CastleCops :: View topic - [IN PROGRESS]Computer is infected please help with Hijackthis log

[IN PROGRESS]Computer is infected please help with Hijackthis log
Goto page 1, 2 Next
CastleCops -> Trend Micro HijackThis Logs

Author: cyberbear2, Location: USA

Posted: Tue Jun 24, 2008 12:22 am Post subject: Computer is infected please help with Hijackthis log

A friend gave me his computer to take a look at and I believe it's infected. I have run several scans and removed some files but it is still running very slow and the internet explorer browser is trying to add advertising sites to the trusted zones (shdoclc.dll). Please help.

I have run scans wih the following programs.
AVG
Ad-Aware
Spybot
Malware bytes
Combofix
Trojan Hunter
Super Anti-Spyware

Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 19:57:32, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253\update\update.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {E6E01B02-A6F9-4EFE-A0EC-0A9666764C5C} - C:\WINDOWS\system32\jkkkhfCU.dll (file missing)
O2 - BHO: {3ed552a3-2b36-50d9-87d4-e8016d6f165f} - {f561f6d6-108e-4d78-9d05-63b23a255de3} - C:\WINDOWS\System32\jkjhsphk.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open PDF in Word (PDF Converter 2.0) - res://C:\Program Files\ScanSoft\PDF Converter 2.0 Professional\PDFConv\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Malwarebytes log
Malwarebytes' Anti-Malware 1.18
Database version: 873

5:29:52 PM 6/23/2008
mbam-log-6-23-2008 (17-29-52).txt

Scan type: Quick Scan
Objects scanned: 42199
Time elapsed: 11 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Combofix Log

Paul Par‚ - 08-06-23 17:30:32.57 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Paul Par‚\Desktop\SWI"

((((((((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 ))))))))))))))))))))))))))))))))))

2008-06-23 14:39 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-22 20:45 <DIR> d-------- C:\Documents and Settings\Paul Par‚\Application Data\TrojanHunter
2008-06-22 20:43 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-06-20 20:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-20 20:59 <DIR> d-------- C:\Documents and Settings\Paul Par‚\Application Data\SUPERAntiSpyware.com
2008-06-20 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-20 17:56 <DIR> d-------- C:\Documents and Settings\Paul Par‚\Application Data\Malwarebytes
2008-06-20 17:55 34,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-06-20 17:55 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-06-20 17:55 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-20 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-18 20:16 1,722 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-06-18 19:48 <DIR> d-------- C:\VundoFix Backups
2008-06-18 16:52 <DIR> d-------- C:\Program Files\Softwin
2008-06-18 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-06-18 16:51 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-06-18 16:39 <DIR> d-------- C:\WINDOWS\Prefetch
2008-06-18 14:24 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-18 14:16 <DIR> d-------- C:\SDFix
2008-06-17 18:13 79,304 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2008-06-17 18:13 40,488 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2008-06-17 18:13 35,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2008-06-17 18:13 33,832 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2008-06-17 18:13 201,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2008-06-17 18:12 113,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2008-06-17 18:11 <DIR> d-------- C:\Program Files\McAfee.com
2008-06-17 18:11 <DIR> d-------- C:\Program Files\McAfee
2008-06-17 18:11 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-06-17 17:38 <DIR> d-------- C:\Documents and Settings\Paul Par‚\Application Data\Mozilla
2008-06-17 17:32 110,336 --a------ C:\WINDOWS\SYSTEM32\jkjhsphk.dll
2008-06-17 17:12 <DIR> d-------- C:\Documents and Settings\Paul Par‚\.housecall6.6
2008-06-17 16:27 <DIR> d-------- C:\Program Files\Panda Security
2008-06-17 15:16 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-17 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-17 15:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 15:04 <DIR> d-------- C:\Documents and Settings\Paul Par‚\Application Data\Lavasoft
2008-06-17 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-17 13:40 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-06-17 13:39 <DIR> d-------- C:\Program Files\Grisoft
2008-06-17 10:19 <DIR> d-------- C:\Program Files\hijackthis
2008-06-16 16:36 182,880 --a------ C:\WINDOWS\SYSTEM32\iuenginenew.dll
2008-06-16 16:06 <DIR> d-------- C:\Documents and Settings\Paul Par‚\Application Data\McAfee
2008-06-15 18:17 81,920 --a------ C:\WINDOWS\SYSTEM32\isign32.dll
2008-06-15 18:17 81,920 --a------ C:\WINDOWS\SYSTEM32\ils.dll
2008-06-15 18:17 73,728 --a------ C:\WINDOWS\SYSTEM32\icwdial.dll
2008-06-15 18:17 73,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sr.sys
2008-06-15 18:17 69,632 --a------ C:\WINDOWS\SYSTEM32\msconf.dll
2008-06-15 18:17 678,400 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2008-06-15 18:17 67,584 --a------ C:\WINDOWS\SYSTEM32\srclient.dll
2008-06-15 18:17 65,536 --a------ C:\WINDOWS\SYSTEM32\icwphbk.dll
2008-06-15 18:17 48,128 --a------ C:\WINDOWS\SYSTEM32\inetres.dll
2008-06-15 18:17 45,568 --a------ C:\WINDOWS\SYSTEM32\safrslv.dll
2008-06-15 18:17 43,520 --a------ C:\WINDOWS\SYSTEM32\safrcdlg.dll
2008-06-15 18:17 43,520 --a------ C:\WINDOWS\SYSTEM32\racpldlg.dll
2008-06-15 18:17 382,464 --a------ C:\WINDOWS\SYSTEM32\qmgr.dll
2008-06-15 18:17 34,560 --a------ C:\WINDOWS\SYSTEM32\mnmdd.dll
2008-06-15 18:17 32,768 --a------ C:\WINDOWS\SYSTEM32\mnmsrvc.exe
2008-06-15 18:17 32,768 --a------ C:\WINDOWS\SYSTEM32\isrdbg32.dll
2008-06-15 18:17 29,696 --a------ C:\WINDOWS\SYSTEM32\safrdm.dll
2008-06-15 18:17 28,672 --a------ C:\WINDOWS\SYSTEM32\nmmkcert.dll
2008-06-15 18:17 274,944 --a------ C:\WINDOWS\SYSTEM32\mstask.dll
2008-06-15 18:17 274,432 --a------ C:\WINDOWS\SYSTEM32\inetcfg.dll
2008-06-15 18:17 252,928 --a------ C:\WINDOWS\SYSTEM32\msoeacct.dll
2008-06-15 18:17 239,104 --a------ C:\WINDOWS\SYSTEM32\srrstr.dll
2008-06-15 18:17 190,976 --a------ C:\WINDOWS\SYSTEM32\schedsvc.dll
2008-06-15 18:17 18,944 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2008-06-15 18:17 170,496 --a------ C:\WINDOWS\SYSTEM32\srsvc.dll
2008-06-15 18:17 12,288 --a------ C:\WINDOWS\SYSTEM32\mstinit.exe
2008-06-15 18:17 105,984 --a------ C:\WINDOWS\SYSTEM32\msoert2.dll
2008-06-15 18:15 949,248 --a------ C:\WINDOWS\SYSTEM32\msdtctm.dll
2008-06-15 18:15 93,696 --a------ C:\WINDOWS\SYSTEM32\tscfgwmi.dll
2008-06-15 18:15 90,112 --a------ C:\WINDOWS\SYSTEM32\mtxoci.dll
2008-06-15 18:15 87,176 --a------ C:\WINDOWS\SYSTEM32\rdpwsx.dll
2008-06-15 18:15 85,504 --a------ C:\WINDOWS\SYSTEM32\catsrvps.dll
2008-06-15 18:15 82,432 --a------ C:\WINDOWS\SYSTEM32\comrepl.dll
2008-06-15 18:15 8,704 --a------ C:\WINDOWS\SYSTEM32\fxsperf.dll
2008-06-15 18:15 72,192 --a------ C:\WINDOWS\SYSTEM32\fxscom.dll
2008-06-15 18:15 67,072 --a------ C:\WINDOWS\SYSTEM32\rdshost.exe
2008-06-15 18:15 655,360 --a------ C:\WINDOWS\SYSTEM32\mstscax.dll
2008-06-15 18:15 628,224 --a------ C:\WINDOWS\SYSTEM32\catsrvut.dll
2008-06-15 18:15 62,464 --a------ C:\WINDOWS\SYSTEM32\rdpclip.exe
2008-06-15 18:15 62,464 --a------ C:\WINDOWS\SYSTEM32\colbact.dll
2008-06-15 18:15 60,416 --a------ C:\WINDOWS\SYSTEM32\remotepg.dll
2008-06-15 18:15 6,656 --a------ C:\WINDOWS\SYSTEM32\wuauserv.dll
2008-06-15 18:15 6,656 --a------ C:\WINDOWS\SYSTEM32\fxsres.dll
2008-06-15 18:15 6,144 --a------ C:\WINDOWS\SYSTEM32\msdtc.exe
2008-06-15 18:15 58,880 --a------ C:\WINDOWS\SYSTEM32\msdtclog.dll
2008-06-15 18:15 58,880 --a------ C:\WINDOWS\SYSTEM32\licwmi.dll
2008-06-15 18:15 562,176 --a------ C:\WINDOWS\SYSTEM32\fxsst.dll
2008-06-15 18:15 56,320 --a------ C:\WINDOWS\SYSTEM32\servdeps.dll
2008-06-15 18:15 55,296 --a------ C:\WINDOWS\SYSTEM32\fxsevent.dll
2008-06-15 18:15 540,160 --a------ C:\WINDOWS\SYSTEM32\comuid.dll
2008-06-15 18:15 538,624 --a------ C:\WINDOWS\SYSTEM32\spider.exe
2008-06-15 18:15 53,080 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-06-15 18:15 501,248 --a------ C:\WINDOWS\SYSTEM32\clbcatq.dll
2008-06-15 18:15 452,096 --a------ C:\WINDOWS\SYSTEM32\fxsapi.dll
2008-06-15 18:15 44,544 --a------ C:\WINDOWS\SYSTEM32\tscupgrd.exe
2008-06-15 18:15 425,472 --a------ C:\WINDOWS\SYSTEM32\msdtcprx.dll
2008-06-15 18:15 407,552 --a------ C:\WINDOWS\SYSTEM32\mstsc.exe
2008-06-15 18:15 400,384 --a------ C:\WINDOWS\SYSTEM32\fxsxp32.dll
2008-06-15 18:15 397,312 --a------ C:\WINDOWS\SYSTEM32\fxstiff.dll
2008-06-15 18:15 38,912 --a------ C:\WINDOWS\SYSTEM32\cfgbkend.dll
2008-06-15 18:15 345,088 --a------ C:\WINDOWS\SYSTEM32\hypertrm.dll
2008-06-15 18:15 343,040 --a------ C:\WINDOWS\SYSTEM32\mspaint.exe
2008-06-15 18:15 295,424 --a------ C:\WINDOWS\SYSTEM32\termsrv.dll
2008-06-15 18:15 285,184 --a------ C:\WINDOWS\SYSTEM32\fxscomex.dll
2008-06-15 18:15 27,136 --a------ C:\WINDOWS\SYSTEM32\fxsdrv.dll
2008-06-15 18:15 267,776 --a------ C:\WINDOWS\SYSTEM32\fxssvc.exe
2008-06-15 18:15 246,272 --a------ C:\WINDOWS\SYSTEM32\fxst30.dll
2008-06-15 18:15 23,552 --a------ C:\WINDOWS\SYSTEM32\fxsmon.dll
2008-06-15 18:15 23,552 --a------ C:\WINDOWS\SYSTEM32\fxsext32.dll
2008-06-15 18:15 229,888 --a------ C:\WINDOWS\SYSTEM32\catsrv.dll
2008-06-15 18:15 229,376 --a------ C:\WINDOWS\SYSTEM32\fxscover.exe
2008-06-15 18:15 21,896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tdtcp.sys
2008-06-15 18:15 20,480 --a------ C:\WINDOWS\SYSTEM32\qprocess.exe
2008-06-15 18:15 196,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rdpdr.sys
2008-06-15 18:15 192,512 --a------ C:\WINDOWS\SYSTEM32\fxswzrd.dll
2008-06-15 18:15 19,968 --a------ C:\WINDOWS\SYSTEM32\rdpsnd.dll
2008-06-15 18:15 185,344 --a------ C:\WINDOWS\SYSTEM32\cmprops.dll
2008-06-15 18:15 183,808 --a------ C:\WINDOWS\SYSTEM32\accwiz.exe
2008-06-15 18:15 17,408 --a------ C:\WINDOWS\SYSTEM32\mmfutil.dll
2008-06-15 18:15 161,280 --a------ C:\WINDOWS\SYSTEM32\msdtcuiu.dll
2008-06-15 18:15 154,112 --a------ C:\WINDOWS\SYSTEM32\fxsui.dll
2008-06-15 18:15 147,968 --a------ C:\WINDOWS\SYSTEM32\rdchost.dll
2008-06-15 18:15 143,360 --a------ C:\WINDOWS\SYSTEM32\fxsclnt.exe
2008-06-15 18:15 140,800 --a------ C:\WINDOWS\SYSTEM32\sessmgr.exe
2008-06-15 18:15 139,400 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rdpwd.sys
2008-06-15 18:15 131,584 --a------ C:\WINDOWS\SYSTEM32\sndrec32.exe
2008-06-15 18:15 13,824 --a------ C:\WINDOWS\SYSTEM32\rdsaddin.exe
2008-06-15 18:15 123,392 --a------ C:\WINDOWS\SYSTEM32\mplay32.exe
2008-06-15 18:15 12,040 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tdpipe.sys
2008-06-15 18:15 110,080 --a------ C:\WINDOWS\SYSTEM32\clbcatex.dll
2008-06-15 18:15 11,776 --a------ C:\WINDOWS\SYSTEM32\xolehlp.dll
2008-06-15 18:15 11,264 --a------ C:\WINDOWS\SYSTEM32\icaapi.dll
2008-06-15 18:15 102,912 --a------ C:\WINDOWS\SYSTEM32\clipbrd.exe
2008-06-15 18:15 1,712,984 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-06-15 18:15 1,251,840 --a------ C:\WINDOWS\SYSTEM32\comsvcs.dll
2008-06-15 18:12 6,400 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\splitter.sys
2008-06-15 18:12 52,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dmusic.sys
2008-06-15 18:09 57,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys
2008-06-15 18:08 40,840 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys
2008-06-15 18:06 74,752 --a------ C:\WINDOWS\SYSTEM32\storprop.dll
2008-06-15 18:06 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2008-06-15 18:06 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll
2008-06-15 18:06 11,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\irenum.sys
2008-06-15 13:51 <DIR> d-------- C:\WINDOWS\msapps
2008-06-15 13:51 <DIR> d-------- C:\WINDOWS\java
2008-06-01 11:07 <DIR> d-------- C:\WINDOWS\pss
2008-05-31 16:36 240,619 --ahs---- C:\WINDOWS\SYSTEM32\UCfhkkkj.ini2

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-06-23 14:37 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-20 16:26 -------- d-------- C:\Program Files\Google
2008-06-18 16:51 -------- d-------- C:\Program Files\Common Files
2008-06-18 16:38 -------- d-------- C:\Program Files\Internet Explorer
2008-06-18 16:21 -------- d-------- C:\Program Files\Windows Media Player
2008-06-18 16:14 -------- d-------- C:\Program Files\NetMeeting
2008-06-18 16:14 -------- d-------- C:\Program Files\Movie Maker
2008-06-18 16:13 -------- d-------- C:\Program Files\Windows NT
2008-06-18 16:13 -------- d-------- C:\Program Files\Outlook Express
2008-06-18 16:13 -------- d-------- C:\Program Files\Common Files\System
2008-06-17 17:37 -------- d-------- C:\Program Files\Mozilla Firefox
2008-06-16 17:01 -------- d--h----- C:\Program Files\WindowsUpdate
2008-06-15 18:41 -------- d---s---- C:\Documents and Settings\Paul Par‚\Application Data\Microsoft
2008-05-31 16:33 -------- d-------- C:\Documents and Settings\Paul Par‚\Application Data\WeatherBug
2008-05-16 16:22 -------- d--h----- C:\Program Files\InstallShield Installation Information
2008-05-16 11:58 12632 --a------ C:\WINDOWS\SYSTEM32\lsdelete.exe
2008-05-08 08:28 202752 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rmcast.sys
2008-05-04 10:25 -------- d-------- C:\Documents and Settings\Paul Par‚\Application Data\Adobe
2008-04-30 16:54 -------- d-------- C:\Program Files\Apple Software Update
2008-04-29 11:20 15648 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\NSDriver.sys
2008-04-29 11:19 15648 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Awrtrd.sys
2008-04-29 11:19 12960 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Awrtpd.sys
2008-03-27 05:24 60416 --a------ C:\WINDOWS\SYSTEM32\tzchange.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"THGuard"="\"C:\\Program Files\\TrojanHunter 5.0\\THGuard.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 8.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 8.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 8.0 Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Billminder.lnk"
"backup"="C:\\WINDOWS\\pss\\Billminder.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\QUICKENW\\BILLMIND.EXE -startup"
"item"="Billminder"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Quicken Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\Quicken Startup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\QUICKENW\\QWDLLS.EXE "
"item"="Quicken Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Paul Paré^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk]
"path"="C:\\Documents and Settings\\Paul Paré\\Start Menu\\Programs\\Startup\\TextBridge Instant Access OCR.lnk"
"backup"="C:\\WINDOWS\\pss\\TextBridge Instant Access OCR.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\TEXTBR~1\\Bin\\TBMenu.exe /h"
"item"="TextBridge Instant Access OCR"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2839a195]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qmydewfx"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\System32\\qmydewfx.dll\",b"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Reader_sl"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCMSMMSG"
"hkey"="HKLM"
"command"="BCMSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM2b0a9209]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="btjxyxon"
"hkey"="HKLM"
"command"="Rundll32.exe \"C:\\WINDOWS\\System32\\btjxyxon.dll\",s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DSAgnt"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DSentry"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\DSentry.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpcmpmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMEKRMIG"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMJPMIG"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IndexSearch"
"hkey"="HKLM"
"command"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe /runkey"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkUFind"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Verizon\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pptd40nt"
"hkey"="HKLM"
"command"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Converter Registry Controller]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegistryController"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ScanSoft\\PDF Converter 2.0 Professional\\PDFConv\\\\RegistryController.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PPWebCap"
"hkey"="HKCU"
"command"="C:\\Program Files\\ScanSoft\\PaperPort\\PPWebCap.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RxMon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DrgToDsc"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EngUtil"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SM1BG"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SM1BG.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SSBkgdupdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\mcmscsvc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\WebReg 20040416000105.job
C:\WINDOWS\tasks\WebReg 20040502155641.job
C:\WINDOWS\tasks\WebReg 20040517183925.job

Completion time: 08-06-23 17:32:20.28
C:\ComboFix.txt ... 08-06-23 17:32
C:\ComboFix2.txt ... 08-06-17 13:01

Author: Prince_Serendip,

Posted: Tue Jun 24, 2008 9:24 am Post subject:

Your version of HijackThis is out-of-date. Please uninstall your old copy of HJT with Add/Remove Programs.

Please follow the instructions >>>HERE<<< at #5. Thanks.

Note: The current version is HijackThis 2.0.2.

Please do not post any other log except a HijackThis log. If your helper wants other types of logs, they'll ask for them.

Author: cyberbear2, Location: USA

Posted: Tue Jun 24, 2008 4:58 pm Post subject: Hijackthis updated and new log

Sorry. Here is the updated log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:46:56, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {E6E01B02-A6F9-4EFE-A0EC-0A9666764C5C} - C:\WINDOWS\system32\jkkkhfCU.dll (file missing)
O2 - BHO: {3ed552a3-2b36-50d9-87d4-e8016d6f165f} - {f561f6d6-108e-4d78-9d05-63b23a255de3} - C:\WINDOWS\System32\jkjhsphk.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open PDF in Word (PDF Converter 2.0) - res://C:\Program Files\ScanSoft\PDF Converter 2.0 Professional\PDFConv\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7129 bytes

Author: Prince_Serendip,

Posted: Wed Jun 25, 2008 11:24 am Post subject:

You're Ready for cleaning. Thumbs Up

At CastleCops we screen all HijackThis logs for errors, out-of-date versions, unupdated operating systems, omissions and P2P applications; getting you [READY] for cleaning by our 1st Responders and Security Experts. Now you wait for one of them to come help you.

Author: Prince_Serendip,

Posted: Tue Jul 01, 2008 6:05 pm Post subject:

Now that you've made an entry at the Unhandled Logs topic, you need to post a fresh log here (below this post).

**NOTE: You have a week to post the updated log. Do not post it as a new topic. If your new updated log is not posted, this topic will be locked and your post removed from the Unhandled Logs topic list.

Author: cyberbear2, Location: USA

Posted: Tue Jul 01, 2008 8:01 pm Post subject: Updated Log

Here is the updated log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:54:09, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open PDF in Word (PDF Converter 2.0) - res://C:\Program Files\ScanSoft\PDF Converter 2.0 Professional\PDFConv\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6856 bytes

Author: cyberbear2, Location: USA

Posted: Tue Jul 01, 2008 8:26 pm Post subject:

I have fixed the following entries in the original log. I am rescanning with malware bytes.

O2 - BHO: (no name) - {E6E01B02-A6F9-4EFE-A0EC-0A9666764C5C} - C:\WINDOWS\system32\jkkkhfCU.dll (file missing)
O2 - BHO: {3ed552a3-2b36-50d9-87d4-e8016d6f165f} - {f561f6d6-108e-4d78-9d05-63b23a255de3} - C:\WINDOWS\System32\jkjhsphk.dll

Author: cyberbear2, Location: USA

Posted: Tue Jul 01, 2008 11:34 pm Post subject:

So Malware bytes didn't detecy MS Juan but the internet explorer browser is still messed up (It loads the homepage but when I try to go to a different page it just returns to the original page (it's almost like it's looping back and forth except I never see it change. I just see the addresses change down the bottom of the screen) and the system is still running slow.

Please help.

Author: SpotCheckBilly,

Posted: Mon Jul 07, 2008 12:12 am Post subject:

Hello cyberbear2,

Welcome to the cC forums. I'm SpotCheckBilly (SCB for short) and if you still need assistance I will be happy to help you.

===Very Important===
The instructions in this thread have been specifically designed for THIS USER'S MACHINE ONLY . You should not use these instructions to clean your machine. Doing so could cause irreparable damage to your machine. If you need assistance, please start your own thread.

=================

A couple of important things to keep in mind during our fix.

Please >> DO NOT<< run any scans/tools or other fixes unless I ask you to.
If you are running P2P filesharing program(s). they must be uninstalled before proceeding.
If you are running any cracked/pirated software, REMOVE it before proceeding. Many helpers -- myself included -- will not assist you if you are using such software.

Remember, we are in this process together. We must cooperate with each other or the fix will surely fail. If there is something you don't understand or or are unsure of -- Please Do not skip it. Instead, take a moment to ask. With some infections skipping a step can be disastrous.That being said, let's get started. Smile

Part of the slow performance is probably due to the fact that you have too many real-time protection programs running. These programs seldom get along and most always cause conflicts. Since it appears that you are running McAfee Security Suite, I would suggest that you disable all other real-time protection. You most certainly can keep the other programs as on-demand scanner's. NOTE: AVG Antispyware is outdated and no longer supported. I would just uninstall that one.

Since your HijackThis log is several days old, I would like to start with some fresh information. Please do the following:

Update and rescan with Malwarebytes Anti-Malware (current version 1.19, current database version 924).

Please do the following EXACTLY as directed:

Follow this link to the How to Use Combofix tutorial at bleepingcomputer.com.

>>>If you already have Combofix, delete previous copy(s) and download the latest version.<<<

Read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

***If you have an always on Internet connection, unplug from your DSL/cable modem before proceeding. Reconnect only after Combofix has finished its scan.***

Please continue with the scan as follows:

Very Important! Temporarily >>disable<< your anti-virus, script blocking and any anti-malware real-time protection before continuing the scan. They can interfere with ComboFix and may cause unpredictable results. Note: Combofix will disconnect you from the Internet, then restore your connection as it finishes.
Click Yes and follow the prompts to allow ComboFix to continue scanning for malware. This can take a while, so please be patient.
When finished, it will produce a report for you at C:\ComboFix.txt.

***Do not mouseclick combofix's window while it's running. That may cause it to stall***

In your next post, please include

The results of the Malwarebytes Anti-Malware scan.
A new Hijackthis log.
C.:\Combofix.txt.

Use multiple posts if necessary to ensure the entire contents of the logs gets posted. To prevent loss of information during a copy/paste operation:
Open the desired log.
Hit Ctrl+a to select the entire contents.
Hit Ctrl+c copy the entire contents.
Hit Ctrl+v paste the entire contents into the message body box in your reply.

We'll take it from there. Hello

SCB

Author: cyberbear2, Location: USA

Posted: Mon Jul 07, 2008 2:35 am Post subject: new logs malware bytes and hijackthis

Malwarebytes' Anti-Malware 1.19
Database version: 929
Windows 5.1.2600 Service Pack 2

10:07:22 PM 7/6/2008
mbam-log-7-6-2008 (22-07-22).txt

Scan type: Quick Scan
Objects scanned: 44048
Time elapsed: 19 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:28:27, on 7/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open PDF in Word (PDF Converter 2.0) - res://C:\Program Files\ScanSoft\PDF Converter 2.0 Professional\PDFConv\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6635 bytes

Author: cyberbear2, Location: USA

Posted: Mon Jul 07, 2008 2:38 am Post subject: new log combofix

ComboFix 08-07-05.1 - Paul Paré 2008-07-06 22:15:26.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.681 [GMT -4:00]
Running from: C:\Documents and Settings\Paul Paré\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))
.

2008-07-06 21:45 . 2008-07-06 21:45 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-06 21:45 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-07-06 21:45 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-07-02 10:36 . <DIR> C:\Documents and Settings\Paul ParT
2008-06-29 18:42 . 2007-07-09 09:09 584,192 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2008-06-29 18:42 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-06-24 08:46 . 2008-06-24 08:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-22 20:45 . 2008-06-22 20:45 <DIR> d-------- C:\Documents and Settings\Paul Paré\Application Data\TrojanHunter
2008-06-22 20:43 . 2008-06-22 20:44 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-06-20 20:59 . 2008-06-20 20:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-20 20:59 . 2008-06-20 20:59 <DIR> d-------- C:\Documents and Settings\Paul Paré\Application Data\SUPERAntiSpyware.com
2008-06-20 20:59 . 2008-06-20 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-20 17:56 . 2008-06-20 17:56 <DIR> d-------- C:\Documents and Settings\Paul Paré\Application Data\Malwarebytes
2008-06-20 17:55 . 2008-06-20 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-18 20:16 . 2008-06-18 20:16 1,722 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-06-18 19:48 . 2008-06-18 19:55 <DIR> d-------- C:\VundoFix Backups
2008-06-18 16:58 . 2008-06-20 17:01 81,984 --a------ C:\WINDOWS\SYSTEM32\bdod.bin
2008-06-18 16:52 . 2008-06-18 16:52 <DIR> d-------- C:\Program Files\Softwin
2008-06-18 16:52 . 2008-06-20 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-06-18 16:51 . 2008-06-20 17:01 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-06-18 16:21 . 2004-08-04 00:56 380,416 --------- C:\WINDOWS\SYSTEM32\irprops.cpl
2008-06-18 16:00 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002570_.tmp
2008-06-18 15:29 . 2002-08-28 22:59 154,624 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\wlluc48.sys
2008-06-18 15:29 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\xlog.exe
2008-06-18 15:29 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\wlandrv2.sys
2008-06-18 15:29 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\xrxftplt.exe
2008-06-18 15:29 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2008-06-18 15:29 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-06-18 15:29 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\xem336n5.sys
2008-06-18 15:29 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\xrxflnch.exe
2008-06-18 15:27 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\tridxp.dll
2008-06-18 15:24 . 2001-08-17 14:56 252,032 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\sis300iv.dll
2008-06-18 15:23 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\sblfx.dll
2008-06-18 15:22 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-06-18 15:21 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\nv3.sys
2008-06-18 15:20 . 2001-08-17 14:02 35,200 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msgame.sys
2008-06-18 15:20 . 2001-08-17 13:48 12,416 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msriffwv.sys
2008-06-18 15:20 . 2001-08-17 13:48 6,016 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msfsio.sys
2008-06-18 15:20 . 2001-08-17 14:00 2,944 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msmpu401.sys
2008-06-18 15:18 . 2001-08-17 13:49 26,624 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\irstusb.sys
2008-06-18 15:18 . 2001-08-17 13:49 23,552 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\irmk7.sys
2008-06-18 15:18 . 2001-08-17 13:51 18,688 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\irsir.sys
2008-06-18 15:16 . 2001-08-17 13:28 907,456 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hcf_msft.sys
2008-06-18 15:15 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
2008-06-18 15:14 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\diwan.sys
2008-06-18 15:13 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\cicap.sys
2008-06-18 15:12 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\3cwmcru.sys
2008-06-18 14:24 . 2008-06-18 14:25 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-18 14:16 . 2008-06-18 15:01 <DIR> d-------- C:\SDFix
2008-06-17 20:37 . 2008-07-06 22:09 6,285 --a------ C:\WINDOWS\SYSTEM32\Config.MPF
2008-06-17 18:13 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2008-06-17 18:13 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2008-06-17 18:13 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2008-06-17 18:13 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2008-06-17 18:13 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2008-06-17 18:12 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2008-06-17 18:11 . 2008-06-17 18:12 <DIR> d-------- C:\Program Files\McAfee.com
2008-06-17 18:11 . 2008-06-18 11:15 <DIR> d-------- C:\Program Files\McAfee
2008-06-17 18:11 . 2008-06-17 18:13 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-06-17 17:32 . 2008-06-17 17:32 109,803 --a------ C:\WINDOWS\BM2b0a9209.xml
2008-06-17 17:12 . 2008-06-19 19:02 <DIR> d-------- C:\Documents and Settings\Paul Paré\.housecall6.6
2008-06-17 17:12 . 2008-06-19 19:02 <DIR> d-------- C:\Documents and Settings\Paul Paré\.housecall6.6
2008-06-17 16:27 . 2008-06-20 17:28 <DIR> d-------- C:\Program Files\Panda Security
2008-06-17 15:16 . 2008-06-17 15:16 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-17 15:16 . 2008-06-17 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-17 15:15 . 2008-06-20 20:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 15:04 . 2008-06-17 15:08 <DIR> d-------- C:\Documents and Settings\Paul Paré\Application Data\Lavasoft
2008-06-17 13:49 . 2008-06-17 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-16 17:00 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl
2008-06-16 16:36 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\SYSTEM32\iuenginenew.dll
2008-06-16 16:06 . 2008-06-16 16:06 <DIR> d-------- C:\Documents and Settings\Paul Paré\Application Data\McAfee
2008-06-15 18:23 . 2004-08-03 22:31 482,304 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\pintlgnt.ime
2008-06-15 18:22 . 2001-08-23 08:00 10,096,640 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hwxcht.dll
2008-06-15 18:21 . 2001-08-17 22:36 2,134,528 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_smtpsnap.dll
2008-06-15 18:21 . 2001-08-17 22:36 175,104 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_smtpadm.dll
2008-06-15 18:18 . 2008-06-16 16:17 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-06-15 18:18 . 2008-06-16 16:17 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2008-06-15 18:18 . 2008-06-16 16:17 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2008-06-15 18:18 . 2008-06-16 16:17 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2008-06-15 18:18 . 2008-06-15 18:18 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2008-06-15 18:15 . 2007-07-30 19:19 1,712,984 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-06-15 18:12 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dmusic.sys
2008-06-15 18:12 . 2006-06-14 04:47 6,400 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\splitter.sys
2008-06-15 18:09 . 2004-08-03 22:59 57,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys
2008-06-15 18:08 . 2004-08-04 01:01 40,840 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys
2008-06-15 18:06 . 2004-08-04 00:56 146,432 --a------ C:\WINDOWS\SYSTEM\winspool.drv
2008-06-15 18:06 . 2004-08-04 00:56 74,752 --a------ C:\WINDOWS\SYSTEM32\storprop.dll
2008-06-15 18:06 . 2002-09-03 13:04 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2008-06-15 18:06 . 2002-09-03 13:04 24,661 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\spxcoins.dll
2008-06-15 18:06 . 2002-09-03 12:35 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll
2008-06-15 18:06 . 2002-09-03 12:35 13,312 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\irclass.dll
2008-06-15 18:06 . 2004-08-03 23:00 11,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\irenum.sys
2008-06-15 13:51 . 2008-06-15 13:51 <DIR> d-------- C:\WINDOWS\msapps
2008-06-15 13:51 . 2008-06-15 18:20 <DIR> d-------- C:\WINDOWS\java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 18:37 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-23 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-20 20:26 --------- d-----w C:\Program Files\Google
2008-06-18 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-17 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-06-15 22:20 558,142 ----a-w C:\WINDOWS\java\Packages\VH7DVLV7.ZIP
2008-06-15 22:20 155,995 ----a-w C:\WINDOWS\java\Packages\883VHF7X.ZIP
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-31 20:33 --------- d-----w C:\Documents and Settings\Paul Paré\Application Data\WeatherBug
2008-05-16 20:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
2007-04-09 21:13 87,608 ----a-w C:\Documents and Settings\Paul Paré\Application Data\ezpinst.exe
2007-04-09 21:13 47,360 ----a-w C:\Documents and Settings\Paul Paré\Application Data\pcouffin.sys
2004-11-14 02:41 118,624 ----a-w C:\Documents and Settings\Paul Paré\Application Data\GDIPFONTCACHEV1.DAT
2003-08-27 19:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-02_10.35.41.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-02 14:21:32 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-07-07 01:41:38 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
- 2008-07-02 14:05:16 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2008-07-07 01:31:01 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2008-07-02 14:05:16 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2008-07-07 01:31:01 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-08-14 18:29 90112]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-03-25 19:08 1047712]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 15:16 5058560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-10-06 15:16 49152]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=C:\WINDOWS\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Paul Paré^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk]
path=C:\Documents and Settings\Paul Paré\Start Menu\Programs\Startup\TextBridge Instant Access OCR.lnk
backup=C:\WINDOWS\pss\TextBridge Instant Access OCR.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-06-01 14:32 94208 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 18:05 81920 C:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
-ra------ 2002-08-14 19:22 28672 C:\WINDOWS\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2005-01-12 14:54 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 54840 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a------ 2002-08-29 06:00 44032 C:\WINDOWS\IME\IMKR6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 22:32 208952 C:\WINDOWS\IME\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2003-09-06 01:35 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 14:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 19:12 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2002-07-16 08:21 28672 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2006-06-23 12:33 438359 C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 17:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-10-06 15:16 5058560 C:\WINDOWS\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2003-09-06 01:16 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Converter Registry Controller]
--a------ 2004-05-12 14:05 98304 C:\Program Files\ScanSoft\PDF Converter 2.0 Professional\PDFConv\registrycontroller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]
--a------ 2003-09-06 01:29 94257 C:\Program Files\ScanSoft\PaperPort\ppwebcap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
--a------ 2003-07-15 13:36 319488 C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2003-07-17 01:19 868352 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
--a------ 2003-05-01 19:44 65536 C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
-ra------ 2003-08-27 15:20 94208 C:\WINDOWS\SM1bg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-10-14 10:22 155648 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-12-29 10:25 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a------ 2007-01-04 17:38 112336 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
--a------ 2004-07-30 15:57 1593344 C:\Program Files\AWS\WeatherBug\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-06-02 06:00 122880 C:\WINDOWS\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-10-06 15:16 741376 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Microsoft Games\\Links 2001\\LinksMMI.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"\\\\YOUR-PA86Z1I3G7\\SHAREDDOCS\\AIM\\aim.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Documents and Settings\\All Users\\Documents\\Stime's\\aim.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=

R0 MrFilter;EasyWrite Driver;C:\WINDOWS\system32\drivers\MrFilter.sys [2003-07-17 04:17]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
S2 A4SII300;A4SII300;C:\WINDOWS\system32\drivers\A4SII300.SYS []
S3 grmn0200;grmn0200.Sys Garmin USB DCP driver (install);C:\WINDOWS\system32\Drivers\grmn0200.sys [2007-01-05 16:51]
S3 grmn1200;grmn0200.Sys Garmin USB DCP driver;C:\WINDOWS\system32\Drivers\grmn1200.sys [2007-01-05 16:51]
S3 OlCamudp;OLYMPUS Digital Camera;C:\WINDOWS\system32\Drivers\olcamudp.sys [2000-02-09 12:55]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-06 14:37:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-18 00:32:27 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-18 00:32:27 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2004-04-16 04:01:05 C:\WINDOWS\Tasks\WebReg 20040416000105.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exeX/TaskName 20040416000105 /N
"2004-05-02 19:56:41 C:\WINDOWS\Tasks\WebReg 20040502155641.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exeX/TaskName 20040502155641 /N
"2004-05-17 22:39:25 C:\WINDOWS\Tasks\WebReg 20040517183925.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exeX/TaskName 20040517183925 /N
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 22:19:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-06 22:22:45
ComboFix-quarantined-files.txt 2008-07-07 02:22:21
ComboFix2.txt 2008-07-02 14:36:36
ComboFix3.txt 2008-07-02 14:09:33

Pre-Run: 11,595,063,296 bytes free
Post-Run: 11,585,155,072 bytes free

294 --- E O F --- 2008-06-30 02:06:30

Included are the new logs for malware bytes, combo fix, and hijackthis. I appreciate your help.

Author: SpotCheckBilly,

Posted: Mon Jul 07, 2008 10:13 pm Post subject:

Hello cyberbear2,

We need to disable Spybot S&D "Tea Timer" as it may interfere with the fix. Please do the following:

1. If you have version 1.5:

Right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol).

2. Click once on Resident Protection:

Right click the Spybot icon.
Make sure Resident Protection is now Unchecked.
The Spybot icon in the System tray should now be now colorless.

3. Go to Start=>All Programs=>Spybot - Search & Destroy=>Spybot Search & Destroy.
4. Click on Mode=>Advanced Mode.
5. At the prompt, click Yes.
6. On the left hand side, click on Tools.
7. Check (tick) this box if it is not yet ticked: Resident.
8. Resident is now added under Tools.
9. Click on Resident.
10. Uncheck (untick) this box: Resident "TeaTimer" (Protection of over-all system settings) active.
11. Exit Spybot Search & Destroy.
12. Restart your computer for the changes to take effect.

If you have version 1.4,
Click Mode=>Advanced Mode.
At the prompt, click Yes.
On the left hand side, click on Tools.
Check (tick) this box if it is not yet ticked: Resident.
Resident is now added under Tools.
Click on Resident.
Uncheck (untick) this box: Resident "TeaTimer" (Protection of over-all system settings) active.
Exit Spybot Search & Destroy.
Restart your computer for the changes to take effect.

Please DO NOT reenable Tea Timer.

Please Disable Trojan Hunter Guard:

1. Right-click on "Trojan Hunter Guard "icon in system tray. (Magnifying glass with red handle)
2. Select "Settings".
3. Uncheck "Load at startup" and "Enabled".

Please DO NOT reenable Trojan Hunter Guard.

****IMPORTANT****

Your McAfee Security Suite contains modules that do the same job as Tea Timer and Trojan Hunter Guard. Running more than one of this title program will cause conflicts, reduced overall system performance and very likely loss of system security. If desired, you can keep these around as on-demand scans along with SAS andMalwarebytes Anti-Malware.

Viewpoint is generally regarded as undesirable software. It is installed alongside programs like AIM6 whether you want it or not. Most of us recommend removing it.

Go to Add/Remove programs and remove(uninstall) anything with:

Viewpoint

In the name. Be careful not to remove any personal or system software.

Please perform the following:

Close any open browsers.

Open Notepad ( Not Word or WordPad) and copy/paste the text in the quotebox below into it:

Code:

File::
C:\WINDOWS\002570_.tmp
C:\WINDOWS\BM2b0a9209.xml

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000

Save this as CFScript.txt, save it to your desktop. Save it as file type: all files.
Drag CFScript into ComboFix.exe on your desktop.
When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Next, go to Start=>Run and type "Services.msc" (without quotes) then hit Ok

Scroll down and find the service called Lavasoft Ad-Aware Service (aawservice)
Right-click=> Stop.
Right click=>Properties area
Under the General Tab, in the "Startup Type" drop-down box:
Select Disabled.
Hit Apply=>Ok and close any open windows.

Run HiJackThis and click "Do a system scan only", then check(tick) the following, if present:

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

With all windows closed except