Wow... this is long. Thanks for your help. Quick question... Since my computer takes forever to restart, and it is much faster in safe mode, can I follow your instructions in safe mode? The previous listed information was NOT done in safe mode.Thanks again. Sorry it took so long to reply.
ComboFix 07-11-08.1 - Craig Webster 2007-11-10 18:00:42.2 - NTFSx86
Running from: C:\Documents and Settings\Craig Webster\Local Settings\Temporary Internet Files\Content.IE5\APL4XOCN\ComboFix[1].exe
* Created a new restore point
.
Unable to gain System Privileges
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Craig Webster\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Craig Webster\Desktop\Online Security Guide.lnk
c:\documents and settings\craig webster\favorites\Online Security Guide.lnk
C:\WINDOWS\system32\prvegang.dllbox
C:\WINDOWS\system32\rrqss.bak1
C:\WINDOWS\system32\rrqss.bak2
C:\WINDOWS\system32\rrqss.ini
C:\WINDOWS\system32\rrqss.ini2
C:\WINDOWS\system32\rrqss.tmp
C:\WINDOWS\system32\ssqrr.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))
.
2007-11-10 17:41 85,056 --a------ C:\WINDOWS\system32\vbfihsnv.dll
2007-11-10 17:37 81,472 --a------ C:\WINDOWS\system32\njjlhocm.dll
2007-11-10 17:36 71,232 --a------ C:\WINDOWS\system32\vghwsbgf.exe
2007-11-08 16:30 80,448 --a------ C:\WINDOWS\system32\vrqnkejl.dll
2007-11-08 16:25 71,232 --a------ C:\WINDOWS\system32\qrvrgcwx.exe
2007-11-07 12:09 86,080 --a------ C:\WINDOWS\system32\uwrdwbku.dll
2007-11-07 12:06 71,232 --a------ C:\WINDOWS\system32\rtduqksp.exe
2007-11-06 21:19 <DIR> d-------- C:\Documents and Settings\Craig Webster\Application Data\Grisoft
2007-11-06 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-06 21:18 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-06 20:50 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-06 08:54 81,472 --a------ C:\WINDOWS\system32\bqiyfyun.dll
2007-11-06 08:43 81,472 --a------ C:\WINDOWS\system32\jlwdjhpt.dll
2007-11-06 08:34 87,104 --a------ C:\WINDOWS\system32\eiademso.dll
2007-11-06 08:31 71,232 --a------ C:\WINDOWS\system32\ofvqeoee.exe
2007-11-06 08:29 145,984 --a------ C:\WINDOWS\system32\prvegang.dll
2007-11-06 08:29 145,984 --a------ C:\WINDOWS\system32\ofguawjg.dll
2007-11-05 22:12 <DIR> d-------- C:\Documents and Settings\Craig Webster\.housecall6.6
2007-11-05 20:49 <DIR> d-------- C:\Program Files\a-squared Free
2007-11-05 20:15 <DIR> d-------- C:\VundoFix Backups
2007-11-05 19:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-05 16:19 <DIR> d-------- C:\downloads
2007-11-05 16:15 61,224 --a------ C:\Documents and Settings\Craig Webster\GoToAssistDownloadHelper.exe
2007-11-05 08:09 83,008 --a------ C:\WINDOWS\system32\geujlvpj.dll
2007-11-04 07:31 78,912 --a------ C:\WINDOWS\system32\htcaxlje.dll
2007-11-03 11:17 36,352 --a------ C:\WINDOWS\system32\opnllkl.dll
2007-10-30 13:04 <DIR> d-------- C:\WINDOWS\system32\Mz02r
2007-10-30 07:24 <DIR> d-------- C:\WINDOWS\system32\Mz08r
2007-10-30 07:24 <DIR> d-------- C:\Temp\mZOr
2007-10-30 07:24 <DIR> d-------- C:\Temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 02:20 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-11-07 06:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-06 05:57 --------- d-----w C:\Program Files\AWS
2007-11-06 03:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-02 23:36 --------- d-----w C:\Program Files\MSN Messenger
2007-09-27 01:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\The Learning Company
2007-09-27 01:47 --------- d-----w C:\Program Files\The Learning Company
2007-09-18 21:28 --------- d-----w C:\Documents and Settings\Craig Webster\Application Data\Image Zone Express
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634BBAB7-3F60-4426-944F-A62B9007F67F}]
2007-11-03 11:17 36352 --a------ C:\WINDOWS\system32\opnllkl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A11947D2-E551-43BF-A373-489CD5C7495E}]
2007-11-10 18:29 316512 --a------ C:\WINDOWS\system32\mllmk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-06 08:29 145984 --a------ C:\WINDOWS\system32\prvegang.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c66fb868-5ff5-4855-bf49-3efbb9ef08ca}]
2007-11-10 17:37 81472 --a------ C:\WINDOWS\system32\njjlhocm.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0B5482A-F61D-4507-BF43-CD3FC8B17CBF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\prvegang.dll [2007-11-06 08:29 145984]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\prvegang.dll [2007-11-06 08:29 145984]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 13:33]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-15 12:02]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-15 12:02]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 14:48]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 11:59]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 17:15]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 08:26]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 13:19]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 09:03]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-08-19 10:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-19 10:49]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 13:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 13:50]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 02:33]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 09:03]
"HostManager"="C:\Program Files\Common Files\AOL\1158796591\ee\AOLSoftware.exe" [2006-05-09 16:24]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 08:59]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-13 06:26]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 12:52]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 09:30]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-04-03 15:12]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2007-03-07 09:58]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [2006-05-09 16:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 13:36]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 16:04]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 07:09]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 18:05:26]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-08-19 10:47:56]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-08-19 10:42:36]
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2005-08-27 11:21:36]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 08:59:36]
Remote Controller.lnk - C:\Program Files\RemoteCon\RemoteCon.exe [2007-09-03 11:04:40]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{634BBAB7-3F60-4426-944F-A62B9007F67F}"= C:\WINDOWS\system32\opnllkl.dll [2007-11-03 11:17 36352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 13:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnllkl]
opnllkl.dll 2007-11-03 11:17 36352 C:\WINDOWS\system32\opnllkl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\prvegang]
prvegang.dll 2007-11-06 08:29 145984 C:\WINDOWS\system32\prvegang.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mllmk.dll
R3 EraserUtilDrv10733;EraserUtilDrv10733;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10733.sys
S3 usbvm328;HP Camera;C:\WINDOWS\system32\Drivers\usbvm326.sys
S3 vmfilter323;VC0326 filter service for Serome;C:\WINDOWS\system32\drivers\vmfilter323.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-11-11 01:44:51 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
"2007-10-12 09:19:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
"2007-11-11 02:37:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-11-10 18:25:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\kmllm.ini 317 bytes
C:\WINDOWS\system32\mllmk.dll 316512 bytes executable
scan completed successfully
hidden files: 2
**************************************************************************
.
Completion time: 2007-11-10 18:40:25 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-06 21:10
.
--- E O F ---ComboFix 07-11-08.1 - Craig Webster 2007-11-10 18:00:42.2 - NTFSx86
Running from: C:\Documents and Settings\Craig Webster\Local Settings\Temporary Internet Files\Content.IE5\APL4XOCN\ComboFix[1].exe
* Created a new restore point
.
Unable to gain System Privileges
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Craig Webster\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Craig Webster\Desktop\Online Security Guide.lnk
c:\documents and settings\craig webster\favorites\Online Security Guide.lnk
C:\WINDOWS\system32\prvegang.dllbox
C:\WINDOWS\system32\rrqss.bak1
C:\WINDOWS\system32\rrqss.bak2
C:\WINDOWS\system32\rrqss.ini
C:\WINDOWS\system32\rrqss.ini2
C:\WINDOWS\system32\rrqss.tmp
C:\WINDOWS\system32\ssqrr.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))
.
2007-11-10 17:41 85,056 --a------ C:\WINDOWS\system32\vbfihsnv.dll
2007-11-10 17:37 81,472 --a------ C:\WINDOWS\system32\njjlhocm.dll
2007-11-10 17:36 71,232 --a------ C:\WINDOWS\system32\vghwsbgf.exe
2007-11-08 16:30 80,448 --a------ C:\WINDOWS\system32\vrqnkejl.dll
2007-11-08 16:25 71,232 --a------ C:\WINDOWS\system32\qrvrgcwx.exe
2007-11-07 12:09 86,080 --a------ C:\WINDOWS\system32\uwrdwbku.dll
2007-11-07 12:06 71,232 --a------ C:\WINDOWS\system32\rtduqksp.exe
2007-11-06 21:19 <DIR> d-------- C:\Documents and Settings\Craig Webster\Application Data\Grisoft
2007-11-06 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-06 21:18 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-06 20:50 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-06 08:54 81,472 --a------ C:\WINDOWS\system32\bqiyfyun.dll
2007-11-06 08:43 81,472 --a------ C:\WINDOWS\system32\jlwdjhpt.dll
2007-11-06 08:34 87,104 --a------ C:\WINDOWS\system32\eiademso.dll
2007-11-06 08:31 71,232 --a------ C:\WINDOWS\system32\ofvqeoee.exe
2007-11-06 08:29 145,984 --a------ C:\WINDOWS\system32\prvegang.dll
2007-11-06 08:29 145,984 --a------ C:\WINDOWS\system32\ofguawjg.dll
2007-11-05 22:12 <DIR> d-------- C:\Documents and Settings\Craig Webster\.housecall6.6
2007-11-05 20:49 <DIR> d-------- C:\Program Files\a-squared Free
2007-11-05 20:15 <DIR> d-------- C:\VundoFix Backups
2007-11-05 19:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-05 16:19 <DIR> d-------- C:\downloads
2007-11-05 16:15 61,224 --a------ C:\Documents and Settings\Craig Webster\GoToAssistDownloadHelper.exe
2007-11-05 08:09 83,008 --a------ C:\WINDOWS\system32\geujlvpj.dll
2007-11-04 07:31 78,912 --a------ C:\WINDOWS\system32\htcaxlje.dll
2007-11-03 11:17 36,352 --a------ C:\WINDOWS\system32\opnllkl.dll
2007-10-30 13:04 <DIR> d-------- C:\WINDOWS\system32\Mz02r
2007-10-30 07:24 <DIR> d-------- C:\WINDOWS\system32\Mz08r
2007-10-30 07:24 <DIR> d-------- C:\Temp\mZOr
2007-10-30 07:24 <DIR> d-------- C:\Temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 02:20 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-11-07 06:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-06 05:57 --------- d-----w C:\Program Files\AWS
2007-11-06 03:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-02 23:36 --------- d-----w C:\Program Files\MSN Messenger
2007-09-27 01:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\The Learning Company
2007-09-27 01:47 --------- d-----w C:\Program Files\The Learning Company
2007-09-18 21:28 --------- d-----w C:\Documents and Settings\Craig Webster\Application Data\Image Zone Express
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634BBAB7-3F60-4426-944F-A62B9007F67F}]
2007-11-03 11:17 36352 --a------ C:\WINDOWS\system32\opnllkl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A11947D2-E551-43BF-A373-489CD5C7495E}]
2007-11-10 18:29 316512 --a------ C:\WINDOWS\system32\mllmk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-06 08:29 145984 --a------ C:\WINDOWS\system32\prvegang.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c66fb868-5ff5-4855-bf49-3efbb9ef08ca}]
2007-11-10 17:37 81472 --a------ C:\WINDOWS\system32\njjlhocm.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0B5482A-F61D-4507-BF43-CD3FC8B17CBF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\prvegang.dll [2007-11-06 08:29 145984]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\prvegang.dll [2007-11-06 08:29 145984]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 13:33]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-15 12:02]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-15 12:02]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 14:48]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 11:59]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 17:15]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 08:26]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 13:19]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 09:03]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-08-19 10:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-19 10:49]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 13:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 13:50]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 02:33]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 09:03]
"HostManager"="C:\Program Files\Common Files\AOL\1158796591\ee\AOLSoftware.exe" [2006-05-09 16:24]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 08:59]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-13 06:26]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 12:52]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 09:30]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-04-03 15:12]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2007-03-07 09:58]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [2006-05-09 16:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 13:36]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 16:04]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 07:09]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 18:05:26]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-08-19 10:47:56]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-08-19 10:42:36]
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2005-08-27 11:21:36]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 08:59:36]
Remote Controller.lnk - C:\Program Files\RemoteCon\RemoteCon.exe [2007-09-03 11:04:40]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{634BBAB7-3F60-4426-944F-A62B9007F67F}"= C:\WINDOWS\system32\opnllkl.dll [2007-11-03 11:17 36352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 13:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnllkl]
opnllkl.dll 2007-11-03 11:17 36352 C:\WINDOWS\system32\opnllkl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\prvegang]
prvegang.dll 2007-11-06 08:29 145984 C:\WINDOWS\system32\prvegang.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mllmk.dll
R3 EraserUtilDrv10733;EraserUtilDrv10733;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10733.sys
S3 usbvm328;HP Camera;C:\WINDOWS\system32\Drivers\usbvm326.sys
S3 vmfilter323;VC0326 filter service for Serome;C:\WINDOWS\system32\drivers\vmfilter323.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-11-11 01:44:51 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
"2007-10-12 09:19:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
"2007-11-11 02:37:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-11-10 18:25:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\kmllm.ini 317 bytes
C:\WINDOWS\system32\mllmk.dll 316512 bytes executable
scan completed successfully
hidden files: 2
**************************************************************************
.
Completion time: 2007-11-10 18:40:25 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-06 21:10
.
--- E O F ---