by micronacid » January 11th, 2007, 2:49 pm
thanks for the help here is the combofix log
wess - 07-01-11 13:46:51.98 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Program Files\Mozilla Firefox"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\{0086BA5A-044D-1033-0216-010229000001}
C:\Program Files\Common Files\{3086BA5A-044D-1033-0216-010229000001}
((((((((((((((((((((((((((((((( Files Created from 2006-12-11 to 2007-01-11 ))))))))))))))))))))))))))))))))))
2007-01-11 06:08 <DIR> d-------- C:\SDFix
2007-01-11 05:35 <DIR> d-------- C:\Documents and Settings\wess\Application Data\abelhadigital.com
2007-01-11 05:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\abelhadigital.com
2007-01-11 05:34 <DIR> d-------- C:\Program Files\HostsMan
2007-01-11 04:38 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-11 04:34 444 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-11 03:49 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-11 02:11 <DIR> d-------- C:\Program Files\Google
2007-01-10 20:10 <DIR> d-------- C:\Program Files\Dorgem
2007-01-10 14:32 <DIR> d-------- C:\Program Files\ItsDeductible2006
2007-01-10 14:32 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Intuit
2007-01-10 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2007-01-10 14:29 1,716,297 --------- C:\WINDOWS\system32\InetClnt.dll
2007-01-10 14:29 <DIR> d-------- C:\Program Files\Common Files\Intuit
2007-01-10 14:28 <DIR> d-------- C:\Program Files\TurboTax
2007-01-10 14:28 <DIR> d-------- C:\Documents and Settings\wess\Application Data\InstallShield
2007-01-09 22:26 92,672 --a------ C:\WINDOWS\system32\See32.dll
2007-01-09 22:26 57,856 --a------ C:\WINDOWS\system32\Fce32.dll
2007-01-09 22:26 57,856 --a------ C:\WINDOWS\Fce32.dll
2007-01-09 22:26 45,056 --a------ C:\WINDOWS\system32\offer.exe
2007-01-09 22:26 389,120 --a------ C:\WINDOWS\system32\ImgX4.dll
2007-01-09 22:26 <DIR> d-------- C:\Program Files\Easy Web Cam
2007-01-09 22:19 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-01-09 22:19 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-01-09 22:19 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-01-09 22:19 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-01-09 22:19 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-01-09 22:18 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-01-09 22:18 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-01-09 22:18 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-01-09 22:18 <DIR> d-------- C:\WINDOWS\OvtCam
2007-01-09 22:16 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-01-09 22:15 61,440 --a------ C:\WINDOWS\ov519dib.dll
2007-01-09 22:15 40,960 --a------ C:\WINDOWS\system32\ov519ext.dll
2007-01-09 22:15 40,960 --a------ C:\WINDOWS\CleanDev.exe
2007-01-09 22:15 32,528 --a------ C:\WINDOWS\amcap.exe
2007-01-09 22:15 307,200 --a------ C:\WINDOWS\vidcap32.exe
2007-01-09 22:15 25,211 --a------ C:\WINDOWS\system32\drivers\ov519cmd.sys
2007-01-09 22:15 200,704 --a------ C:\WINDOWS\sel3110.exe
2007-01-09 22:15 174,530 --a------ C:\WINDOWS\system32\drivers\ov519vid.sys
2007-01-09 22:15 16,426 --a------ C:\WINDOWS\system32\ov519usd.dll
2007-01-09 22:15 135,168 --a------ C:\WINDOWS\ov519cap.exe
2007-01-09 22:07 <DIR> d-------- C:\WINDOWS\eyetoy
2007-01-09 22:07 <DIR> d-------- C:\Program Files\Eyetoy
2007-01-09 21:48 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-01-09 04:03 <DIR> dr-h----- C:\Documents and Settings\wess\Application Data\yahoo!
2007-01-09 03:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2007-01-08 23:20 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Jasc Software Inc
2007-01-08 23:19 <DIR> d-------- C:\Program Files\Jasc Software Inc
2007-01-08 20:23 <DIR> d-------- C:\Program Files\WS_FTP
2007-01-07 23:07 <DIR> d-------- C:\Program Files\HighGrow
2007-01-07 19:35 299,520 --a------ C:\WINDOWS\uninst.exe
2007-01-07 19:35 <DIR> d-------- C:\Documents and Settings\wess\WINDOWS
2007-01-07 07:30 <DIR> d-------- C:\Program Files\avisplit
2007-01-07 07:28 43,602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2007-01-07 07:27 <DIR> d-------- C:\Program Files\Gabest
2007-01-06 22:40 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Ahead
2007-01-06 22:37 <DIR> d-------- C:\Program Files\Nero
2007-01-06 22:37 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-01-06 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-01-06 21:32 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-01-06 21:32 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-01-06 21:32 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-01-06 21:32 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-01-06 21:32 <DIR> d-------- C:\Program Files\Cucusoft
2007-01-06 19:06 <DIR> d-------- C:\Program Files\Any Video Converter
2007-01-06 06:54 <DIR> d-------- C:\Documents and Settings\wess\Application Data\MySpace
2007-01-06 06:53 <DIR> d-------- C:\Program Files\MySpace
2007-01-05 20:44 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-01-05 10:15 <DIR> d-------- C:\Program Files\PowerISO
2007-01-05 10:08 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-01-04 20:35 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Wing IDE 2
2007-01-04 20:28 <DIR> d-------- C:\Python
2007-01-04 20:17 <DIR> d-------- C:\Program Files\Wing IDE 2.1
2007-01-04 19:52 <DIR> d-------- C:\Documents and Settings\wess\.idlerc
2007-01-04 19:47 <DIR> d-------- C:\Python25
2007-01-04 10:57 <DIR> d-------- C:\WINDOWS\nview
2007-01-04 10:50 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-01-04 10:43 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-01-04 10:07 <DIR> d-------- C:\Documents and Settings\wess\Application Data\acccore
2007-01-04 07:49 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Adobe
2007-01-04 00:55 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-01-03 23:58 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-01-03 23:58 <DIR> d-------- C:\Program Files\Adobe
2007-01-03 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-01-02 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-01-02 19:49 <DIR> d-------- C:\Program Files\VisualTooltip
2007-01-02 19:49 <DIR> d-------- C:\Program Files\Vista Sidebar
2007-01-02 19:49 <DIR> d-------- C:\Program Files\Blaero Start Orb
2007-01-02 19:49 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Stardock
2007-01-02 19:43 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2007-01-02 19:43 69,632 --a------ C:\WINDOWS\system32\moveex.exe
2007-01-02 19:10 720,412 --a------ C:\WINDOWS\system32\MGB_ScreenSaver.scr
2007-01-02 19:10 7,287,808 --a------ C:\WINDOWS\system32\vistaui.exe
2007-01-02 19:10 414,223 --a------ C:\WINDOWS\system32\vimc.exe
2007-01-02 19:10 382,976 --a------ C:\WINDOWS\system32\Vista.scr
2007-01-02 19:10 <DIR> d-------- C:\WINDOWS\system32\VITrans
2007-01-02 19:10 <DIR> d-------- C:\Program Files\LClock
2007-01-02 19:06 81,920 --a------ C:\WINDOWS\system32\closeapp.exe
2007-01-02 19:06 19,968 --a------ C:\WINDOWS\system32\reico.exe
2007-01-02 19:06 111,104 --a------ C:\WINDOWS\system32\uharc.exe
2007-01-02 19:06 <DIR> d-------- C:\VTPFiles
2007-01-01 23:21 <DIR> d-------- C:\Program Files\nLite
2007-01-01 17:17 <DIR> d-------- C:\Program Files\pspvideo9
2007-01-01 17:17 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-01-01 17:15 <DIR> dr--s---- C:\WINDOWS\assembly
2007-01-01 17:15 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-01-01 17:15 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2007-01-01 14:54 <DIR> d-------- C:\temp
2007-01-01 14:53 <DIR> d-------- C:\Program Files\PQDVD
2007-01-01 00:09 <DIR> d-------- C:\Documents and Settings\wess\Application Data\VMware
2006-12-31 23:55 9,600 -ra------ C:\WINDOWS\system32\drivers\vmnetadapter.sys
2006-12-31 23:55 5,120 -ra------ C:\WINDOWS\system32\vnetinst.dll
2006-12-31 23:55 10,240 -ra------ C:\WINDOWS\system32\drivers\vmnet.sys
2006-12-31 23:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VMware
2006-12-31 23:42 <DIR> d-------- C:\Program Files\MagicISO
2006-12-31 21:53 <DIR> d-------- C:\Program Files\foobar2000
2006-12-31 19:46 <DIR> d-------- C:\Program Files\NSIS
2006-12-31 15:43 720,896 --a------ C:\WINDOWS\iun6002ev.exe
2006-12-31 15:42 <DIR> d-------- C:\Program Files\Bejeweled 2 Deluxe
2006-12-30 21:13 <DIR> d-------- C:\Program Files\Gaim
2006-12-30 17:50 <DIR> d-------- C:\Program Files\Toolkit3
2006-12-30 17:48 <DIR> d-------- C:\Documents and Settings\wess\Application Data\uk.co.planetside
2006-12-30 17:45 <DIR> d-------- C:\Program Files\Terragen
2006-12-30 11:32 <DIR> d---s---- C:\Documents and Settings\wess\UserData
2006-12-30 01:31 <DIR> d-------- C:\Program Files\SiSoftware
2006-12-30 00:29 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Apple Computer
2006-12-30 00:27 <DIR> d-------- C:\Program Files\QuickTime
2006-12-30 00:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2006-12-29 20:19 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Help
2006-12-29 16:37 <DIR> d-------- C:\WINDOWS\Minidump
2006-12-29 16:26 <DIR> d-------- C:\Program Files\Project64 1.6
2006-12-29 15:54 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2006-12-29 15:53 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2006-12-29 15:53 <DIR> d-------- C:\Program Files\VIA
2006-12-29 15:52 203,648 --a------ C:\WINDOWS\system32\drivers\vinyl97.sys
2006-12-29 02:19 <DIR> d-------- C:\Documents and Settings\wess\Application Data\vlc
2006-12-29 02:17 <DIR> d-------- C:\Program Files\VideoLAN
2006-12-28 19:54 <DIR> d-------- C:\Documents and Settings\wess\Application Data\OpenOffice.org2
2006-12-28 19:49 <DIR> d-------- C:\Program Files\OpenOffice.org 2.1
2006-12-28 18:47 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2006-12-28 18:47 <DIR> d-------- C:\Program Files\VstPlugins
2006-12-28 18:45 <DIR> d-------- C:\Program Files\Image-Line
2006-12-28 16:00 <DIR> d-------- C:\Documents and Settings\wess\Application Data\.gaim
2006-12-28 15:58 <DIR> d-------- C:\Program Files\Aspell
2006-12-28 15:57 <DIR> d-------- C:\Program Files\Common Files\GTK
2006-12-28 14:17 <DIR> dr-h----- C:\$VAULT$.AVG
2006-12-28 13:48 <DIR> d-------- C:\Program Files\Soulseek
2006-12-28 13:09 <DIR> d-------- C:\Documents and Settings\wess\Application Data\AVG7
2006-12-28 13:08 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-12-28 13:08 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-12-28 13:08 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-12-28 13:08 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-12-28 13:08 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-12-28 13:08 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-12-28 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2006-12-28 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2006-12-28 12:21 <DIR> d-------- C:\Documents and Settings\wess\Incomplete
2006-12-28 12:21 <DIR> d-------- C:\Documents and Settings\wess\Application Data\FrostWire
2006-12-28 12:20 <DIR> d-------- C:\Program Files\FrostWire
2006-12-28 12:04 <DIR> d-------- C:\Program Files\uTorrent
2006-12-28 12:04 <DIR> d-------- C:\Documents and Settings\wess\Application Data\uTorrent
2006-12-28 11:52 <DIR> d-------- C:\Program Files\BitComet
2006-12-28 11:44 <DIR> d-------- C:\Documents and Settings\wess\Application Data\.ABC
2006-12-28 11:38 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Uniblue
2006-12-28 04:47 <DIR> d-------- C:\Program Files\Common Files\Softwin
2006-12-28 03:54 <DIR> d-------- C:\Documents and Settings\wess\Application Data\fltk.org
2006-12-28 03:26 <DIR> d-------- C:\Program Files\Miranda IM
2006-12-28 02:38 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-28 02:38 <DIR> d-------- C:\Program Files\Grisoft
2006-12-28 02:23 <DIR> d-------- C:\Program Files\Viewpoint
2006-12-28 02:23 <DIR> d-------- C:\Program Files\AOD
2006-12-28 02:23 <DIR> d-------- C:\Program Files\AIM
2006-12-28 02:19 <DIR> d-------- C:\WINDOWS\Sun
2006-12-28 02:17 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2006-12-28 02:17 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2006-12-28 01:47 <DIR> d-------- C:\WINDOWS\Prefetch
2006-12-28 01:41 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-12-28 01:19 <DIR> d-------- C:\WINDOWS\provisioning
2006-12-28 01:19 <DIR> d-------- C:\WINDOWS\peernet
2006-12-28 01:16 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2006-12-28 01:12 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2006-12-28 01:11 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-12-28 01:08 <DIR> d-------- C:\WINDOWS\EHome
2006-12-28 01:00 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-12-28 00:47 <DIR> d-------- C:\Program Files\Java
2006-12-28 00:47 <DIR> d-------- C:\Program Files\Common Files\Java
2006-12-28 00:42 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2006-12-28 00:42 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Sun
2006-12-28 00:15 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2006-12-28 00:15 <DIR> d-------- C:\Program Files\SpywareBlaster
2006-12-28 00:05 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-28 00:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-12-27 23:58 <DIR> d--hs---- C:\WINDOWS\d2Vzcw
2006-12-27 23:53 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-12-27 23:53 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-12-27 23:53 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll
2006-12-27 23:53 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-12-27 23:53 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-12-27 23:53 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2006-12-27 23:53 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-12-27 23:53 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-12-27 23:53 397,824 --a------ C:\WINDOWS\system32\rpcss.dll
2006-12-27 23:53 243,200 --a------ C:\WINDOWS\system32\es.dll
2006-12-27 23:53 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-12-27 23:53 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-12-27 23:53 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-12-27 23:53 101,376 --a------ C:\WINDOWS\system32\txflog.dll
2006-12-27 23:53 1,285,120 --a------ C:\WINDOWS\system32\ole32.dll
2006-12-27 23:53 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-12-27 23:52 77,312 --a------ C:\WINDOWS\system32\browser.dll
2006-12-27 23:52 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2006-12-27 23:52 39,936 --a------ C:\WINDOWS\system32\mf3216.dll
2006-12-27 23:52 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-12-27 23:47 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-12-27 23:45 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2006-12-27 23:45 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2006-12-27 23:23 <DIR> d--hs---- C:\WINDOWS\CSC
2006-12-27 22:29 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2006-12-27 22:29 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-27 22:29 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2006-12-27 22:29 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-27 22:29 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-27 22:29 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-27 22:06 <DIR> d-------- C:\Documents and Settings\wess\Application Data\MSN6
2006-12-27 22:04 <DIR> d-------- C:\Program Files\MSN Messenger
2006-12-27 21:51 <DIR> d-------- C:\Documents and Settings\wess\Application Data\MSNInstaller
2006-12-27 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2006-12-27 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2006-12-27 21:44 69,632 --a------ C:\WINDOWS\system32\MCCDevice.dll
2006-12-27 21:44 6,048 --a------ C:\WINDOWS\system32\MCC16.dll
2006-12-27 21:44 <DIR> d-------- C:\Program Files\Common Files\Motive
2006-12-27 21:42 <DIR> d-------- C:\WINDOWS\bin
2006-12-27 21:42 <DIR> d-------- C:\Program Files\Verizon
2006-12-27 21:42 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Verizon
2006-12-27 21:41 <DIR> d-------- C:\Program Files\PlayLinc
2006-12-27 13:13 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Lavasoft
2006-12-27 12:42 <DIR> d-------- C:\Documents and Settings\wess\Application Data\.TrueSwordSettings
2006-12-26 13:42 <DIR> d-------- C:\Program Files\Sonic
2006-12-26 13:21 <DIR> d-------- C:\WINDOWS\system32\bits
2006-12-26 13:19 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-12-26 13:19 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-12-26 13:19 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2006-12-26 13:19 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2006-12-26 13:19 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-12-26 06:11 <DIR> d--hs---- C:\found.000
2006-12-26 03:14 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-12-26 03:14 <DIR> d-------- C:\Program Files\Common Files\ikof
2006-12-26 02:39 <DIR> d-------- C:\Program Files\DOSBox-0.65
2006-12-26 02:20 737,280 --a------ C:\WINDOWS\iun6002.exe
2006-12-26 02:20 <DIR> d-------- C:\Program Files\Manual Viewer
2006-12-26 00:49 22,541 ---hs---- C:\WINDOWS\system32\nnnmnno.dll
2006-12-25 21:59 428,824 --a------ C:\WINDOWS\system32\wuapi.dll
2006-12-25 21:59 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-12-25 21:59 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-12-25 21:59 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-12-25 21:59 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-12-25 21:59 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-12-25 21:59 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2006-12-25 20:43 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2006-12-24 09:06 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-12-24 07:47 198,424 --a------ C:\WINDOWS\system32\iuengine.dll
2006-12-24 07:04 <DIR> d-------- C:\Program Files\WinRAR
2006-12-24 06:41 <DIR> d-------- C:\Program Files\7-Zip
2006-12-24 05:36 <DIR> d-------- C:\Program Files\BearShare Applications
2006-12-24 03:58 <DIR> d-------- C:\WINDOWS\pss
2006-12-24 00:20 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Leadertech
2006-12-24 00:19 53,248 --a------ C:\WINDOWS\PalmDevC.dll
2006-12-24 00:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2006-12-24 00:18 <DIR> d-------- C:\Program Files\palmOne
2006-12-24 00:17 <DIR> d-------- C:\Documents and Settings\wess\Application Data\HotSync
2006-12-24 00:16 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2006-12-24 00:14 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2006-12-24 00:13 <DIR> d--h-c--- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
2006-12-23 23:53 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Syntrillium
2006-12-23 22:21 896,512 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2006-12-23 22:21 87,040 --a------ C:\WINDOWS\system32\drmstor.dll
2006-12-23 22:21 809,984 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-12-23 22:21 759,296 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-12-23 22:21 695,296 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-12-23 22:21 670,720 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-12-23 22:21 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2006-12-23 22:21 484,864 --a------ C:\WINDOWS\system32\wmspdmod.dll
2006-12-23 22:21 408,064 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-12-23 22:21 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2006-12-23 22:21 310,272 --a------ C:\WINDOWS\system32\mp43dmod.dll
2006-12-23 22:21 299,520 --a------ C:\WINDOWS\system32\drmclien.dll
2006-12-23 22:21 286,208 --a------ C:\WINDOWS\system32\blackbox.dll
2006-12-23 22:21 259,072 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-12-23 22:21 240,640 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-12-23 22:21 237,568 --a------ C:\WINDOWS\system32\qasf.dll
2006-12-23 22:21 230,400 --a------ C:\WINDOWS\system32\wmasf.dll
2006-12-23 22:21 2,174,976 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-23 22:21 151,552 --a------ C:\WINDOWS\system32\wmidx.dll
2006-12-23 22:21 103,936 --a------ C:\WINDOWS\system32\logagent.exe
2006-12-23 22:21 1,119,744 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-12-23 22:21 1,050,624 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-12-23 22:21 1,001,472 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-12-23 22:19 <DIR> d-------- C:\Program Files\coolpro2
2006-12-23 22:11 <DIR> d-------- C:\Documents and Settings\wess\Application Data\BitTorrent
2006-12-23 22:10 <DIR> d-------- C:\Program Files\BitTorrent
2006-12-23 22:05 <DIR> d-------- C:\Program Files\Mozilla Firefox
2006-12-23 22:05 <DIR> d-------- C:\Documents and Settings\wess\Application Data\Mozilla
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-11 13:47 -------- d-------- C:\Program Files\Common Files
2007-01-11 04:57 -------- d-------- C:\Program Files\Internet Explorer
2007-01-07 18:15 -------- d-------- C:\Program Files\MSN
2007-01-07 18:13 -------- d---s---- C:\Documents and Settings\wess\Application Data\Microsoft
2007-01-05 20:27 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-01-02 19:52 -------- d-------- C:\Program Files\Windows Media Player
2007-01-02 19:51 -------- d-------- C:\Program Files\Outlook Express
2006-12-31 23:50 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-12-28 16:00 -------- d-------- C:\Documents and Settings\wess\Application Data\.gaim
2006-12-28 11:46 -------- d-------- C:\Documents and Settings\wess\Application Data\.ABC
2006-12-28 03:15 -------- d-------- C:\Program Files\Messenger
2006-12-28 03:05 -------- d-------- C:\Program Files\Common Files\System
2006-12-28 01:19 -------- d-------- C:\Program Files\Movie Maker
2006-12-28 01:16 -------- d-------- C:\Program Files\Windows NT
2006-12-28 01:16 -------- d-------- C:\Program Files\NetMeeting
2006-12-27 12:42 -------- d-------- C:\Documents and Settings\wess\Application Data\.TrueSwordSettings
2006-12-25 21:59 -------- d--h----- C:\Program Files\WindowsUpdate
2006-12-24 00:21 -------- d-------- C:\Program Files\Real
2006-12-24 00:17 16694 --a------ C:\WINDOWS\system32\drivers\PalmUSBD.sys
2006-12-08 04:50 217088 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-12-08 04:47 1159168 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-11-07 21:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-19 05:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-13 04:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 04:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 04:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-11 10:07 110592 --a------ C:\WINDOWS\system32\msnphoto.scr
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ikof"="C:\\PROGRA~1\\COMMON~1\\ikof\\ikofm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"LClock"="C:\\Program Files\\LClock\\LClock.exe"
"HostsMan"="C:\\Program Files\\HostsMan\\hm.exe -s"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,ea,00,00,00,00,00,00,00,16,03,00,00,ea,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,42,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,42,02,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HotSync Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\HotSync Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\palmOne\\Hotsync.exe -logon"
"item"="HotSync Manager"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^wess^Start Menu^Programs^Startup^OpenOffice.org 2.1.lnk]
"path"="C:\\Documents and Settings\\wess\\Start Menu\\Programs\\Startup\\OpenOffice.org 2.1.lnk"
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 2.1.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.1\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 2.1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^wess^Start Menu^Programs^Startup^palmOne Registration.lnk]
"path"="C:\\Documents and Settings\\wess\\Start Menu\\Programs\\Startup\\palmOne Registration.lnk"
"backup"="C:\\WINDOWS\\pss\\palmOne Registration.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\palmOne\\register.exe /remind /language=EN /INTL=\"true\" /_NBL=\"true\" /PRNM=\"palmOne\""
"item"="palmOne Registration"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ADeck"
"hkey"="HKLM"
"command"="C:\\Program Files\\VIA\\VIAudioi\\SBADeck\\ADeck.exe 1"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Blaero Start Orb"
"hkey"="HKLM"
"command"="C:\\Program Files\\Blaero Start Orb\\Blaero Start Orb.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyFreeWebCam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="easywebcam"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\EASYWE~1\\easywebcam.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ipwins"
"hkey"="HKLM"
"command"="C:\\Program Files\\ipwins\\ipwins.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Network Services Controller]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmsvc32"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\mmsvc32.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Verizon\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msvcc25]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="svcchost"
"hkey"="HKLM"
"command"="svcchost.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mysvcig38]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mysvcc"
"hkey"="HKLM"
"command"="mysvcc.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWRISOVM"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VerizonServicepoint"
"hkey"="HKLM"
"command"="C:\\Program Files\\Verizon\\Servicepoint\\VerizonServicepoint.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sidebar"
"hkey"="HKLM"
"command"="C:\\Program Files\\Vista Sidebar\\sidebar.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VisualToolTip"
"hkey"="HKLM"
"command"="C:\\Program Files\\VisualTooltip\\VisualToolTip.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NBService"=dword:00000003
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 07-01-11 13:48:23.45
C:\ComboFix.txt ... 07-01-11 13:48