follow these last directions as there was no dllcache folder.
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am
Advertisement
Register to Remove

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby ktreffin » October 10th, 2008, 6:28 pm

More than likely it is a hidden folder.

Try this and then see if you can find the dllcache folder:

View hidden files and folders

Next, we need to enable the "Show Hidden Folders" Option. To do this, please do the following:
  • Click Start
  • Open My Computer
  • Select the Tools Menu and click Folder Options
  • Select the View Tab. Under the hidden files and folders heading select Show Hidden Files and Folders.
  • Uncheck the Hide Protected Operating System Files (recommended) option.
  • Click Yes to confirm
  • Click OK.

Check and see if you can locate the dllcache folder. If you can follow the steps, if not, let me know and we will go with plan B.
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 10th, 2008, 10:06 pm

Found the file that was hidden. Got to the next step and then the next road block appeared. It said:
Setup cannot copy bckg.chm

What is the next step? thanks.
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby ktreffin » October 11th, 2008, 9:41 am

Lets try this:

1) Go to Control Panel, Add or Remove Programs.
2) Click Add/Remove Windows Components.
2a) Highlight "Accessories & Utilities" & click "Details". Then UnCheck "Games"
3) UnCheck the box - Update Root Certificates and Click 'Next
4) Then ReCheck the box - Update Root Certificates and Click Next'

Do the above, and then try those steps one more time. I will keep my fingers crossed that this works.

Let me know what happens.
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 11th, 2008, 4:25 pm

It went forward this time. Do I recheck the games now?
I did Step #2 REGEDIT4 and named file fix.reg . Not sure if I did that right though. Tried to do the http step 3, got not found "downloads deta layLang en". What next?
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby sUBs » October 11th, 2008, 5:48 pm

This is the full URL

http://www.microsoft.com/downloads/details.aspx?FamilyID=f814ec0e-ee7e-435e-99f8-20b44d4531b0&DisplayLang=en
User avatar
sUBs
Honored Member (RIP)
 
Posts: 1397
Joined: October 27th, 2006, 2:52 pm

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 11th, 2008, 9:18 pm

ComboFix 08-10-11.02 - Robert 2008-10-11 20:08:05.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.694 [GMT -5:00]
Running from: C:\Documents and Settings\Robert\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
.

2008-10-05 15:37 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-04 21:14 . 2008-10-04 21:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-04 21:14 . 2008-10-04 21:14 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Malwarebytes
2008-10-04 21:14 . 2008-10-04 21:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-10-04 21:14 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-04 21:14 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-01 10:05 . 2008-10-01 10:26 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-01 10:05 . 2008-10-01 10:26 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-01 10:05 . 2008-10-01 10:26 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-01 09:53 . 2007-02-28 04:10 2,180,352 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-09-26 07:05 . 2008-09-26 07:05 <DIR> d-------- C:\rsit
2008-09-20 00:12 . 2008-09-20 00:14 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-09-19 11:54 . 2008-07-30 17:42 23,888 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-09-19 11:54 . 2008-07-30 17:28 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-09-19 11:54 . 2008-07-30 17:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-09-19 11:44 . 2008-09-19 11:44 <DIR> d--hs---- C:\found.000
2008-09-19 09:31 . 2008-09-19 09:31 16 --a------ C:\WINDOWS\system32\coh.cache
2008-09-19 08:15 . 2008-09-19 08:15 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Motive
2008-09-19 08:13 . 2008-10-01 09:21 <DIR> d-------- C:\WINDOWS\Motive
2008-09-19 08:13 . 2008-09-19 08:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motive
2008-09-17 20:34 . 2008-04-13 19:12 483,840 --a------ C:\WINDOWS\system32\SETE0.tmp
2008-09-17 20:34 . 2008-04-13 19:12 264,192 --a------ C:\WINDOWS\system32\SETF2.tmp
2008-09-17 20:34 . 2008-04-13 19:12 82,432 --a------ C:\WINDOWS\system32\SETEF.tmp
2008-09-17 20:34 . 2008-04-13 19:12 52,736 --a------ C:\WINDOWS\system32\SETE1.tmp
2008-09-17 20:34 . 2008-04-13 19:12 22,528 --a------ C:\WINDOWS\system32\SETE5.tmp
2008-09-17 20:34 . 2008-04-13 19:12 19,968 --a------ C:\WINDOWS\system32\SETEE.tmp
2008-09-17 20:34 . 2008-04-13 19:12 19,456 --a------ C:\WINDOWS\system32\SETE7.tmp
2008-09-17 20:34 . 2008-04-13 19:12 18,432 --a------ C:\WINDOWS\system32\SETE3.tmp
2008-09-17 20:34 . 2008-04-13 19:12 6,656 --a------ C:\WINDOWS\system32\SETF4A.tmp
2008-09-17 20:32 . 2008-04-13 19:11 3,066,880 --a------ C:\WINDOWS\system32\SET261.tmp
2008-09-17 20:17 . 2008-09-17 20:17 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-17 14:15 . 2008-09-17 14:15 197 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 21:49 --------- d-----w C:\Documents and Settings\Robert\Application Data\WeatherBug
2008-10-05 20:37 --------- d-----w C:\Program Files\Java
2008-10-05 01:52 --------- d-----w C:\Program Files\Viewpoint
2008-10-05 01:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-10-01 15:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-01 15:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-10-01 14:28 --------- d-----w C:\Program Files\Yahoo!
2008-10-01 14:28 --------- d-----w C:\Program Files\Common Files\Scanner
2008-10-01 14:27 --------- d-----w C:\Program Files\Symantec
2008-10-01 14:21 --------- d-----w C:\Program Files\Common Files\Vbox
2008-10-01 14:21 --------- d-----w C:\Program Files\Ahead
2008-10-01 14:21 --------- d-----w C:\Program Files\Absolute Poker
2008-10-01 04:44 --------- d-----w C:\Documents and Settings\Robert\Application Data\SuperNZB
2008-09-21 20:22 --------- d-----w C:\Program Files\Trend Micro
2008-09-19 18:29 --------- d-----w C:\Documents and Settings\Robert\Application Data\U3
2008-09-19 17:38 --------- d-----w C:\Program Files\RM Converter
2008-09-19 14:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-09-17 18:20 --------- d--h--r C:\Documents and Settings\Robert\Application Data\yahoo!
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2004-06-13 23:20 449 ----a-w C:\Documents and Settings\Robert\UpdateReg.reg
2002-10-16 07:39 19,552 ----a-w C:\Documents and Settings\Robert\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

2004-08-04 02:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-13 19:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
2004-08-04 02:56 17408 69fdf8b967ab39fef170454b6e943398 C:\WINDOWS\system32\svchost.exe

2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2008-04-13 19:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll

2005-05-25 14:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 12:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 05:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 06:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 06:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 14:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 21:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2008-06-20 05:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 05:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-04 02:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-05-26 20:38 483328 e7f9d2e4e4a94a6f58014e5ffa16a65e C:\WINDOWS\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\winlogon.exe
2008-04-13 19:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
2004-08-04 02:56 506368 d05b3d809fa8d9684807eeaa55237b7d C:\WINDOWS\system32\winlogon.exe

2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2008-04-13 14:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2008-04-13 13:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2007-06-13 05:23 1035776 84999af5063d29ab54ef88eba0409215 C:\WINDOWS\explorer.exe
2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-13 19:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe

2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-13 19:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
2004-08-04 02:56 110592 8ac9d5418c9f5911ee5e29ccc652678d C:\WINDOWS\system32\services.exe

2004-08-04 02:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-13 19:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
2004-08-04 02:56 14848 21cddf4ecaae17a98e020bc28960a04a C:\WINDOWS\system32\lsass.exe

2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-13 19:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe

2005-06-10 19:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 02:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2004-08-04 02:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-13 19:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
2005-06-10 18:53 58880 af4b08cf909b94ef2568736f3111c9d7 C:\WINDOWS\system32\spoolsv.exe

2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-13 19:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((( snapshot_2008-10-05_20.13.31.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-06-19 21:19:42 571,184 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-03-20 23:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
- 2008-04-03 21:33:16 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-11 20:13:55 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-03 21:33:16 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-11 20:13:55 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2004-08-04 07:56:44 17,408 ----a-w C:\WINDOWS\system32\Setup\ocmsn.dll
+ 2004-08-04 07:56:44 17,408 ----a-w C:\WINDOWS\system32\Setup\ocmsn.dll.OLD
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2wSysTray"="C:\Program Files\2Wire\2PortalMon.exe" [2003-10-10 393216]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-07 180269]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
2Wire Wireless Client Manager.lnk - C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE [2004-02-18 323584]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 1 (0x1)
"Btn_Search"= 2 (0x2)
"NoBandCustomize"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"VIDC.I263"= i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pnpsvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2004-09-01 11:26 66672 C:\Program Files\AIM95\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2003-01-31 09:42 1228800 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
--a------ 2003-07-14 14:30 98304 C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\ipmon32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2003-05-19 00:14 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-05-07 06:47 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
--a------ 2004-09-09 17:35 1597440 C:\Program Files\AWS\WeatherBug\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
--a------ 2006-07-21 16:19 129536 C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2002-05-03 10:06 364544 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a------ 2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RpcPatch"=2 (0x2)
"MDM"=2 (0x2)
"C-DillaSrv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
"nwiz"=nwiz.exe /install
"UpdReg"=C:\WINDOWS\Updreg.exe
"CTStartup"=C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
"Jet Detection"=C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-05 9344]
R1 BpCdrVsd;BpCdrVsd;C:\WINDOWS\system32\drivers\BpCdrVsd.sys [2002-12-12 7936]
R1 bpfinder;BACKPACK Finder;C:\WINDOWS\system32\DRIVERS\bpfinder.sys [2003-02-17 62279]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2003-01-31 389504]
R3 bpflt;BACKPACK Filter;C:\WINDOWS\system32\DRIVERS\bpflt.sys [2002-08-08 4538]
R3 wltwo48b;2Wire Wireless PC Card Driver;C:\WINDOWS\system32\DRIVERS\wltwo48b.sys [2003-08-10 170496]
S0 Cdr4vsd;Cdr4vsd;C:\WINDOWS\system32\drivers\Cdr4vsd.sys [2003-03-26 72032]
S1 af51f9f7;af51f9f7;C:\WINDOWS\system32\drivers\af51f9f7.sys [ ]
S2 pnpsvc;Plug and Play svc service;C:\WINDOWS\system32\svchost.exe [2004-08-04 17408]
S3 AON325;AOpen AON-325 10/100M Fast Ethernet PCI Adapter;C:\WINDOWS\system32\DRIVERS\AON325.SYS [2001-04-16 24172]
S3 ATIPCXXX;ATI Parental control device;C:\WINDOWS\system32\DRIVERS\atipcxxx.sys [2001-08-17 10240]
S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP);C:\WINDOWS\system32\DRIVERS\atirtcap.sys [2001-08-17 49920]
S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);C:\WINDOWS\system32\DRIVERS\ativxbar.sys [2001-08-17 26624]
S3 bppccard;BACKPACK PC Card;C:\WINDOWS\system32\DRIVERS\bppccard.sys [2003-01-09 5493]
S3 bppnpdrv;BACKPACK Driver;C:\WINDOWS\system32\DRIVERS\bppnpdrv.sys [2003-02-17 19670]
S3 bpusbdrv;BACKPACK USB 1 Cable;C:\WINDOWS\system32\DRIVERS\bpusbdrv.sys [2003-02-06 109708]
S3 bpusbflt;BACKPACK USB Filter;C:\WINDOWS\system32\DRIVERS\bpusbflt.sys [2002-08-08 8333]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\sustucam.sys [2006-04-12 38016]
S3 SUSTUCAP;Susteen USB Cable Port Driver;C:\WINDOWS\system32\DRIVERS\sustucap.sys [2006-04-12 38016]
S3 SUSTUCAU;Susteen USB Cable USB Driver;C:\WINDOWS\system32\DRIVERS\sustucau.sys [2006-04-12 20096]
S3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS [2002-02-28 29056]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pnpsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bfee426-7b89-11dd-96c2-000feafaf926}]
\shell\autorun\command - G:\podcastready.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-12 C:\WINDOWS\Tasks\AB5C3A3B9183B003.job
- c:\docume~1\robert\applic~1\timeph~1\Slow Owns Wma.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\laefvq4y.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 20:10:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-10-11 20:12:49
ComboFix-quarantined-files.txt 2008-10-12 01:11:46
ComboFix2.txt 2008-10-06 01:14:42
ComboFix3.txt 2008-09-20 05:06:10
ComboFix4.txt 2008-09-19 19:37:03

Pre-Run: 4,016,148,480 bytes free
Post-Run: 4,050,640,896 bytes free

273 --- E O F --- 2008-10-02 08:00:46


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:09 PM, on 10/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... potc_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=23100
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.c ... _0_2_6.cab
O23 - Service: Automatic LiveUpdate Scheduler (automatic liveupdate scheduler) - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate (liveupdate) - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: AOpen NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6341 bytes
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby sUBs » October 12th, 2008, 10:05 am

Do you have access to another Windows XP Service Pack 2 machine?
User avatar
sUBs
Honored Member (RIP)
 
Posts: 1397
Joined: October 27th, 2006, 2:52 pm

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 12th, 2008, 11:43 am

No, the one we are working on has the Service Pak 2 with the upgrade icon showing to upgrade to service pak 3. I did not want to try and do anything different till we got the problems straighten out. The one with problem is my sons.

I do have a Hp 520 upstairs with the upgrade dservice pak 3 installed on it now, it came with the original service pak 2 I believe.
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby sUBs » October 12th, 2008, 4:11 pm

Please upgrade to Service Pack 3. It shall partially rebuild the catalogs in the Catroot folder.

We'll continue after that. Kindly post a fresh ComboFix log after upgrading. We shall need to determine what needs rebuilding.
User avatar
sUBs
Honored Member (RIP)
 
Posts: 1397
Joined: October 27th, 2006, 2:52 pm

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 13th, 2008, 8:33 am

Unable to install the service pak 3. It starts to install, but then has a problem with 3rd party files making it unable to update. Install incomplete. The machine became really messed up trying it, had to go back to a earlier restore point just to get it to work again. What next?
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby ktreffin » October 13th, 2008, 8:13 pm

Hi Schef,

After talking with sUBs, he would like for you to run another batch file.

Please download this file from HERE

Download this file and save it to your Desktop. Once you have it downloaded, double click on it to run it. A window will open and close. This is normal.

After running the file, notepad should open with the contents of log.txt. Please post the contents of this log in your next reply.

>>IMPORTANT<<

Do not reboot machine until we give you the go ahead. As soon as we review the log, you will be instructed to reboot the machine.
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 14th, 2008, 1:49 am

--a------ 04/13/2008 07:12 PM 1033728 C:\WINDOWS\explorer.exe
--a------ 04/13/2008 07:12 PM 13312 C:\WINDOWS\system32\lsass.exe
--a------ 04/13/2008 07:12 PM 57856 C:\WINDOWS\system32\spoolsv.exe
--a------ 04/13/2008 07:12 PM 14336 C:\WINDOWS\system32\svchost.exe
--a------ 04/13/2008 07:12 PM 507904 C:\WINDOWS\system32\winlogon.exe
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby sUBs » October 14th, 2008, 4:19 am

You may reboot the machine. The patched files have been removed.

After the reboot, kindly furnish a fresh combofix log & update us as to how the machine is behaving now
User avatar
sUBs
Honored Member (RIP)
 
Posts: 1397
Joined: October 27th, 2006, 2:52 pm

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 15th, 2008, 1:36 am

ComboFix 08-10-11.02 - Robert 2008-10-14 13:35:44.6 - NTFSx86
Running from: C:\Documents and Settings\Robert\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
.

2008-10-13 02:41 . 2008-10-13 02:41 335 --a------ C:\WINDOWS\mozregistry.dat
2008-10-05 15:37 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-04 21:14 . 2008-10-04 21:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-04 21:14 . 2008-10-04 21:14 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Malwarebytes
2008-10-04 21:14 . 2008-10-04 21:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-10-04 21:14 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-04 21:14 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-01 10:05 . 2008-10-12 19:33 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-01 10:05 . 2008-10-12 19:33 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-01 10:05 . 2008-10-12 19:33 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-01 09:53 . 2007-02-28 04:10 2,180,352 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-09-26 07:05 . 2008-09-26 07:05 <DIR> d-------- C:\rsit
2008-09-20 00:12 . 2008-09-20 00:14 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-09-19 11:54 . 2008-07-30 17:42 23,888 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-09-19 11:54 . 2008-07-30 17:28 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-09-19 11:54 . 2008-07-30 17:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-09-19 11:44 . 2008-09-19 11:44 <DIR> d--hs---- C:\found.000
2008-09-19 09:31 . 2008-09-19 09:31 16 --a------ C:\WINDOWS\system32\coh.cache
2008-09-19 08:15 . 2008-09-19 08:15 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Motive
2008-09-19 08:13 . 2008-10-01 09:21 <DIR> d-------- C:\WINDOWS\Motive
2008-09-19 08:13 . 2008-09-19 08:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motive
2008-09-17 20:33 . 2008-04-13 19:12 8,461,312 --a------ C:\WINDOWS\system32\SET1DF.tmp
2008-09-17 20:32 . 2008-04-13 19:11 3,066,880 --a------ C:\WINDOWS\system32\SET312.tmp
2008-09-17 20:17 . 2008-09-17 20:17 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-17 14:15 . 2008-09-17 14:15 197 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 21:49 --------- d-----w C:\Documents and Settings\Robert\Application Data\WeatherBug
2008-10-05 20:37 --------- d-----w C:\Program Files\Java
2008-10-05 01:52 --------- d-----w C:\Program Files\Viewpoint
2008-10-05 01:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-10-01 15:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-01 15:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-10-01 14:28 --------- d-----w C:\Program Files\Yahoo!
2008-10-01 14:28 --------- d-----w C:\Program Files\Common Files\Scanner
2008-10-01 14:27 --------- d-----w C:\Program Files\Symantec
2008-10-01 14:21 --------- d-----w C:\Program Files\Common Files\Vbox
2008-10-01 14:21 --------- d-----w C:\Program Files\Ahead
2008-10-01 14:21 --------- d-----w C:\Program Files\Absolute Poker
2008-10-01 04:44 --------- d-----w C:\Documents and Settings\Robert\Application Data\SuperNZB
2008-09-21 20:22 --------- d-----w C:\Program Files\Trend Micro
2008-09-19 18:29 --------- d-----w C:\Documents and Settings\Robert\Application Data\U3
2008-09-19 17:38 --------- d-----w C:\Program Files\RM Converter
2008-09-19 14:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-09-17 18:20 --------- d--h--r C:\Documents and Settings\Robert\Application Data\yahoo!
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2004-06-13 23:20 449 ----a-w C:\Documents and Settings\Robert\UpdateReg.reg
2002-10-16 07:39 19,552 ----a-w C:\Documents and Settings\Robert\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

2004-08-04 02:56 17408 69fdf8b967ab39fef170454b6e943398 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 02:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-13 19:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\system32\svchost.exe

2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2008-04-13 19:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll

2005-05-25 14:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 12:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 05:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 06:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 06:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 05:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 14:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 21:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2008-06-20 05:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 05:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-04 02:56 506368 d05b3d809fa8d9684807eeaa55237b7d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-04 02:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-05-26 20:38 483328 e7f9d2e4e4a94a6f58014e5ffa16a65e C:\WINDOWS\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\winlogon.exe
2008-04-13 19:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\system32\winlogon.exe

2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2008-04-13 14:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2008-04-13 13:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-13 19:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\explorer.exe
2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 05:23 1035776 84999af5063d29ab54ef88eba0409215 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2004-08-04 02:56 110592 8ac9d5418c9f5911ee5e29ccc652678d C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-13 19:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
2004-08-04 02:56 110592 8ac9d5418c9f5911ee5e29ccc652678d C:\WINDOWS\system32\services.exe

2004-08-04 02:56 14848 21cddf4ecaae17a98e020bc28960a04a C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-04 02:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-13 19:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\system32\lsass.exe

2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-13 19:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe

2005-06-10 19:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-10 18:53 58880 af4b08cf909b94ef2568736f3111c9d7 C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 02:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2004-08-04 02:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-13 19:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\system32\spoolsv.exe

2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-13 19:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((( snapshot_2008-10-05_20.13.31.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-06-13 10:23:07 1,035,776 ----a-w C:\WINDOWS\explorer(2).exe
+ 2004-08-04 07:56:29 62,976 ----a-w C:\WINDOWS\ime\spgrmr(2).dll
+ 2004-08-04 07:56:45 250,880 ----a-w C:\WINDOWS\ime\sptip(2).dll
+ 2004-08-04 07:56:44 38,912 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc(2).dll
- 2004-08-04 08:07:21 1,788 ----a-w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2008-04-14 00:25:26 1,804 ----a-w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2004-08-04 07:56:41 194,048 ----a-w C:\WINDOWS\system32\activeds(2).dll
+ 2004-08-04 07:56:41 101,888 ----a-w C:\WINDOWS\system32\actxprxy(2).dll
+ 2004-08-04 07:56:41 143,360 ----a-w C:\WINDOWS\system32\adsldpc(2).dll
+ 2004-08-04 07:56:41 99,840 ----a-w C:\WINDOWS\system32\advpack(2).dll
+ 2004-08-04 07:56:47 44,544 ----a-w C:\WINDOWS\system32\alg(2).exe
+ 2004-08-04 07:56:41 58,880 ----a-w C:\WINDOWS\system32\atl(2).dll
+ 2004-08-04 07:56:41 42,496 ----a-w C:\WINDOWS\system32\audiosrv(2).dll
+ 2005-03-02 18:09:29 56,832 ----a-w C:\WINDOWS\system32\authz(2).dll
+ 2004-08-04 07:56:41 84,992 ----a-w C:\WINDOWS\system32\avifil32(2).dll
+ 2004-08-04 07:56:41 28,672 ----a-w C:\WINDOWS\system32\batmeter(2).dll
+ 2004-08-04 07:55:59 63,488 ----a-w C:\WINDOWS\system32\browselc(2).dll
+ 2008-06-23 15:38:28 1,023,488 ----a-w C:\WINDOWS\system32\browseui(2).dll
+ 2004-08-04 07:56:41 59,904 ----a-w C:\WINDOWS\system32\cabinet(2).dll
+ 2005-07-26 04:39:42 225,792 ----a-w C:\WINDOWS\system32\catsrv(2).dll
+ 2005-07-26 04:39:43 625,152 ----a-w C:\WINDOWS\system32\catsrvut(2).dll
+ 2004-08-04 07:56:41 194,560 ----a-w C:\WINDOWS\system32\certcli(2).dll
+ 2004-08-04 07:56:00 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32(2).dll
+ 2005-07-26 04:39:43 498,688 ----a-w C:\WINDOWS\system32\clbcatq(2).dll
+ 2004-08-04 07:56:41 57,856 ----a-w C:\WINDOWS\system32\clusapi(2).dll
+ 2004-08-04 07:56:41 47,104 ----a-w C:\WINDOWS\system32\cnbjmon(2).dll
+ 2005-07-26 04:39:43 60,416 ----a-w C:\WINDOWS\system32\colbact(2).dll
+ 2004-08-04 07:56:41 792,064 ----a-w C:\WINDOWS\system32\comres(2).dll
+ 2005-07-26 04:39:44 1,267,200 ----a-w C:\WINDOWS\system32\comsvcs(2).dll
+ 2004-08-04 07:56:41 163,840 ----a-w C:\WINDOWS\system32\credui(2).dll
+ 2004-08-04 07:56:41 597,504 ----a-w C:\WINDOWS\system32\crypt32(2).dll
+ 2004-08-04 07:56:41 33,280 ----a-w C:\WINDOWS\system32\cryptdll(2).dll
+ 2004-08-04 07:56:41 63,488 ----a-w C:\WINDOWS\system32\cryptnet(2).dll
+ 2004-08-04 07:56:41 60,416 ----a-w C:\WINDOWS\system32\cryptsvc(2).dll
+ 2004-08-04 07:56:41 512,512 ----a-w C:\WINDOWS\system32\cryptui(2).dll
+ 2004-08-04 07:56:41 101,888 ----a-w C:\WINDOWS\system32\cscdll(2).dll
+ 2004-08-04 07:56:41 326,656 ----a-w C:\WINDOWS\system32\cscui(2).dll
+ 2004-08-04 07:56:48 6,144 ----a-w C:\WINDOWS\system32\csrss(2).exe
+ 2004-08-04 07:56:48 15,360 ----a-w C:\WINDOWS\system32\ctfmon(2).exe
+ 2004-08-04 07:56:42 24,576 ----a-w C:\WINDOWS\system32\davclnt(2).dll
- 2004-08-04 08:07:21 1,788 ----a-w C:\WINDOWS\system32\dcache.bin
+ 2008-04-14 00:25:26 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
+ 2004-08-04 07:56:42 8,704 ----a-w C:\WINDOWS\system32\dciman32(2).dll
+ 2004-08-04 07:56:42 266,240 ----a-w C:\WINDOWS\system32\ddraw(2).dll
+ 2004-08-04 07:56:42 27,136 ----a-w C:\WINDOWS\system32\ddrawex(2).dll
+ 2004-08-04 07:56:42 68,608 ----a-w C:\WINDOWS\system32\digest(2).dll
+ 2004-08-04 07:56:42 23,552 ----a-w C:\WINDOWS\system32\dmserver(2).dll
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi(2).dll
+ 2004-08-04 07:56:42 14,336 ----a-w C:\WINDOWS\system32\drprov(2).dll
+ 2004-08-04 05:31:43 137,216 ----a-w C:\WINDOWS\system32\dssenh(2).dll
+ 2004-08-04 07:56:42 304,128 ----a-w C:\WINDOWS\system32\duser(2).dll
+ 2004-08-04 07:56:42 23,040 ----a-w C:\WINDOWS\system32\ersvc(2).dll
+ 2008-07-07 20:32:22 253,952 ----a-w C:\WINDOWS\system32\es(2).dll
+ 2005-10-20 22:20:03 1,082,368 ----a-w C:\WINDOWS\system32\esent(2).dll
+ 2004-08-04 07:56:42 55,808 ----a-w C:\WINDOWS\system32\eventlog(2).dll
- 2008-05-01 07:11:51 117,360 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-13 06:54:02 117,360 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2004-08-04 07:56:42 344,064 ----a-w C:\WINDOWS\system32\hnetcfg(2).dll
+ 2004-08-04 07:56:42 11,264 ----a-w C:\WINDOWS\system32\icaapi(2).dll
+ 2004-08-04 07:56:42 35,840 ----a-w C:\WINDOWS\system32\imgutil(2).dll
+ 2004-08-04 07:56:42 33,280 ----a-w C:\WINDOWS\system32\inetmib1(2).dll
+ 2004-08-04 07:56:42 75,264 ----a-w C:\WINDOWS\system32\inetpp(2).dll
+ 2006-05-19 12:59:41 94,720 ----a-w C:\WINDOWS\system32\iphlpapi(2).dll
+ 2004-08-04 07:56:42 331,264 ----a-w C:\WINDOWS\system32\ipnathlp(2).dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript(2).dll
+ 2005-06-15 17:49:30 295,936 ----a-w C:\WINDOWS\system32\kerberos(2).dll
- 2006-06-19 21:19:42 571,184 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-03-20 23:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
+ 2005-09-01 01:41:53 19,968 ----a-w C:\WINDOWS\system32\linkinfo(2).dll
+ 2004-08-04 07:56:42 97,280 ----a-w C:\WINDOWS\system32\loadperf(2).dll
+ 2004-08-04 07:56:50 14,848 ----a-w C:\WINDOWS\system32\lsass(2).exe
+ 2004-08-04 07:56:42 1,028,096 ----a-w C:\WINDOWS\system32\mfc42(2).dll
+ 2004-08-04 07:56:42 22,528 ----a-w C:\WINDOWS\system32\mfcsubs(2).dll
+ 2004-08-04 07:56:42 18,944 ----a-w C:\WINDOWS\system32\midimap(2).dll
+ 2004-08-04 07:56:42 586,240 ----a-w C:\WINDOWS\system32\mlang(2).dll
+ 2004-08-04 07:56:42 59,904 ----a-w C:\WINDOWS\system32\mpr(2).dll
+ 2004-08-04 07:56:42 87,040 ----a-w C:\WINDOWS\system32\mprapi(2).dll
+ 2007-07-06 12:46:59 95,744 ----a-w C:\WINDOWS\system32\mqsec(2).dll
+ 2007-07-06 12:46:59 471,552 ----a-w C:\WINDOWS\system32\mqutil(2).dll
+ 2004-08-04 07:56:42 71,680 ----a-w C:\WINDOWS\system32\msacm32(2).dll
+ 2004-08-04 07:56:42 86,016 ----a-w C:\WINDOWS\system32\msapsspc(2).dll
+ 2004-08-04 07:56:42 57,344 ----a-w C:\WINDOWS\system32\msasn1(2).dll
+ 2008-06-24 16:23:05 74,240 ----a-w C:\WINDOWS\system32\mscms(2).dll
+ 2004-08-04 07:56:42 294,400 ----a-w C:\WINDOWS\system32\msctf(2).dll
+ 2008-06-23 15:38:33 449,024 ----a-w C:\WINDOWS\system32\mshtmled(2).dll
+ 2004-08-04 07:56:43 6,656 ----a-w C:\WINDOWS\system32\msidle(2).dll
+ 2004-08-04 07:56:43 4,608 ----a-w C:\WINDOWS\system32\msimg32(2).dll
+ 2004-08-04 07:56:43 159,232 ----a-w C:\WINDOWS\system32\msimtf(2).dll
+ 2004-08-04 07:56:43 25,088 ----a-w C:\WINDOWS\system32\mslbui(2).dll
+ 2004-08-04 07:56:43 30,208 ----a-w C:\WINDOWS\system32\mspatcha(2).dll
+ 2004-08-04 07:56:18 48,128 ----a-w C:\WINDOWS\system32\msprivs(2).dll
+ 2004-08-04 07:56:43 115,712 ----a-w C:\WINDOWS\system32\mstlsapi(2).dll
+ 2004-08-04 07:56:43 195,072 ----a-w C:\WINDOWS\system32\msutb(2).dll
+ 2004-08-04 07:56:43 413,696 ----a-w C:\WINDOWS\system32\msvcp60(2).dll
+ 2004-08-04 07:56:43 343,040 ----a-w C:\WINDOWS\system32\msvcrt(2).dll
+ 2004-08-04 05:58:25 61,440 ----a-w C:\WINDOWS\system32\msvcrt40(2).dll
+ 2004-08-04 07:56:43 120,832 ----a-w C:\WINDOWS\system32\msvfw32(2).dll
+ 2008-06-20 17:41:10 245,248 ----a-w C:\WINDOWS\system32\mswsock(2).dll
+ 2006-03-01 19:42:42 66,560 ----a-w C:\WINDOWS\system32\mtxclu(2).dll
+ 2004-08-04 07:56:44 17,920 ----a-w C:\WINDOWS\system32\nddeapi(2).dll
+ 2006-08-17 12:28:27 332,288 ----a-w C:\WINDOWS\system32\netapi32(2).dll
+ 2004-08-04 07:56:44 622,080 ----a-w C:\WINDOWS\system32\netcfgx(2).dll
+ 2004-08-04 07:56:44 407,040 ----a-w C:\WINDOWS\system32\netlogon(2).dll
+ 2005-08-22 18:29:46 197,632 ----a-w C:\WINDOWS\system32\netman(2).dll
+ 2004-08-04 07:56:44 1,708,032 ----a-w C:\WINDOWS\system32\netshell(2).dll
+ 2004-08-04 07:56:44 248,832 ----a-w C:\WINDOWS\system32\newdev(2).dll
+ 2004-08-04 07:56:44 67,072 ----a-w C:\WINDOWS\system32\ntdsapi(2).dll
+ 2004-08-04 07:56:44 118,784 ----a-w C:\WINDOWS\system32\ntmarta(2).dll
+ 2004-08-04 07:56:44 143,872 ----a-w C:\WINDOWS\system32\ntshrui(2).dll
+ 2001-08-23 12:00:00 60,928 ----a-w C:\WINDOWS\system32\ocmanage(2).dll
+ 2005-07-26 04:39:48 1,285,120 ----a-w C:\WINDOWS\system32\ole32(2).dll
+ 2005-07-26 04:39:48 74,752 ----a-w C:\WINDOWS\system32\olecli32(2).dll
- 2008-04-03 21:33:16 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-13 00:45:19 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-03 21:33:16 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-13 00:45:19 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2004-08-04 07:56:44 25,088 ----a-w C:\WINDOWS\system32\perfos(2).dll
+ 2004-08-04 07:56:44 15,360 ----a-w C:\WINDOWS\system32\pjlmon(2).dll
+ 2008-06-23 15:38:33 39,424 ----a-w C:\WINDOWS\system32\pngfilt(2).dll
+ 2004-08-04 07:56:44 17,408 ----a-w C:\WINDOWS\system32\powrprof(2).dll
+ 2004-08-04 07:56:44 27,648 ----a-w C:\WINDOWS\system32\profmap(2).dll
+ 2004-08-04 07:56:44 23,040 ----a-w C:\WINDOWS\system32\psapi(2).dll
+ 2004-08-04 07:56:44 96,768 ----a-w C:\WINDOWS\system32\psbase(2).dll
+ 2004-08-04 07:56:44 34,304 ----a-w C:\WINDOWS\system32\pstorsvc(2).dll
+ 2006-06-26 17:37:10 8,192 ----a-w C:\WINDOWS\system32\rasadhlp(2).dll
+ 2004-08-04 07:56:44 69,632 ----a-w C:\WINDOWS\system32\raschap(2).dll
+ 2006-06-22 10:47:18 181,248 ----a-w C:\WINDOWS\system32\rasmans(2).dll
+ 2004-08-04 07:56:44 206,336 ----a-w C:\WINDOWS\system32\rasppp(2).dll
+ 2004-08-04 07:56:44 112,128 ----a-w C:\WINDOWS\system32\rastls(2).dll
+ 2004-08-04 07:56:44 49,664 ----a-w C:\WINDOWS\system32\regapi(2).dll
+ 2004-08-04 07:56:44 59,904 ----a-w C:\WINDOWS\system32\regsvc(2).dll
+ 2008-10-13 06:52:30 3,253,928 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2004-08-04 07:56:44 58,880 ----a-w C:\WINDOWS\system32\resutils(2).dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4(2).dll
+ 2005-07-26 04:39:49 397,824 ----a-w C:\WINDOWS\system32\rpcss(2).dll
+ 2004-08-04 05:31:43 152,576 ----a-w C:\WINDOWS\system32\rsaenh(2).dll
+ 2004-08-04 07:56:44 44,032 ----a-w C:\WINDOWS\system32\rtutils(2).dll
+ 2004-08-04 07:56:44 180,224 ----a-w C:\WINDOWS\system32\scecli(2).dll
+ 2004-08-04 07:56:44 313,856 ----a-w C:\WINDOWS\system32\scesrv(2).dll
+ 2004-08-04 07:56:44 190,976 ----a-w C:\WINDOWS\system32\schedsvc(2).dll
+ 2004-08-04 07:56:44 18,944 ----a-w C:\WINDOWS\system32\seclogon(2).dll
+ 2004-08-04 07:56:44 55,808 ----a-w C:\WINDOWS\system32\secur32(2).dll
+ 2004-08-04 07:56:44 5,632 ----a-w C:\WINDOWS\system32\security(2).dll
+ 2004-08-04 07:56:44 38,912 ----a-w C:\WINDOWS\system32\sens(2).dll
+ 2004-08-04 07:56:44 6,656 ----a-w C:\WINDOWS\system32\sensapi(2).dll
+ 2001-08-23 12:00:00 259,584 ----a-w C:\WINDOWS\system32\Setup\comsetup(2).dll
+ 2004-08-04 07:56:42 32,828 ----a-w C:\WINDOWS\system32\Setup\fp40ext(2).dll
+ 2004-08-04 07:56:42 132,608 ----a-w C:\WINDOWS\system32\Setup\fxsocm(2).dll
+ 2004-08-04 07:56:42 505,344 ----a-w C:\WINDOWS\system32\Setup\iis(2).dll
+ 2001-08-23 12:00:00 115,712 ----a-w C:\WINDOWS\system32\Setup\imsinsnt(2).dll
+ 2004-08-04 07:56:42 16,896 ----a-w C:\WINDOWS\system32\Setup\medctroc(2).dll
+ 2001-08-23 12:00:00 82,432 ----a-w C:\WINDOWS\system32\Setup\msdtcstp(2).dll
+ 2004-08-04 07:56:43 15,360 ----a-w C:\WINDOWS\system32\Setup\msgrocm(2).dll
+ 2004-08-04 07:56:43 169,984 ----a-w C:\WINDOWS\system32\Setup\msmqocm(2).dll
+ 2004-08-04 07:56:44 77,312 ----a-w C:\WINDOWS\system32\Setup\netoc(2).dll
+ 2004-08-04 07:56:44 62,976 ----a-w C:\WINDOWS\system32\Setup\ntoc(2).dll
+ 2004-08-04 07:56:44 15,872 ----a-w C:\WINDOWS\system32\Setup\ocgen(2).dll
+ 2004-08-04 07:56:44 17,408 ----a-w C:\WINDOWS\system32\Setup\ocmsn(2).dll
+ 2004-08-04 07:56:44 17,408 ----a-w C:\WINDOWS\system32\Setup\ocmsn.dll
+ 2004-08-04 07:56:44 17,408 ----a-w C:\WINDOWS\system32\Setup\ocmsn.dll.OLD
+ 2004-08-04 07:56:44 101,376 ----a-w C:\WINDOWS\system32\Setup\setupqry(2).dll
+ 2004-08-04 07:56:46 33,792 ----a-w C:\WINDOWS\system32\Setup\tabletoc(2).dll
+ 2004-08-04 07:56:46 121,856 ----a-w C:\WINDOWS\system32\Setup\tsoc(2).dll
+ 2004-08-04 07:56:44 5,120 ----a-w C:\WINDOWS\system32\sfc(2).dll
+ 2004-08-04 07:56:44 140,288 ----a-w C:\WINDOWS\system32\sfc_os(2).dll
+ 2004-08-04 07:56:27 549,376 ----a-w C:\WINDOWS\system32\shdoclc(2).dll
+ 2007-10-26 03:36:51 8,454,656 ----a-w C:\WINDOWS\system32\shell32(2).dll
+ 2008-06-23 15:38:34 474,112 ----a-w C:\WINDOWS\system32\shlwapi(2).dll
+ 2004-08-04 07:56:45 151,552 ----a-w C:\WINDOWS\system32\shmedia(2).dll
+ 2004-08-04 07:56:45 151,552 ----a-w C:\WINDOWS\system32\shmedia(3).dll
+ 2006-12-19 21:52:18 134,656 ----a-w C:\WINDOWS\system32\shsvcs(2).dll
+ 2004-08-04 07:56:45 18,944 ----a-w C:\WINDOWS\system32\snmpapi(2).dll
+ 2004-08-04 07:56:45 74,752 ----a-w C:\WINDOWS\system32\spoolss(2).dll
+ 2005-06-10 23:53:32 58,880 ----a-w C:\WINDOWS\system32\spoolsv(2).exe
+ 2004-08-04 07:56:45 67,584 ----a-w C:\WINDOWS\system32\srclient(2).dll
+ 2004-08-04 07:56:45 170,496 ----a-w C:\WINDOWS\system32\srsvc(2).dll
+ 2004-08-04 07:56:45 34,816 ----a-w C:\WINDOWS\system32\ssdpapi(2).dll
+ 2004-08-04 07:56:45 71,680 ----a-w C:\WINDOWS\system32\ssdpsrv(2).dll
+ 2004-08-04 07:56:45 67,584 ----a-w C:\WINDOWS\system32\sti(2).dll
+ 2004-08-04 07:56:45 121,856 ----a-w C:\WINDOWS\system32\stobject(2).dll
+ 2004-08-04 07:56:57 17,408 ----a-w C:\WINDOWS\system32\svchost(2).exe
+ 2006-10-19 13:56:32 713,216 ----a-w C:\WINDOWS\system32\sxs(2).dll
+ 2004-08-04 07:56:46 181,760 ----a-w C:\WINDOWS\system32\tapi32(2).dll
+ 2005-07-08 16:27:56 249,344 ----a-w C:\WINDOWS\system32\tapisrv(2).dll
+ 2004-08-04 07:56:46 45,568 ----a-w C:\WINDOWS\system32\tcpmon(2).dll
+ 2004-08-04 07:56:46 295,424 ----a-w C:\WINDOWS\system32\termsrv(2).dll
+ 2004-08-04 07:56:46 385,536 ----a-w C:\WINDOWS\system32\themeui(2).dll
+ 2004-08-04 07:56:46 90,624 ----a-w C:\WINDOWS\system32\trkwks(2).dll
+ 2005-08-23 03:35:42 123,392 ----a-w C:\WINDOWS\system32\umpnpmgr(2).dll
+ 2004-08-04 07:56:46 132,608 ----a-w C:\WINDOWS\system32\upnp(2).dll
+ 2004-08-04 07:56:46 37,888 ----a-w C:\WINDOWS\system32\url(2).dll
+ 2008-06-23 15:38:34 615,936 ----a-w C:\WINDOWS\system32\urlmon(2).dll
+ 2004-08-04 07:56:46 16,896 ----a-w C:\WINDOWS\system32\usbmon(2).dll
+ 2004-08-04 07:56:46 218,624 ----a-w C:\WINDOWS\system32\uxtheme(2).dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript(2).dll
+ 2004-08-04 07:56:46 18,944 ----a-w C:\WINDOWS\system32\version(2).dll
+ 2004-08-04 07:56:46 430,592 ----a-w C:\WINDOWS\system32\vssapi(2).dll
+ 2004-08-04 07:56:46 174,592 ----a-w C:\WINDOWS\system32\w32time(2).dll
+ 2004-08-04 07:56:42 185,856 ----a-w C:\WINDOWS\system32\wbem\framedyn(2).dll
+ 2004-08-04 07:56:46 18,944 ----a-w C:\WINDOWS\system32\wbem\wbemprox(2).dll
+ 2004-08-04 07:56:46 49,152 ----a-w C:\WINDOWS\system32\wdigest(2).dll
+ 2004-08-04 07:56:46 276,480 ----a-w C:\WINDOWS\system32\webcheck(2).dll
+ 2006-01-04 03:35:05 68,096 ----a-w C:\WINDOWS\system32\webclnt(2).dll
+ 2006-12-19 18:16:47 333,824 ----a-w C:\WINDOWS\system32\wiaservc(2).dll
+ 2004-08-04 07:56:46 351,232 ----a-w C:\WINDOWS\system32\winhttp(2).dll
+ 2008-06-23 15:38:34 659,456 ----a-w C:\WINDOWS\system32\wininet(2).dll
+ 2004-08-04 07:56:46 32,768 ----a-w C:\WINDOWS\system32\winipsec(2).dll
+ 2004-08-04 07:56:46 176,128 ----a-w C:\WINDOWS\system32\winmm(2).dll
+ 2004-08-04 07:56:46 16,896 ----a-w C:\WINDOWS\system32\winrnr(2).dll
+ 2004-08-04 07:56:46 99,328 ----a-w C:\WINDOWS\system32\winscard(2).dll
+ 2004-08-04 07:56:46 176,640 ----a-w C:\WINDOWS\system32\wintrust(2).dll
+ 2004-08-04 07:56:46 172,032 ----a-w C:\WINDOWS\system32\wldap32(2).dll
+ 2004-08-04 07:56:46 92,672 ----a-w C:\WINDOWS\system32\wlnotify(2).dll
+ 2004-08-04 07:56:35 5,632 ----a-w C:\WINDOWS\system32\wmi(2).dll
+ 2004-08-04 07:56:46 264,192 ----a-w C:\WINDOWS\system32\wow32(2).dll
+ 2004-08-04 07:56:46 82,944 ----a-w C:\WINDOWS\system32\ws2_32(2).dll
+ 2004-08-04 07:56:46 19,968 ----a-w C:\WINDOWS\system32\ws2help(2).dll
+ 2004-08-04 07:56:57 13,824 ----a-w C:\WINDOWS\system32\wscntfy(2).exe
+ 2004-08-04 07:56:46 81,408 ----a-w C:\WINDOWS\system32\wscsvc(2).dll
+ 2004-08-04 07:56:46 19,968 ----a-w C:\WINDOWS\system32\wshtcpip(2).dll
+ 2004-08-04 07:56:46 22,528 ----a-w C:\WINDOWS\system32\wsock32(2).dll
+ 2004-08-04 07:56:46 18,432 ----a-w C:\WINDOWS\system32\wtsapi32(2).dll
+ 2004-08-04 07:56:46 6,656 ----a-w C:\WINDOWS\system32\wuauserv(2).dll
+ 2004-08-04 07:56:46 51,712 ----a-w C:\WINDOWS\system32\wzcsapi(2).dll
+ 2004-08-04 07:56:46 359,936 ----a-w C:\WINDOWS\system32\wzcsvc(2).dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2wSysTray"="C:\Program Files\2Wire\2PortalMon.exe" [2003-10-10 393216]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-07 180269]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
2Wire Wireless Client Manager.lnk - C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE [2004-02-18 323584]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 1 (0x1)
"Btn_Search"= 2 (0x2)
"NoBandCustomize"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"VIDC.I263"= i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pnpsvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2004-09-01 11:26 66672 C:\Program Files\AIM95\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2003-01-31 09:42 1228800 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
--a------ 2003-07-14 14:30 98304 C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\ipmon32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2003-05-19 00:14 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-05-07 06:47 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
--a------ 2004-09-09 17:35 1597440 C:\Program Files\AWS\WeatherBug\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
--a------ 2006-07-21 16:19 129536 C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2002-05-03 10:06 364544 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a------ 2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RpcPatch"=2 (0x2)
"MDM"=2 (0x2)
"C-DillaSrv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
"nwiz"=nwiz.exe /install
"UpdReg"=C:\WINDOWS\Updreg.exe
"CTStartup"=C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
"Jet Detection"=C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-05 9344]
R1 BpCdrVsd;BpCdrVsd;C:\WINDOWS\system32\drivers\BpCdrVsd.sys [2002-12-12 7936]
R1 bpfinder;BACKPACK Finder;C:\WINDOWS\system32\DRIVERS\bpfinder.sys [2003-02-17 62279]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2003-01-31 389504]
R3 bpflt;BACKPACK Filter;C:\WINDOWS\system32\DRIVERS\bpflt.sys [2002-08-08 4538]
R3 wltwo48b;2Wire Wireless PC Card Driver;C:\WINDOWS\system32\DRIVERS\wltwo48b.sys [2003-08-10 170496]
S0 Cdr4vsd;Cdr4vsd;C:\WINDOWS\system32\drivers\Cdr4vsd.sys [2003-03-26 72032]
S1 af51f9f7;af51f9f7;C:\WINDOWS\system32\drivers\af51f9f7.sys [ ]
S2 pnpsvc;Plug and Play svc service;C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 AON325;AOpen AON-325 10/100M Fast Ethernet PCI Adapter;C:\WINDOWS\system32\DRIVERS\AON325.SYS [2001-04-16 24172]
S3 ATIPCXXX;ATI Parental control device;C:\WINDOWS\system32\DRIVERS\atipcxxx.sys [2001-08-17 10240]
S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP);C:\WINDOWS\system32\DRIVERS\atirtcap.sys [2001-08-17 49920]
S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);C:\WINDOWS\system32\DRIVERS\ativxbar.sys [2001-08-17 26624]
S3 bppccard;BACKPACK PC Card;C:\WINDOWS\system32\DRIVERS\bppccard.sys [2003-01-09 5493]
S3 bppnpdrv;BACKPACK Driver;C:\WINDOWS\system32\DRIVERS\bppnpdrv.sys [2003-02-17 19670]
S3 bpusbdrv;BACKPACK USB 1 Cable;C:\WINDOWS\system32\DRIVERS\bpusbdrv.sys [2003-02-06 109708]
S3 bpusbflt;BACKPACK USB Filter;C:\WINDOWS\system32\DRIVERS\bpusbflt.sys [2002-08-08 8333]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\sustucam.sys [2006-04-12 38016]
S3 SUSTUCAP;Susteen USB Cable Port Driver;C:\WINDOWS\system32\DRIVERS\sustucap.sys [2006-04-12 38016]
S3 SUSTUCAU;Susteen USB Cable USB Driver;C:\WINDOWS\system32\DRIVERS\sustucau.sys [2006-04-12 20096]
S3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS [2002-02-28 29056]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pnpsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bfee426-7b89-11dd-96c2-000feafaf926}]
\shell\autorun\command - G:\podcastready.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-14 C:\WINDOWS\Tasks\AB5C3A3B9183B003.job
- c:\docume~1\robert\applic~1\timeph~1\Slow Owns Wma.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\laefvq4y.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 13:38:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-10-14 13:41:36
ComboFix-quarantined-files.txt 2008-10-14 18:40:34
ComboFix2.txt 2008-10-12 01:12:51
ComboFix3.txt 2008-10-06 01:14:42
ComboFix4.txt 2008-09-20 05:06:10
ComboFix5.txt 2008-10-14 18:35:09

Pre-Run: 2,314,530,816 bytes free
Post-Run: 2,416,402,432 bytes free

491 --- E O F --- 2008-10-02 08:00:46
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware