I have tried deleting the account after we ran all theses tools. It still will not allow me to delete it.
I have two accounts. My account which is administrator, and IUSER_ADMIN.
I have tried deleting it in both modes. All the times before, I was only successful in Safe Mode, but I have tried both modes.
Here is the ComboFix log:
ComboFix 08-10-08.02 - IUSER_Admin 2008-10-08 17:48:15.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.605 [GMT -5:00]
Running from: C:\Documents and Settings\IUSER_Admin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\IUSER_Admin\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\IE4 Error Log.txt
.
((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))
.
2008-10-07 09:26 . 2008-10-07 09:26 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-10-05 16:37 . 2008-10-05 16:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-05 16:37 . 2008-10-05 16:37 <DIR> d-------- C:\Documents and Settings\IUSER_Admin\Application Data\Malwarebytes
2008-10-05 16:37 . 2008-10-05 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-05 16:37 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-05 16:37 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-05 16:35 . 2008-10-05 16:35 <DIR> d-------- C:\_OTMoveIt
2008-10-04 17:46 . 2008-10-08 17:48 <DIR> d-------- C:\quarantine
2008-10-02 15:38 . 2008-10-02 15:38 <DIR> d-------- C:\Program Files\VS Revo Group
2008-10-02 15:13 . 2008-10-02 15:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-02 14:44 . 2008-10-02 15:51 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-10-02 14:44 . 2008-10-02 14:44 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-10-02 14:33 . 2008-10-02 14:33 <DIR> d-------- C:\Documents and Settings\IUSER_Admin\Application Data\Share-to-Web Upload Folder
2008-10-02 14:32 . 2007-07-13 12:30 <DIR> d---s---- C:\Documents and Settings\IUSER_Admin\UserData
2008-10-02 14:32 . 2008-10-02 14:32 <DIR> d-------- C:\Documents and Settings\IUSER_Admin
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-08 16:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-08 15:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-08 09:50 --------- d-----w C:\Program Files\Spyware Doctor
2008-10-07 14:26 --------- d-----w C:\Program Files\Common Files\Real
2008-10-07 14:25 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-10-07 14:25 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-10-05 18:56 --------- d-----w C:\Program Files\lg_fwupdate
2008-09-08 09:23 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-09-07 06:20 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-09-07 04:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-09-03 15:53 --------- d-----w C:\Program Files\Sun
2008-09-03 15:53 --------- d-----w C:\Program Files\Java
2008-08-30 17:54 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-29 18:01 --------- d-----w C:\Program Files\Yahoo!
2008-08-23 19:31 --------- d-----w C:\Program Files\NOS
2008-08-23 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-08-23 19:28 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-08-23 01:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-14 23:23 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 03:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2004-10-01 20:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2004-08-04 01:07 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 01:07 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 01:07 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-08-04 01:07 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 01:07 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 01:07 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
2007-05-17 11:28 549,376 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 01:07 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 01:07 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- C:\WINDOWS\system32\svchost.exe ----
Company: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product Name: Microsoftr Windowsr Operating System
Copyright: c Microsoft Corporation. All rights reserved.
Original file name: svchost.exe
MD5: a4f27dd224f1ca2e5ae2fa67636c7dd2
------- Sigcheck -------
2004-08-03 20:07 14336 a4f27dd224f1ca2e5ae2fa67636c7dd2 C:\WINDOWS\system32\svchost.exe
.
((((((((((((((((((((((((((((( snapshot@2008-10-04_17.54.01.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-30 17:54:38 2,560 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-10-07 14:42:09 2,560 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-08-30 17:54:38 34,304 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-10-07 14:42:10 34,304 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-08-30 17:54:38 8,192 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-10-07 14:42:10 8,192 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-08-30 17:54:38 3,584 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-10-07 14:42:10 3,584 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-08-30 17:54:38 114,688 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2008-10-07 14:42:10 114,688 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-08-30 17:54:38 16,384 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-10-07 14:42:10 16,384 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-08-30 17:54:38 30,720 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-10-07 14:42:10 30,720 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-08-30 17:54:38 22,528 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-10-07 14:42:09 22,528 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-08-30 17:54:38 45,056 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-10-07 14:42:10 45,056 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-08-30 17:54:38 90,112 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-10-07 14:42:09 90,112 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2008-10-02 19:44:14 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-07 14:25:23 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-10-02 19:44:14 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-07 14:25:23 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-10-02 19:44:14 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-07 14:25:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-11 18:58:31 375,168 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2006-04-20 12:18:35 360,576 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2007-08-11 18:58:34 375,168 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2006-04-20 12:18:35 360,576 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2007-09-13 10:12:01 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2008-10-07 14:25:40 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
- 2007-09-13 10:12:07 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-10-07 14:25:45 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
- 2007-09-13 10:12:07 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2008-10-07 14:25:45 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
- 2007-09-13 10:12:27 185,688 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2008-10-07 14:26:04 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 11:07 4192 C:\Documents and Settings\Administrator\Application Data\ClearPlay Inc\ClearPlay Easy Updates\1.0.1.4\v_Oh2knowhim@hotmail.com
2008-08-01 12:16 4192 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP316\A0032551.com
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.0\Setup Files\READER9\Setup.exe
2008-06-12 02:10 341352 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP325\A0032740.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.0\Setup Files\Setup.exe
2008-06-12 02:10 308584 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP325\A0032741.exe
2008-10-07 05:30 51200 C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Current\VSCANDAT1000\DAT\0000\validate.exe
{5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP305\A0031484.exeC:\Program Files\Network Associates\Common Framework\McScript_InUse.exe
2008-10-03 05:30 51200 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP348\A0061623.exe
C:\Program Files\Adobe\Security Update\HotFix64.exe
2008-06-07 03:25 54272 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP324\A0032642.exe
2008-10-07 09:26 90112 C:\Program Files\Common Files\Real\Codecs\atrc.dll
2007-09-13 05:12 77824 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061456.dll
2008-10-07 09:26 77824 C:\Program Files\Common Files\Real\Codecs\cook.dll
2007-09-13 05:12 65536 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061455.dll
2008-10-07 09:26 106496 C:\Program Files\Common Files\Real\Codecs\drv1.dll
2007-09-13 05:12 102400 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061459.dll
2008-10-07 09:26 180224 C:\Program Files\Common Files\Real\Codecs\drv2.dll
2007-09-13 05:12 176128 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061460.dll
2008-10-07 09:26 286720 C:\Program Files\Common Files\Real\Codecs\drvc.dll
2007-09-13 05:12 266240 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061461.dll
2008-10-07 09:26 557056 C:\Program Files\Common Files\Real\Codecs\raac.dll
2007-09-13 05:12 552960 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061454.dll
2008-10-07 09:26 35328 C:\Program Files\Common Files\Real\Codecs\rv10.dll
2007-09-13 05:12 49152 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061462.dll
2008-10-07 09:26 57344 C:\Program Files\Common Files\Real\Codecs\rv20.dll
2007-09-13 05:12 57344 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061463.dll
2008-10-07 09:26 53248 C:\Program Files\Common Files\Real\Codecs\rv30.dll
2007-09-13 05:12 49152 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061464.dll
2008-10-07 09:26 49152 C:\Program Files\Common Files\Real\Codecs\rv40.dll
2007-09-13 05:12 49152 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061465.dll
2008-10-07 09:26 139264 C:\Program Files\Common Files\Real\Codecs\sipr.dll
2007-09-13 05:12 106496 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061453.dll
2008-10-07 09:26 163840 C:\Program Files\Common Files\Real\Common\objb3201.dll
2007-09-13 05:12 172032 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061489.dll
2008-10-07 09:25 1486848 C:\Program Files\Common Files\Real\Common\pnen3260.dll
2007-09-13 05:12 1310720 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061278.dll
2008-10-07 09:25 413696 C:\Program Files\Common Files\Real\Common\pngu3267.dll
2007-09-13 05:12 421888 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061350.dll
2008-10-07 09:25 12800 C:\Program Files\Common Files\Real\Common\pnrs3260.dll
2007-09-13 05:12 28672 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061351.dll
2008-10-07 09:26 147456 C:\Program Files\Common Files\Real\Common\rjbviz.dll
2007-09-13 05:12 147456 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061483.dll
2008-10-07 09:25 12288 C:\Program Files\Common Files\Real\Common\rppr3260.dll
2007-09-13 05:12 28672 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061347.dll
2008-10-07 09:26 26112 C:\Program Files\Common Files\Real\Common\rpun3260.dll
2007-09-13 05:12 36864 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061273.dll
2008-10-07 09:26 30208 C:\Program Files\Common Files\Real\Common\security.dll
2007-09-13 05:12 45056 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061546.dll
2008-10-07 09:25 81920 C:\Program Files\Common Files\Real\Common\twebbrowse.dll
2007-09-13 05:12 81920 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061317.dll
2008-10-07 09:26 110592 C:\Program Files\Common Files\Real\GToolbar\barcontrol.dll
2007-09-13 05:12 110592 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061498.dll
2008-10-07 09:26 1145896 C:\Program Files\Common Files\Real\GToolbar\googletoolbarinstaller.exe
2007-09-13 05:12 1145896 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061497.exe
C:\Program Files\Common Files\Real\GToolbar\googletoolbarinstaller98.exe
2007-09-13 05:12 733712 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061496.exe
2008-10-07 09:26 77824 C:\Program Files\Common Files\Real\Plugins\aacff.dll
2007-09-13 05:12 69632 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061503.dll
2008-10-07 09:26 135168 C:\Program Files\Common Files\Real\Plugins\audplin.dll
2007-09-13 05:12 86016 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061517.dll
2008-10-07 09:25 45056 C:\Program Files\Common Files\Real\Plugins\authmgr.dll
2007-09-13 05:11 53248 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061296.dll
2008-10-07 09:25 17408 C:\Program Files\Common Files\Real\Plugins\cdda3260.dll
2007-09-13 05:11 36864 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061295.dll
2008-10-07 09:25 25088 C:\Program Files\Common Files\Real\Plugins\clbascauth.dll
2007-09-13 05:11 40960 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061294.dll
2008-10-07 09:25 44032 C:\Program Files\Common Files\Real\Plugins\clntxres.dll
2007-09-13 05:12 53248 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061274.dll
2008-10-07 09:26 73728 C:\Program Files\Common Files\Real\Plugins\cont3260.dll
2007-09-13 05:12 65536 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061514.dll
2008-10-07 09:26 233472 C:\Program Files\Common Files\Real\Plugins\fpsechnd.dll
2007-09-13 05:12 233472 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061580.dll
2008-10-07 09:25 204800 C:\Program Files\Common Files\Real\Plugins\httpfsys.dll
2007-09-13 05:11 176128 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061293.dll
2008-10-07 09:25 49152 C:\Program Files\Common Files\Real\Plugins\hxsdp.dll
2007-09-13 05:11 40960 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061292.dll
2008-10-07 09:26 90112 C:\Program Files\Common Files\Real\Plugins\hxxml.dll
2007-09-13 05:12 86016 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061484.dll
2008-10-07 09:26 507904 C:\Program Files\Common Files\Real\Plugins\imgrender.dll
2007-09-13 05:12 532480 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061474.dll
2008-10-07 09:25 86016 C:\Program Files\Common Files\Real\Plugins\memfsys.dll
2007-09-13 05:11 77824 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061291.dll
2008-10-07 09:26 53248 C:\Program Files\Common Files\Real\Plugins\mp3fformat.dll
2007-09-13 05:12 45056 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061481.dll
2008-10-07 09:26 69632 C:\Program Files\Common Files\Real\Plugins\mp3metaff.dll
2007-09-13 05:12 65536 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061482.dll
2008-10-07 09:26 163840 C:\Program Files\Common Files\Real\Plugins\mp3render.dll
2007-09-13 05:12 151552 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061480.dll
2008-10-07 09:26 135168 C:\Program Files\Common Files\Real\Plugins\mp4arender.dll
2007-09-13 05:12 126976 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061502.dll
2008-10-07 09:26 90112 C:\Program Files\Common Files\Real\Plugins\mp4fformat.dll
2007-09-13 05:12 73728 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061501.dll
2008-10-07 09:26 122880 C:\Program Files\Common Files\Real\Plugins\mp4wrtr.dll
2007-09-13 05:12 98304 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061524.dll
2008-10-07 09:26 69632 C:\Program Files\Common Files\Real\Plugins\mpgfformat.dll
2007-09-13 05:12 69632 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061520.dll
2008-10-07 09:26 184320 C:\Program Files\Common Files\Real\Plugins\mpgrender.dll
2007-09-13 05:12 172032 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061519.dll
2008-10-07 09:25 29184 C:\Program Files\Common Files\Real\Plugins\ntlmauth.dll
2007-09-13 05:12 45056 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061290.dll
2008-10-07 09:25 364544 C:\Program Files\Common Files\Real\Plugins\pacplin.dll
2007-09-13 05:12 360448 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061289.dll
2008-10-07 09:26 65536 C:\Program Files\Common Files\Real\Plugins\pdgenxferfsys.dll
2007-09-13 05:12 73728 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061592.dll
2008-10-07 09:25 73728 C:\Program Files\Common Files\Real\Plugins\plusplin.dll
2007-09-13 05:12 57344 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061288.dll
2008-10-07 09:25 24064 C:\Program Files\Common Files\Real\Plugins\pxcb3210.dll
2007-09-13 05:12 40960 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061287.dll
2008-10-07 09:25 31744 C:\Program Files\Common Files\Real\Plugins\ramfformat.dll
2007-09-13 05:12 45056 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061286.dll
2008-10-07 09:25 77824 C:\Program Files\Common Files\Real\Plugins\ramrender.dll
2007-09-13 05:12 57344 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061285.dll
2008-10-07 09:26 159744 C:\Program Files\Common Files\Real\Plugins\rarender.dll
2007-09-13 05:12 151552 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061457.dll
2008-10-07 09:26 19968 C:\Program Files\Common Files\Real\Plugins\recf3260.dll
2007-09-13 05:12 36864 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061515.dll
2008-10-07 09:25 184320 C:\Program Files\Common Files\Real\Plugins\rmfformat.dll
2007-09-13 05:12 176128 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061284.dll
2008-10-07 09:26 278528 C:\Program Files\Common Files\Real\Plugins\rmwrtr.dll
2007-09-13 05:12 282624 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061523.dll
2008-10-07 09:26 35328 C:\Program Files\Common Files\Real\Plugins\rmxfpln.dll
2007-09-13 05:12 65536 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061553.dll
2008-10-07 09:26 90112 C:\Program Files\Common Files\Real\Plugins\rmxrend.dll
2007-09-13 05:12 106496 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061544.dll
2008-10-07 09:25 53248 C:\Program Files\Common Files\Real\Plugins\rn5auth.dll
2007-09-13 05:12 45056 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061283.dll
2008-10-07 09:26 114688 C:\Program Files\Common Files\Real\Plugins\rtfformat.dll
2007-09-13 05:12 110592 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061473.dll
2008-10-07 09:26 135168 C:\Program Files\Common Files\Real\Plugins\rtrender.dll
2007-09-13 05:12 122880 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061472.dll
2008-10-07 09:26 159744 C:\Program Files\Common Files\Real\Plugins\rvrender.dll
2007-09-13 05:12 172032 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061458.dll
2008-10-07 09:26 49152 C:\Program Files\Common Files\Real\Plugins\sdpplin.dll
2007-09-13 05:12 45056 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061477.dll
2008-10-07 09:26 30208 C:\Program Files\Common Files\Real\Plugins\security.dll
2007-09-13 05:12 45056 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061545.dll
2008-10-07 09:25 61440 C:\Program Files\Common Files\Real\Plugins\smlfformat.dll
2007-09-13 05:12 61440 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061282.dll
2008-10-07 09:25 520192 C:\Program Files\Common Files\Real\Plugins\smlrender.dll
2007-09-13 05:12 532480 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061281.dll
2008-10-07 09:25 61440 C:\Program Files\Common Files\Real\Plugins\smmrender.dll
2007-09-13 05:12 57344 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061280.dll
2008-10-07 09:25 86016 C:\Program Files\Common Files\Real\Plugins\smplfsys.dll
2007-09-13 05:12 69632 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061277.dll
2008-10-07 09:26 17920 C:\Program Files\Common Files\Real\Plugins\stubdrm.dll
2007-09-13 05:12 32768 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061476.dll
2008-10-07 09:26 114688 C:\Program Files\Common Files\Real\Plugins\swfformat.dll
2007-09-13 05:12 94208 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061467.dll
2008-10-07 09:26 630784 C:\Program Files\Common Files\Real\Plugins\swfrender.dll
2007-09-13 05:12 614400 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061466.dll
2008-10-07 09:26 57344 C:\Program Files\Common Files\Real\Plugins\tfilesys.dll
2007-09-13 05:12 57344 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061552.dll
2008-10-07 09:26 176128 C:\Program Files\Common Files\Real\Plugins\vidplin.dll
2007-09-13 05:12 167936 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061518.dll
2008-10-07 09:25 376832 C:\Program Files\Common Files\Real\Plugins\vidsite.dll
2007-09-13 05:12 376832 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061279.dll
2008-10-07 09:26 172032 C:\Program Files\Common Files\Real\Plugins\wm9fformat.dll
2007-09-13 05:12 176128 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061510.dll
2008-10-07 09:26 14848 C:\Program Files\Common Files\Real\Plugins\wm9writer.dll
2007-09-13 05:12 28672 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061509.dll
2008-10-07 09:26 172032 C:\Program Files\Common Files\Real\Plugins\wmsechnd.dll
2007-09-13 05:12 180224 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061507.dll
2008-10-07 09:25 167936 C:\Program Files\Common Files\Real\Plugins\zipf3260.dll
2007-09-13 05:12 172032 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061276.dll
2008-10-07 09:26 139264 C:\Program Files\Common Files\Real\RCAPlugins\gct23201.dll
2007-09-13 05:12 155648 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061488.dll
2008-10-07 09:26 77824 C:\Program Files\Common Files\Real\RCAPlugins\gema3201.dll
2007-09-13 05:12 90112 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061491.dll
2008-10-07 09:26 450560 C:\Program Files\Common Files\Real\RCAPlugins\gemx3201.dll
2007-09-13 05:12 450560 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061490.dll
2008-10-07 09:26 102400 C:\Program Files\Common Files\Real\RCAPlugins\locd3210.dll
2007-09-13 05:12 102400 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061513.dll
2008-10-07 09:26 724992 C:\Program Files\Common Files\Real\RCAPlugins\rpcontrols1.dll
2007-09-13 05:12 757760 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061486.dll
2008-10-07 09:26 647168 C:\Program Files\Common Files\Real\RCAPlugins\rpcontrols2.dll
2007-09-13 05:12 692224 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061485.dll
2008-10-07 09:26 348160 C:\Program Files\Common Files\Real\RCAPlugins\sonr3210.dll
2007-09-13 05:12 196608 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061516.dll
2008-10-07 09:26 389120 C:\Program Files\Common Files\Real\RCAPlugins\uisy3201.dll
2007-09-13 05:12 446464 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061487.dll
2008-10-07 09:26 57344 C:\Program Files\Common Files\Real\RCAPlugins\xmlc3201.dll
2007-09-13 05:12 53248 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061492.dll
2008-10-07 09:25 368640 C:\Program Files\Common Files\Real\Update_OB\faus3270.dll
2007-09-13 05:11 397312 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061266.dll
2008-10-07 09:25 24064 C:\Program Files\Common Files\Real\Update_OB\pnmi3270.dll
2007-09-13 05:11 36864 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061267.dll
2008-10-07 09:25 192512 C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe
2007-09-13 05:11 193816 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061259.exe
2008-10-07 09:25 69632 C:\Program Files\Common Files\Real\Update_OB\realonemessagecenter.exe
2007-09-13 05:11 69632 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061270.exe
2008-10-07 09:25 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2007-09-13 05:11 185632 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061269.exe
2008-10-07 09:25 98304 C:\Program Files\Common Files\Real\Update_OB\rnad3201.dll
2007-09-13 05:11 98304 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061268.dll
2008-10-07 09:25 319488 C:\Program Files\Common Files\Real\Update_OB\rnms3270.dll
2007-09-13 05:11 335872 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061272.dll
2008-10-07 09:25 303104 C:\Program Files\Common Files\Real\Update_OB\rnqu3270.dll
2007-09-13 05:11 311296 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061265.dll
2008-10-07 09:25 176128 C:\Program Files\Common Files\Real\Update_OB\rnup3270.dll
2007-09-13 05:11 184320 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061264.dll
2008-10-07 09:25 58952 C:\Program Files\Common Files\Real\Update_OB\rnxproc.exe
2007-09-13 05:11 58648 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061271.exe
2008-10-07 09:25 79424 C:\Program Files\Common Files\Real\Update_OB\rpelevation.dll
2007-09-13 05:11 124480 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061260.dll
2008-10-07 09:25 311296 C:\Program Files\Common Files\Real\Update_OB\setu3270.dll
2007-09-13 05:11 311296 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061261.dll
2008-10-07 09:25 323584 C:\Program Files\Common Files\Real\Update_OB\upgr3270.dll
2007-09-13 05:11 348160 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061263.dll
2008-10-07 09:25 136768 C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe
2007-09-13 05:11 335872 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP347\A0061262.exe
C:\Program Files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20080825.020\CCERASER.DLL
2008-08-25 09:15 2389552 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP342\A0058854.DLL
C:\Program Files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20080825.020\ECMSVR32.DLL
2008-08-25 09:15 259440 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP342\A0058855.DLL
C:\Program Files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20080825.020\EECTRL.SYS
2008-08-25 09:15 371248 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP342\A0058856.SYS
C:\Program Files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20080825.020\ERASER.SYS
2008-08-25 09:15 99376 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP342\A0058858.SYS
C:\Program Files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20080825.020\hub.scr
2008-08-25 09:15 750 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP342\A0058859.scr
C:\Program Files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20080825.020\NAVENG.SYS
2008-08-25 09:15 89104 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP342\A0058860.SYS
C:\Program Files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20080825.020\NAVENG32.DLL
2008-08-25 09:15 177520 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP342\A0058861.DLL
C:\Program Files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20080825.020\NAVEX15.SYS
2008-08-25 09:15 873552 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP342\A0058862.SYS
C:\Program Files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20080825.020\NAVEX32A.DLL
2008-08-25 09:15 1176944 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP342\A0058863.DLL
C:\Program Files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20080906.003\CCERASER.DLL
2008-09-06 03:00 2393648 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP342\A0058839.DLL
C:\Program Files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20080906.003\ECMSVR32.DLL
2008-08-25 09:15 259440 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP342\A0058840.DLL
C:\Program Files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20080906.003\EECTRL.SYS
2008-09-06 03:00 371248 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP342\A0058841.SYS
C:\Program Files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20080906.003\ERASER.SYS
2008-09-06 03:00 99376 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP342\A0058843.SYS
C:\Program Files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20080906.003\hub.scr
2008-08-25 09:15 750 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP342\A0058844.scr
C:\Program Files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20080906.003\NAVENG.SYS
2008-08-25 09:15 89104 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP342\A0058845.SYS
C:\Program Files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20080906.003\NAVENG32.DLL
2008-08-25 09:15 177520 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP342\A0058846.DLL
C:\Program Files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20080906.003\NAVEX15.SYS
2008-08-25 09:15 873552 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP342\A0058847.SYS
C:\Program Files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20080906.003\NAVEX32A.DLL
2008-08-25 09:15 1176944 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP342\A0058848.DLL
C:\Program Files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\cceraser.dll
2008-08-25 09:15 2389552 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP342\A0058869.dll
C:\Program Files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ecmsvr32.dll
2008-08-25 09:15 259440 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP342\A0058870.dll
C:\Program Files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\eeCtrl.sys
2008-08-25 09:15 371248 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP342\A0058871.sys
C:\Program Files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.sys
2008-08-25 09:15 99376 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP342\A0058873.sys
C:\Program Files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\naveng.sys
2008-10-03 16:42 0 {5F4FB6B3-215B-49B2-9F5A-71D03C12310C}\RP342
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 TLRecAgent;TLRecAgent;C:\WINDOWS\system32\DRIVERS\TLRecAgent.sys [2008-03-13 36976]
R2 KodakSvc;Kodak AiO Device Service;C:\Program Files\Kodak\printer\center\KodakSvc.exe [2008-02-28 18944]
R2 VService;VService;C:\Program Files\Zoom\Zoom Phone Adaptor\VServ.exe [2008-01-17 104976]
S3 scusbvip;VL1800 USB Driver;C:\WINDOWS\system32\DRIVERS\scusbvip.sys [2008-03-13 609936]
S3 SLVAD_simple;Zoom Virtual Audio Device;C:\WINDOWS\system32\drivers\slvad.sys [2008-03-13 84912]
*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder
2008-08-28 C:\WINDOWS\Tasks\EasyShare Registration Task.job
- C:\WINDOWS\system32\rundll32.exe [2004-08-03 20:07]
2008-10-02 C:\WINDOWS\Tasks\Norton Security Scan for IUSER_Admin.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-08 17:50:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-08 17:52:15
ComboFix-quarantined-files.txt 2008-10-08 22:52:11
ComboFix2.txt 2008-10-05 16:57:45
ComboFix3.txt 2008-10-04 23:31:58
ComboFix4.txt 2008-10-04 22:54:44
Pre-Run: 23,833,784,320 bytes free
Post-Run: 23,874,011,136 bytes free
431 --- E O F --- 2008-07-30 17:48:44
********************************************************************************************
----------------------------------------------------------------------------------------------------------------------
Here is the new HiJackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:46 PM, on 10/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Zoom\Zoom Phone Adaptor\ZoomMonitor.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zoom\Zoom Phone Adaptor\VServ.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [ZoomMonitor.exe] C:\Program Files\Zoom\Zoom Phone Adaptor\ZoomMonitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4348352218
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5585284843
O16 - DPF: {FD7C00A9-E676-11D6-A08E-00E09878F0CF} - https://vpn.uth.tmc.edu/vpns/scripts/nsload.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VService - Unknown owner - C:\Program Files\Zoom\Zoom Phone Adaptor\VServ.exe
--
End of file - 8519 bytes