1
Tech Clinic / Rootkit.TDSS
« on: February 06, 2010, 03:21:17 PM »
Ok, I did what you instructed and they're gone now. Thanks again!
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
2
Tech Clinic / Rootkit.TDSS
« on: February 02, 2010, 03:25:55 AM »
Ok, here are the logs:
ESET:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16981 (vista_gdr.091215-2244)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=46741b9b224c804283064dd39b5fe66b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-02 08:20:41
# local_time=2010-02-02 12:20:41 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 51544910 51544910 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=76189
# found=8
# cleaned=8
# scan_time=2142
C:\QooBox\Quarantine\C\WINDOWS\system32\H8SRTvnssrhspcb.dll.vir a variant of Win32/Kryptik.BXQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\QooBox\Quarantine\C\WINDOWS\system32\H8SRTyemshiexbf.dll.vir Win32/Olmarik.SX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\QooBox\Quarantine\C\WINDOWS\system32\H8SRTypibegcmyl.dll.vir a variant of Win32/Kryptik.BXQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\H8SRToqxmbavmcy.sys.vir a variant of Win32/Olmarik.SR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7D607B74-8182-4A0E-99A6-1FF5338755DA}\RP360\A0071443.sys a variant of Win32/Olmarik.SR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7D607B74-8182-4A0E-99A6-1FF5338755DA}\RP360\A0071445.dll Win32/Olmarik.SX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7D607B74-8182-4A0E-99A6-1FF5338755DA}\RP360\A0071446.dll a variant of Win32/Kryptik.BXQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7D607B74-8182-4A0E-99A6-1FF5338755DA}\RP360\A0071447.dll a variant of Win32/Kryptik.BXQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
OTL:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BJCFD deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\mIRC\mirc.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTornado\btdownloadgui.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\ngo\Local Settings\Temp\WZSE0.TMP\SymNRT.exe not found.
========== FILES ==========
File\Folder C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->FireFox cache emptied: 2516490 bytes
User: All Users
User: ap
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: ngo
->Temp folder emptied: 577593 bytes
->Temporary Internet Files folder emptied: 140044697 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38686324 bytes
->Opera cache emptied: 45330489 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5567505 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 222.00 mb
OTL by OldTimer - Version 3.1.25.2 log created on 02012010_231337
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
And ComboFix:
ComboFix 10-01-29.05 - ngo 02/01/2010 23:26:02.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.479.162 [GMT -8:00]
Running from: c:\documents and settings\ngo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ngo\Desktop\CFScript.txt
FILE ::
"c:\windows\system32\drivers\lyvj.sys"
"c:\windows\system32\drivers\ssww.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_daiua
-------\Service_epcjlr
((((((((((((((((((((((((( Files Created from 2010-01-02 to 2010-02-02 )))))))))))))))))))))))))))))))
.
2010-02-02 07:22 . 2010-02-02 07:22 -------- d-----w- c:\program files\Common Files\Java
2010-02-02 07:22 . 2010-02-02 07:22 61440 ----a-w- c:\documents and settings\ngo\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28ee7280-n\decora-sse.dll
2010-02-02 07:22 . 2010-02-02 07:22 503808 ----a-w- c:\documents and settings\ngo\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-168f725d-n\msvcp71.dll
2010-02-02 07:22 . 2010-02-02 07:22 499712 ----a-w- c:\documents and settings\ngo\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-168f725d-n\jmc.dll
2010-02-02 07:22 . 2010-02-02 07:22 348160 ----a-w- c:\documents and settings\ngo\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-168f725d-n\msvcr71.dll
2010-02-02 07:22 . 2010-02-02 07:22 12800 ----a-w- c:\documents and settings\ngo\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28ee7280-n\decora-d3d.dll
2010-02-02 07:21 . 2010-02-02 07:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-02 07:21 . 2010-02-02 07:21 -------- d-----w- c:\program files\Java
2010-01-25 21:13 . 2010-01-25 21:23 -------- d-----w- C:\Combo-Fix
2010-01-15 06:23 . 2010-01-15 06:23 -------- d-----w- C:\VundoFix Backups
2010-01-14 08:34 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 08:34 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 08:34 . 2010-01-14 20:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 06:59 . 2010-01-14 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2010-01-12 23:58 . 2009-11-21 16:36 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-06 22:36 . 2010-02-02 07:32 -------- d-----w- c:\program files\ViStart
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\VisualTooltip
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\ViOrb
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\Vista Sidebar
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\LClock
2010-01-06 22:36 . 2007-04-15 09:30 6181376 ----a-w- c:\windows\system32\vistaui.exe
2010-01-06 22:23 . 2010-01-06 22:23 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-06 21:59 . 2010-01-06 21:59 -------- d-----w- c:\documents and settings\ngo\Application Data\ViGlance
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\ViSplore
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\ViStart(2)
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\Vista Rainbar
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\ViGlance
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\Vista Drive Icon
2010-01-05 10:00 . 2010-01-05 10:00 192512 -c----w- c:\windows\system32\dllcache\iepeers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 07:32 . 2009-05-24 19:36 -------- d-----w- c:\program files\DNA
2010-02-02 07:32 . 2009-05-24 19:36 -------- d-----w- c:\documents and settings\ngo\Application Data\DNA
2010-02-02 07:04 . 2005-03-19 06:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-02 07:02 . 2005-03-19 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-14 08:11 . 2007-06-15 03:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-14 08:06 . 2006-05-27 21:07 -------- d-----w- c:\program files\SpywareBlaster
2010-01-14 06:46 . 2006-10-01 06:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-14 06:46 . 2005-03-19 06:35 -------- d-----w- c:\program files\Lavasoft
2010-01-14 05:54 . 2007-11-25 06:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-06 22:36 . 2008-09-20 23:32 -------- d-----w- c:\program files\TrueTransparency
2010-01-06 22:36 . 2008-09-20 23:32 -------- d-----w- c:\program files\WinFlip
2010-01-06 22:36 . 2008-09-20 23:32 -------- d-----w- c:\program files\Styler
2010-01-06 21:59 . 2008-09-20 23:35 -------- d-----w- c:\documents and settings\ngo\Application Data\ViStart
2010-01-05 10:00 . 2004-08-23 19:13 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-23 19:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-23 19:13 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-29 07:54 . 2009-08-31 23:20 -------- d-----w- c:\documents and settings\ngo\Application Data\BitTorrent
2009-12-26 19:07 . 2008-09-21 08:28 -------- d-----w- c:\documents and settings\ngo\Application Data\Move Networks
2009-12-26 09:52 . 2009-12-26 09:52 144160 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\uninstall.exe
2009-12-26 09:52 . 2009-12-10 19:26 4187512 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\plugins\npqmp071505000011.dll
2009-12-26 09:52 . 2009-12-26 09:52 1438976 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\MoveMediaPlayerWin_071505000011.exe
2009-12-16 04:58 . 2009-12-16 04:55 -------- d-----w- c:\documents and settings\ngo\Application Data\Ventrilo
2009-12-16 04:54 . 2009-12-16 04:54 -------- d-----w- c:\program files\Ventrilo
2009-12-10 19:27 . 2009-12-10 19:27 97144 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-12-09 23:17 . 2008-09-20 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-21 16:36 . 2004-08-23 19:13 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
1999-07-07 00:00 . 1999-07-07 00:00 6 -csh--r- c:\windows\@@desktop.dat
1999-07-07 00:00 . 1999-07-07 00:00 6 -csh--r- c:\windows\@[email protected]
.
------- Sigcheck -------
[7] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[7] 2009-08-04 . D6B537A639D623ED85B73AF3E3BE4B94 . 2180352 . . [5.1.2600.3610] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-08-04 . D6B537A639D623ED85B73AF3E3BE4B94 . 2180352 . . [5.1.2600.3610] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-08-04 . 039B9E1E31DAEE0018B2779C8BF65C89 . 2147840 . . [5.1.2600.3610] . . c:\windows\system32\ntoskrnl.exe
[7] 2009-08-04 . 11CDD81560E766101F0032EB05872C1B . 2136064 . . [5.1.2600.3610] . . c:\windows\system32\VITrans\ntoskrnl.exe
[7] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-08-04 . 8DF112C341425F29DB4566B8D2A96A7F . 2185984 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . 16B5EBE97F243441264A8F8694C2F2AA . 2136064 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 . DD31AB4B91C2605601A3C108AF57A0C9 . 2136064 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntoskrnl.exe
[7] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 5FB20CABC9A81BAAABBE63F30FFC5284 . 2147840 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . 612C427014BB443153DCA528A4D37D13 . 2146816 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2005-03-02 . 48B3E89AF7074CEE0314A3E0C7FAFFDB . 2135552 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[7] 2004-08-04 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[7] 2004-08-04 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ntoskrnl.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 7159508EEBB8E80DE73A0A48D581ED50 . 1423360 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\system32\VITrans\explorer.exe
[-] 2004-08-04 . 4B0011B8E35843966A3CE5685058420F . 1422336 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2009-08-05 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe
[-] 2009-08-04 . 2A7AA4C4FC05B819E56045F4856D92B6 . 2027520 . . [5.1.2600.3610] . . c:\windows\system32\ntkrnlpa.exe
[7] 2009-08-04 . E832C72D32FA117CB0D033C5EA95B58F . 2015744 . . [5.1.2600.3610] . . c:\windows\system32\VITrans\ntkrnlpa.exe
[7] 2009-08-04 . B0BD27AA04C1B8E857C1DADEF4EF2159 . 2057728 . . [5.1.2600.3610] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-08-04 . B0BD27AA04C1B8E857C1DADEF4EF2159 . 2057728 . . [5.1.2600.3610] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-08-04 . 97E912E94CCED4064F5DEEE5C25A9278 . 2062976 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 . B238AB60093BABFE76AEC8F34B4D399D . 2015744 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 . DC097A896A03B8277457D228FD12D4E6 . 2015744 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntkrnlpa.exe
[7] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . 54A8B9806027049F8B19F1274A63C7B4 . 2027520 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . 44B54761A335D89C0CFB7364B23B0128 . 2026496 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2005-03-02 . 3CD941E472DDF3534E53038535719771 . 2015232 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[7] 2004-08-04 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[7] 2004-08-04 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-20 128000]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536]
"ViStart"="c:\program files\ViStart\ViStart.exe" [2007-11-27 593920]
"ViOrb"="c:\program files\ViOrb\ViOrb.exe" [2007-11-19 163840]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-14 323392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-08-02 49152]
"VTTrayp"="VTtrayp.exe" [2004-08-02 143360]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536]
"FLMOFFICE4DMOUSE"="c:\program files\Browser Mouse\moffice.exe" [2007-04-15 806912]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"Glass2k"="c:\documents and settings\ngo\My Documents\Downloads\Glass2k.exe" [2007-04-06 56325]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
c:\documents and settings\Anh Pham\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-8 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo Scheduler server.lnk
backup=c:\windows\pss\InterVideo Scheduler server.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]
2007-04-06 01:24 56325 ----a-w- c:\documents and settings\ngo\My Documents\Downloads\Glass2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2002-08-12 18:07 36864 ----a-w- c:\program files\Scansoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-09-20 00:34 4347120 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2002-08-12 17:33 45108 ----a-w- c:\program files\Scansoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
2007-11-20 21:51 524288 ----a-w- c:\program files\Vista Sidebar\sidebar.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\WINDOWS\\system32\\P3MxSvr.exe"=
"c:\\WINDOWS\\system32\\p3mxvsvr.exe"=
"c:\\WINDOWS\\system32\\mnetasvr.exe"=
"c:\\WINDOWS\\system32\\mnetvsvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:UDP"= 5000:UDP:Yahoo Voice
S2 PortTalk;PortTalk;
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [11/8/2004 5:10 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [11/8/2004 5:10 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [11/8/2004 5:10 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [11/8/2004 5:10 PM 10368]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
uDefault_Search_URL = hxxp://ie.search.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {0B96BF84-DA5C-46F4-A7FC-5319CFF74163} - hxxp://player.mnet.com/package/cjmuset.cab
DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} - hxxp://www.mnet.com/Ver2/App/totalApp/maxhelper/maxhelper.cab
DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} - hxxp://live.pdbox.co.kr:8057/AFCStarter.cab
FF - ProfilePath - c:\documents and settings\ngo\Application Data\Mozilla\Firefox\Profiles\h1ooj7gl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - plugin: c:\documents and settings\ngo\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 23:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2946896428-4015859676-2471532444-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\cscui.dll
- - - - - - - > 'explorer.exe'(352)
c:\windows\system32\WININET.dll
c:\program files\ViStart\MainHook.Dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\program files\LClock\LC.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Browser Mouse\MOUDL32A.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\VTTimer.exe
c:\program files\Browser Mouse\MOUSE32A.DAT
c:\windows\system32\ZuneBusEnum.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-01 23:37:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-02 07:37
ComboFix2.txt 2010-01-30 06:47
ComboFix3.txt 2010-01-25 21:23
ComboFix4.txt 2008-06-06 23:05
Pre-Run: 112,903,077,888 bytes free
Post-Run: 112,878,338,048 bytes free
- - End Of File - - 6B5E332AF53602A5579578A295F866A0
Everything runs a bit better now. Thank you so much!!
ESET:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16981 (vista_gdr.091215-2244)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=46741b9b224c804283064dd39b5fe66b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-02 08:20:41
# local_time=2010-02-02 12:20:41 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 51544910 51544910 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=76189
# found=8
# cleaned=8
# scan_time=2142
C:\QooBox\Quarantine\C\WINDOWS\system32\H8SRTvnssrhspcb.dll.vir a variant of Win32/Kryptik.BXQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\QooBox\Quarantine\C\WINDOWS\system32\H8SRTyemshiexbf.dll.vir Win32/Olmarik.SX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\QooBox\Quarantine\C\WINDOWS\system32\H8SRTypibegcmyl.dll.vir a variant of Win32/Kryptik.BXQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\H8SRToqxmbavmcy.sys.vir a variant of Win32/Olmarik.SR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7D607B74-8182-4A0E-99A6-1FF5338755DA}\RP360\A0071443.sys a variant of Win32/Olmarik.SR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7D607B74-8182-4A0E-99A6-1FF5338755DA}\RP360\A0071445.dll Win32/Olmarik.SX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7D607B74-8182-4A0E-99A6-1FF5338755DA}\RP360\A0071446.dll a variant of Win32/Kryptik.BXQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7D607B74-8182-4A0E-99A6-1FF5338755DA}\RP360\A0071447.dll a variant of Win32/Kryptik.BXQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
OTL:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BJCFD deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\mIRC\mirc.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTornado\btdownloadgui.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\ngo\Local Settings\Temp\WZSE0.TMP\SymNRT.exe not found.
========== FILES ==========
File\Folder C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->FireFox cache emptied: 2516490 bytes
User: All Users
User: ap
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: ngo
->Temp folder emptied: 577593 bytes
->Temporary Internet Files folder emptied: 140044697 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38686324 bytes
->Opera cache emptied: 45330489 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5567505 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 222.00 mb
OTL by OldTimer - Version 3.1.25.2 log created on 02012010_231337
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
And ComboFix:
ComboFix 10-01-29.05 - ngo 02/01/2010 23:26:02.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.479.162 [GMT -8:00]
Running from: c:\documents and settings\ngo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ngo\Desktop\CFScript.txt
FILE ::
"c:\windows\system32\drivers\lyvj.sys"
"c:\windows\system32\drivers\ssww.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_daiua
-------\Service_epcjlr
((((((((((((((((((((((((( Files Created from 2010-01-02 to 2010-02-02 )))))))))))))))))))))))))))))))
.
2010-02-02 07:22 . 2010-02-02 07:22 -------- d-----w- c:\program files\Common Files\Java
2010-02-02 07:22 . 2010-02-02 07:22 61440 ----a-w- c:\documents and settings\ngo\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28ee7280-n\decora-sse.dll
2010-02-02 07:22 . 2010-02-02 07:22 503808 ----a-w- c:\documents and settings\ngo\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-168f725d-n\msvcp71.dll
2010-02-02 07:22 . 2010-02-02 07:22 499712 ----a-w- c:\documents and settings\ngo\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-168f725d-n\jmc.dll
2010-02-02 07:22 . 2010-02-02 07:22 348160 ----a-w- c:\documents and settings\ngo\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-168f725d-n\msvcr71.dll
2010-02-02 07:22 . 2010-02-02 07:22 12800 ----a-w- c:\documents and settings\ngo\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28ee7280-n\decora-d3d.dll
2010-02-02 07:21 . 2010-02-02 07:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-02 07:21 . 2010-02-02 07:21 -------- d-----w- c:\program files\Java
2010-01-25 21:13 . 2010-01-25 21:23 -------- d-----w- C:\Combo-Fix
2010-01-15 06:23 . 2010-01-15 06:23 -------- d-----w- C:\VundoFix Backups
2010-01-14 08:34 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 08:34 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 08:34 . 2010-01-14 20:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 06:59 . 2010-01-14 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2010-01-12 23:58 . 2009-11-21 16:36 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-06 22:36 . 2010-02-02 07:32 -------- d-----w- c:\program files\ViStart
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\VisualTooltip
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\ViOrb
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\Vista Sidebar
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\LClock
2010-01-06 22:36 . 2007-04-15 09:30 6181376 ----a-w- c:\windows\system32\vistaui.exe
2010-01-06 22:23 . 2010-01-06 22:23 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-06 21:59 . 2010-01-06 21:59 -------- d-----w- c:\documents and settings\ngo\Application Data\ViGlance
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\ViSplore
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\ViStart(2)
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\Vista Rainbar
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\ViGlance
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\Vista Drive Icon
2010-01-05 10:00 . 2010-01-05 10:00 192512 -c----w- c:\windows\system32\dllcache\iepeers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 07:32 . 2009-05-24 19:36 -------- d-----w- c:\program files\DNA
2010-02-02 07:32 . 2009-05-24 19:36 -------- d-----w- c:\documents and settings\ngo\Application Data\DNA
2010-02-02 07:04 . 2005-03-19 06:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-02 07:02 . 2005-03-19 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-14 08:11 . 2007-06-15 03:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-14 08:06 . 2006-05-27 21:07 -------- d-----w- c:\program files\SpywareBlaster
2010-01-14 06:46 . 2006-10-01 06:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-14 06:46 . 2005-03-19 06:35 -------- d-----w- c:\program files\Lavasoft
2010-01-14 05:54 . 2007-11-25 06:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-06 22:36 . 2008-09-20 23:32 -------- d-----w- c:\program files\TrueTransparency
2010-01-06 22:36 . 2008-09-20 23:32 -------- d-----w- c:\program files\WinFlip
2010-01-06 22:36 . 2008-09-20 23:32 -------- d-----w- c:\program files\Styler
2010-01-06 21:59 . 2008-09-20 23:35 -------- d-----w- c:\documents and settings\ngo\Application Data\ViStart
2010-01-05 10:00 . 2004-08-23 19:13 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-23 19:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-23 19:13 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-29 07:54 . 2009-08-31 23:20 -------- d-----w- c:\documents and settings\ngo\Application Data\BitTorrent
2009-12-26 19:07 . 2008-09-21 08:28 -------- d-----w- c:\documents and settings\ngo\Application Data\Move Networks
2009-12-26 09:52 . 2009-12-26 09:52 144160 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\uninstall.exe
2009-12-26 09:52 . 2009-12-10 19:26 4187512 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\plugins\npqmp071505000011.dll
2009-12-26 09:52 . 2009-12-26 09:52 1438976 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\MoveMediaPlayerWin_071505000011.exe
2009-12-16 04:58 . 2009-12-16 04:55 -------- d-----w- c:\documents and settings\ngo\Application Data\Ventrilo
2009-12-16 04:54 . 2009-12-16 04:54 -------- d-----w- c:\program files\Ventrilo
2009-12-10 19:27 . 2009-12-10 19:27 97144 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-12-09 23:17 . 2008-09-20 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-21 16:36 . 2004-08-23 19:13 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
1999-07-07 00:00 . 1999-07-07 00:00 6 -csh--r- c:\windows\@@desktop.dat
1999-07-07 00:00 . 1999-07-07 00:00 6 -csh--r- c:\windows\@[email protected]
.
------- Sigcheck -------
[7] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[7] 2009-08-04 . D6B537A639D623ED85B73AF3E3BE4B94 . 2180352 . . [5.1.2600.3610] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-08-04 . D6B537A639D623ED85B73AF3E3BE4B94 . 2180352 . . [5.1.2600.3610] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-08-04 . 039B9E1E31DAEE0018B2779C8BF65C89 . 2147840 . . [5.1.2600.3610] . . c:\windows\system32\ntoskrnl.exe
[7] 2009-08-04 . 11CDD81560E766101F0032EB05872C1B . 2136064 . . [5.1.2600.3610] . . c:\windows\system32\VITrans\ntoskrnl.exe
[7] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-08-04 . 8DF112C341425F29DB4566B8D2A96A7F . 2185984 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . 16B5EBE97F243441264A8F8694C2F2AA . 2136064 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 . DD31AB4B91C2605601A3C108AF57A0C9 . 2136064 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntoskrnl.exe
[7] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 5FB20CABC9A81BAAABBE63F30FFC5284 . 2147840 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . 612C427014BB443153DCA528A4D37D13 . 2146816 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2005-03-02 . 48B3E89AF7074CEE0314A3E0C7FAFFDB . 2135552 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[7] 2004-08-04 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[7] 2004-08-04 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ntoskrnl.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 7159508EEBB8E80DE73A0A48D581ED50 . 1423360 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\system32\VITrans\explorer.exe
[-] 2004-08-04 . 4B0011B8E35843966A3CE5685058420F . 1422336 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2009-08-05 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe
[-] 2009-08-04 . 2A7AA4C4FC05B819E56045F4856D92B6 . 2027520 . . [5.1.2600.3610] . . c:\windows\system32\ntkrnlpa.exe
[7] 2009-08-04 . E832C72D32FA117CB0D033C5EA95B58F . 2015744 . . [5.1.2600.3610] . . c:\windows\system32\VITrans\ntkrnlpa.exe
[7] 2009-08-04 . B0BD27AA04C1B8E857C1DADEF4EF2159 . 2057728 . . [5.1.2600.3610] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-08-04 . B0BD27AA04C1B8E857C1DADEF4EF2159 . 2057728 . . [5.1.2600.3610] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-08-04 . 97E912E94CCED4064F5DEEE5C25A9278 . 2062976 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 . B238AB60093BABFE76AEC8F34B4D399D . 2015744 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 . DC097A896A03B8277457D228FD12D4E6 . 2015744 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntkrnlpa.exe
[7] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . 54A8B9806027049F8B19F1274A63C7B4 . 2027520 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . 44B54761A335D89C0CFB7364B23B0128 . 2026496 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2005-03-02 . 3CD941E472DDF3534E53038535719771 . 2015232 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[7] 2004-08-04 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[7] 2004-08-04 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-20 128000]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536]
"ViStart"="c:\program files\ViStart\ViStart.exe" [2007-11-27 593920]
"ViOrb"="c:\program files\ViOrb\ViOrb.exe" [2007-11-19 163840]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-14 323392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-08-02 49152]
"VTTrayp"="VTtrayp.exe" [2004-08-02 143360]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536]
"FLMOFFICE4DMOUSE"="c:\program files\Browser Mouse\moffice.exe" [2007-04-15 806912]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"Glass2k"="c:\documents and settings\ngo\My Documents\Downloads\Glass2k.exe" [2007-04-06 56325]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
c:\documents and settings\Anh Pham\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-8 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo Scheduler server.lnk
backup=c:\windows\pss\InterVideo Scheduler server.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]
2007-04-06 01:24 56325 ----a-w- c:\documents and settings\ngo\My Documents\Downloads\Glass2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2002-08-12 18:07 36864 ----a-w- c:\program files\Scansoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-09-20 00:34 4347120 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2002-08-12 17:33 45108 ----a-w- c:\program files\Scansoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
2007-11-20 21:51 524288 ----a-w- c:\program files\Vista Sidebar\sidebar.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\WINDOWS\\system32\\P3MxSvr.exe"=
"c:\\WINDOWS\\system32\\p3mxvsvr.exe"=
"c:\\WINDOWS\\system32\\mnetasvr.exe"=
"c:\\WINDOWS\\system32\\mnetvsvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:UDP"= 5000:UDP:Yahoo Voice
S2 PortTalk;PortTalk;
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [11/8/2004 5:10 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [11/8/2004 5:10 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [11/8/2004 5:10 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [11/8/2004 5:10 PM 10368]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
uDefault_Search_URL = hxxp://ie.search.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {0B96BF84-DA5C-46F4-A7FC-5319CFF74163} - hxxp://player.mnet.com/package/cjmuset.cab
DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} - hxxp://www.mnet.com/Ver2/App/totalApp/maxhelper/maxhelper.cab
DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} - hxxp://live.pdbox.co.kr:8057/AFCStarter.cab
FF - ProfilePath - c:\documents and settings\ngo\Application Data\Mozilla\Firefox\Profiles\h1ooj7gl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - plugin: c:\documents and settings\ngo\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 23:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2946896428-4015859676-2471532444-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\cscui.dll
- - - - - - - > 'explorer.exe'(352)
c:\windows\system32\WININET.dll
c:\program files\ViStart\MainHook.Dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\program files\LClock\LC.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Browser Mouse\MOUDL32A.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\VTTimer.exe
c:\program files\Browser Mouse\MOUSE32A.DAT
c:\windows\system32\ZuneBusEnum.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-01 23:37:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-02 07:37
ComboFix2.txt 2010-01-30 06:47
ComboFix3.txt 2010-01-25 21:23
ComboFix4.txt 2008-06-06 23:05
Pre-Run: 112,903,077,888 bytes free
Post-Run: 112,878,338,048 bytes free
- - End Of File - - 6B5E332AF53602A5579578A295F866A0
Everything runs a bit better now. Thank you so much!!
3
Tech Clinic / Rootkit.TDSS
« on: January 30, 2010, 05:17:48 PM »
Ok, I did what you instructed but neither of the two showed up.
4
Tech Clinic / Rootkit.TDSS
« on: January 30, 2010, 01:49:59 AM »
Here it is.
ComboFix 10-01-29.05 - ngo 01/29/2010 22:38:10.4.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.479.206 [GMT -8:00]
Running from: c:\documents and settings\ngo\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-30 )))))))))))))))))))))))))))))))
.
2010-01-25 21:13 . 2010-01-25 21:23 -------- d-----w- C:\Combo-Fix
2010-01-15 06:23 . 2010-01-15 06:23 -------- d-----w- C:\VundoFix Backups
2010-01-14 08:34 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 08:34 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 08:34 . 2010-01-14 20:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 06:59 . 2010-01-14 06:59 -------- d-----w- c:\documents and settings\ngo\Application Data\Grisoft
2010-01-14 06:59 . 2007-05-30 12:10 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys
2010-01-14 06:59 . 2010-01-14 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2010-01-12 23:58 . 2009-11-21 16:36 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-06 22:36 . 2010-01-26 06:08 -------- d-----w- c:\program files\ViStart
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\VisualTooltip
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\ViOrb
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\Vista Sidebar
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\LClock
2010-01-06 22:36 . 2007-04-15 09:30 6181376 ----a-w- c:\windows\system32\vistaui.exe
2010-01-06 22:23 . 2010-01-06 22:23 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-06 22:23 . 2010-01-06 22:23 -------- d-----w- c:\program files\Red Kawa
2010-01-06 22:23 . 2010-01-06 22:23 -------- d-----w- c:\documents and settings\ngo\Application Data\Red Kawa
2010-01-06 21:59 . 2010-01-06 21:59 -------- d-----w- c:\documents and settings\ngo\Application Data\ViGlance
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\ViSplore
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\ViStart(2)
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\Vista Rainbar
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\ViGlance
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\Vista Drive Icon
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 06:08 . 2009-05-24 19:36 -------- d-----w- c:\program files\DNA
2010-01-26 06:08 . 2009-05-24 19:36 -------- d-----w- c:\documents and settings\ngo\Application Data\DNA
2010-01-14 21:17 . 2005-03-19 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-14 08:11 . 2007-06-15 03:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-14 08:06 . 2006-05-27 21:07 -------- d-----w- c:\program files\SpywareBlaster
2010-01-14 06:46 . 2006-10-01 06:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-14 06:46 . 2005-03-19 06:35 -------- d-----w- c:\program files\Lavasoft
2010-01-14 06:27 . 2005-03-19 06:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-14 05:54 . 2007-11-25 06:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-06 22:36 . 2008-09-20 23:32 -------- d-----w- c:\program files\TrueTransparency
2010-01-06 22:36 . 2008-09-20 23:32 -------- d-----w- c:\program files\WinFlip
2010-01-06 22:36 . 2008-09-20 23:32 -------- d-----w- c:\program files\Styler
2010-01-06 21:59 . 2008-09-20 23:35 -------- d-----w- c:\documents and settings\ngo\Application Data\ViStart
2009-12-29 07:54 . 2009-08-31 23:20 -------- d-----w- c:\documents and settings\ngo\Application Data\BitTorrent
2009-12-26 19:07 . 2008-09-21 08:28 -------- d-----w- c:\documents and settings\ngo\Application Data\Move Networks
2009-12-26 09:52 . 2009-12-26 09:52 144160 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\uninstall.exe
2009-12-26 09:52 . 2009-12-10 19:26 4187512 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\plugins\npqmp071505000011.dll
2009-12-26 09:52 . 2009-12-26 09:52 1438976 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\MoveMediaPlayerWin_071505000011.exe
2009-12-16 04:58 . 2009-12-16 04:55 -------- d-----w- c:\documents and settings\ngo\Application Data\Ventrilo
2009-12-16 04:54 . 2009-12-16 04:54 -------- d-----w- c:\program files\Ventrilo
2009-12-10 19:27 . 2009-12-10 19:27 97144 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-12-09 23:17 . 2008-09-20 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-21 16:36 . 2004-08-23 19:13 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
1999-07-07 00:00 . 1999-07-07 00:00 6 -csh--r- c:\windows\@@desktop.dat
1999-07-07 00:00 . 1999-07-07 00:00 6 -csh--r- c:\windows\@[email protected]
.
------- Sigcheck -------
[-] 2010-01-05 . 3B8259EF10C0F1425395981E40ED0EAA . 3599360 . . [7.00.6000.16981] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3gdr\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3qfe\mshtml.dll
[-] 2009-10-29 . 481C18143B26747E28779822D7520363 . 3807232 . . [7.00.6000.16945] . . c:\windows\system32\mshtml.dll
[7] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\system32\VITrans\mshtml.dll
[7] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2009-10-29 . 8B48737260C273C9B0DACA84EA1CCDBD . 3602432 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
[7] 2009-10-21 . 36145D2D908FB8A24772F04842366918 . 3598336 . . [7.00.6000.16939] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll
[7] 2009-10-21 . E6453EE08B283419171889786D057A75 . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
[7] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll
[7] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
[7] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[7] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[7] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[7] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[7] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[7] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[7] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[7] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[7] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[7] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[7] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[7] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[7] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[7] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . F321AD4A3FB4A196A34AC103BC52A3D2 . 3801088 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[7] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[7] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[7] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mshtml.dll
[7] 2008-03-02 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[7] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[7] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[7] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[7] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[7] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[7] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[7] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[7] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[7] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[7] 2007-05-08 . 1D4E3B86C601A2497C99790CC4D7DF26 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[7] 2007-05-08 . 5D90A7200F72DACE663EE78DE234FCC7 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[7] 2007-03-07 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[-] 2007-03-07 . DA1F163730850E4901C72C2D8D4EA0DD . 3790848 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-01-12 . BE795BAF50B026D0822F45E050C307D3 . 3789312 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[7] 2007-01-04 . 1C45525574EF206346FBAFCAAC7CC4A5 . 3062272 . . [6.00.2900.3059] . . c:\windows\$hf_mig$\KB928090\SP2QFE\mshtml.dll
[7] 2007-01-04 . 1C45525574EF206346FBAFCAAC7CC4A5 . 3062272 . . [6.00.2900.3059] . . c:\windows\ie7\mshtml.dll
[7] 2007-01-04 . F31274D7667D83E73C6EE16D2206B76C . 3056640 . . [6.00.2900.3059] . . c:\windows\$NtUninstallKB928090$\mshtml.dll
[7] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[7] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\mshtml.dll
[7] 2006-10-23 . 5FC7DE1195C8E9B5360FD65DBE95E5B0 . 3055104 . . [6.00.2900.3020] . . c:\windows\$NtUninstallKB928090_0$\mshtml.dll
[7] 2006-09-14 . BE45460D1453B7342E01EAE79BFBC681 . 3054592 . . [6.00.2900.2995] . . c:\windows\$NtUninstallKB925454$\mshtml.dll
[7] 2006-09-14 . CEFEA1C301139A817931BE132F0359FE . 3058688 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll
[-] 2006-07-28 . D251679BD9EF0250201FB899EC40FD32 . 3058176 . . [6.00.2900.2963] . . c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll
[-] 2006-07-28 . C7074DA3D8F8C0F6C03874BA0B05069C . 3054080 . . [6.00.2900.2963] . . c:\windows\$NtUninstallKB922760$\mshtml.dll
[-] 2006-07-28 . C7074DA3D8F8C0F6C03874BA0B05069C . 3054080 . . [6.00.2900.2963] . . c:\windows\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\backup\mshtml.dll
[7] 2006-05-19 . 284CE76B71DD5260B42A3CCF0135AF67 . 3052544 . . [6.00.2900.2912] . . c:\windows\$NtUninstallKB918899$\mshtml.dll
[7] 2006-05-19 . 8687E029BE63C77D4919485068C54D77 . 3055104 . . [6.00.2900.2912] . . c:\windows\$hf_mig$\KB916281\SP2QFE\mshtml.dll
[7] 2006-03-23 . DEAA438EA31095E14A196FF647E38D13 . 3053568 . . [6.00.2900.2873] . . c:\windows\$NtUninstallKB916281$\mshtml.dll
[7] 2006-03-23 . ABCD123F888E4E97C8751378CCCC4F26 . 3055616 . . [6.00.2900.2873] . . c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[7] 2005-11-24 . D3F037F5DA702AE9DDD7663EC9D78BA7 . 3018240 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[7] 2005-11-24 . 5E7A39950EA133BB54719A6E08C544A7 . 3015680 . . [6.00.2900.2802] . . c:\windows\$NtUninstallKB912812$\mshtml.dll
[7] 2005-10-05 . 3394299FBF1CD0B24089FC762611360B . 3017728 . . [6.00.2900.2769] . . c:\windows\$hf_mig$\KB896688\SP2QFE\mshtml.dll
[7] 2005-10-05 . 042AC20E084D21DD6BEE99B89CC30FB7 . 3015168 . . [6.00.2900.2769] . . c:\windows\$NtUninstallKB905915$\mshtml.dll
[7] 2005-07-20 . A14A7A206AE22DE4FE563E44CFC7DDF5 . 3016192 . . [6.00.2900.2722] . . c:\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll
[7] 2005-07-20 . 31E7520E58E5E4DFA93215A6D5603AF2 . 3014144 . . [6.00.2900.2722] . . c:\windows\$NtUninstallKB896688$\mshtml.dll
[7] 2005-05-02 . DCC5C79B99F02EEF8C826B074DBFC222 . 3014144 . . [6.00.2900.2668] . . c:\windows\$hf_mig$\KB883939\SP2QFE\mshtml.dll
[7] 2005-05-02 . DCFAC5470EE0A159EC4222BC28AE3EE6 . 3012608 . . [6.00.2900.2668] . . c:\windows\$NtUninstallKB896727$\mshtml.dll
[7] 2005-03-10 . 84A1B9B0C362051E68BB131F14C6DAAD . 3010560 . . [6.00.2900.2627] . . c:\windows\$NtUninstallKB883939$\mshtml.dll
[7] 2005-03-10 . 255C2CE965543ABDC3E0A25A5DA1874A . 3011072 . . [6.00.2900.2627] . . c:\windows\$hf_mig$\KB890923\SP2QFE\mshtml.dll
[7] 2005-01-27 . FAE3CA9B2459581C45B3A8845BE3077C . 3006976 . . [6.00.2900.2604] . . c:\windows\$NtUninstallKB890923$\mshtml.dll
[7] 2005-01-27 . 91C5ADE25BC4E3322577854FA2E7B58B . 3008000 . . [6.00.2900.2604] . . c:\windows\$hf_mig$\KB867282\SP2QFE\mshtml.dll
[7] 2004-09-29 . 087FF7C54E7EBE4A59BD4DFC1D0EE9B8 . 3004928 . . [6.00.2900.2524] . . c:\windows\$hf_mig$\KB834707\SP2QFE\mshtml.dll
[7] 2004-09-29 . D94E6405E420373161467ACD3DA65640 . 3004928 . . [6.00.2900.2523] . . c:\windows\$NtUninstallKB867282$\mshtml.dll
[7] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB834707$\mshtml.dll
[7] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[7] 2009-08-04 . D6B537A639D623ED85B73AF3E3BE4B94 . 2180352 . . [5.1.2600.3610] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-08-04 . D6B537A639D623ED85B73AF3E3BE4B94 . 2180352 . . [5.1.2600.3610] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-08-04 . 039B9E1E31DAEE0018B2779C8BF65C89 . 2147840 . . [5.1.2600.3610] . . c:\windows\system32\ntoskrnl.exe
[7] 2009-08-04 . 11CDD81560E766101F0032EB05872C1B . 2136064 . . [5.1.2600.3610] . . c:\windows\system32\VITrans\ntoskrnl.exe
[7] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-08-04 . 8DF112C341425F29DB4566B8D2A96A7F . 2185984 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . 16B5EBE97F243441264A8F8694C2F2AA . 2136064 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 . DD31AB4B91C2605601A3C108AF57A0C9 . 2136064 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntoskrnl.exe
[7] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 5FB20CABC9A81BAAABBE63F30FFC5284 . 2147840 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . 612C427014BB443153DCA528A4D37D13 . 2146816 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2005-03-02 . 48B3E89AF7074CEE0314A3E0C7FAFFDB . 2135552 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[7] 2004-08-04 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[7] 2004-08-04 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ntoskrnl.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 7159508EEBB8E80DE73A0A48D581ED50 . 1423360 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\system32\VITrans\explorer.exe
[-] 2004-08-04 . 4B0011B8E35843966A3CE5685058420F . 1422336 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2009-08-05 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe
[-] 2009-08-04 . 2A7AA4C4FC05B819E56045F4856D92B6 . 2027520 . . [5.1.2600.3610] . . c:\windows\system32\ntkrnlpa.exe
[7] 2009-08-04 . E832C72D32FA117CB0D033C5EA95B58F . 2015744 . . [5.1.2600.3610] . . c:\windows\system32\VITrans\ntkrnlpa.exe
[7] 2009-08-04 . B0BD27AA04C1B8E857C1DADEF4EF2159 . 2057728 . . [5.1.2600.3610] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-08-04 . B0BD27AA04C1B8E857C1DADEF4EF2159 . 2057728 . . [5.1.2600.3610] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-08-04 . 97E912E94CCED4064F5DEEE5C25A9278 . 2062976 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 . B238AB60093BABFE76AEC8F34B4D399D . 2015744 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 . DC097A896A03B8277457D228FD12D4E6 . 2015744 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntkrnlpa.exe
[7] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . 54A8B9806027049F8B19F1274A63C7B4 . 2027520 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . 44B54761A335D89C0CFB7364B23B0128 . 2026496 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2005-03-02 . 3CD941E472DDF3534E53038535719771 . 2015232 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[7] 2004-08-04 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[7] 2004-08-04 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-20 128000]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536]
"ViStart"="c:\program files\ViStart\ViStart.exe" [2007-11-27 593920]
"ViOrb"="c:\program files\ViOrb\ViOrb.exe" [2007-11-19 163840]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-14 323392]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-08-02 49152]
"VTTrayp"="VTtrayp.exe" [2004-08-02 143360]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536]
"FLMOFFICE4DMOUSE"="c:\program files\Browser Mouse\moffice.exe" [2007-04-15 806912]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"Glass2k"="c:\documents and settings\ngo\My Documents\Downloads\Glass2k.exe" [2007-04-06 56325]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
c:\documents and settings\Anh Pham\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-8 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo Scheduler server.lnk
backup=c:\windows\pss\InterVideo Scheduler server.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]
2007-04-06 01:24 56325 ----a-w- c:\documents and settings\ngo\My Documents\Downloads\Glass2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2002-08-12 18:07 36864 ----a-w- c:\program files\Scansoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-09-20 00:34 4347120 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2002-08-12 17:33 45108 ----a-w- c:\program files\Scansoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
2007-11-20 21:51 524288 ----a-w- c:\program files\Vista Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\WINDOWS\\system32\\P3MxSvr.exe"=
"c:\\WINDOWS\\system32\\p3mxvsvr.exe"=
"c:\\WINDOWS\\system32\\mnetasvr.exe"=
"c:\\WINDOWS\\system32\\mnetvsvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:UDP"= 5000:UDP:Yahoo Voice
S0 daiua;daiua;c:\windows\system32\drivers\lyvj.sys --> c:\windows\system32\drivers\lyvj.sys [?]
S0 epcjlr;epcjlr;c:\windows\system32\drivers\ssww.sys --> c:\windows\system32\drivers\ssww.sys [?]
S2 PortTalk;PortTalk;
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [11/8/2004 5:10 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [11/8/2004 5:10 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [11/8/2004 5:10 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [11/8/2004 5:10 PM 10368]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
uDefault_Search_URL = hxxp://ie.search.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0B96BF84-DA5C-46F4-A7FC-5319CFF74163} - hxxp://player.mnet.com/package/cjmuset.cab
DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} - hxxp://www.mnet.com/Ver2/App/totalApp/maxhelper/maxhelper.cab
DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} - hxxp://live.pdbox.co.kr:8057/AFCStarter.cab
FF - ProfilePath - c:\documents and settings\ngo\Application Data\Mozilla\Firefox\Profiles\h1ooj7gl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 22:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2946896428-4015859676-2471532444-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(440)
c:\windows\system32\cscui.dll
- - - - - - - > 'explorer.exe'(1188)
c:\windows\system32\WININET.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\msi.dll
.
Completion time: 2010-01-29 22:47:13
ComboFix-quarantined-files.txt 2010-01-30 06:47
ComboFix2.txt 2010-01-25 21:23
ComboFix3.txt 2008-06-06 23:05
Pre-Run: 111,972,597,760 bytes free
Post-Run: 111,948,505,088 bytes free
- - End Of File - - 5950B3E7F3F34BFD40E3B46FEEEA9FCA
ComboFix 10-01-29.05 - ngo 01/29/2010 22:38:10.4.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.479.206 [GMT -8:00]
Running from: c:\documents and settings\ngo\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-30 )))))))))))))))))))))))))))))))
.
2010-01-25 21:13 . 2010-01-25 21:23 -------- d-----w- C:\Combo-Fix
2010-01-15 06:23 . 2010-01-15 06:23 -------- d-----w- C:\VundoFix Backups
2010-01-14 08:34 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 08:34 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 08:34 . 2010-01-14 20:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 06:59 . 2010-01-14 06:59 -------- d-----w- c:\documents and settings\ngo\Application Data\Grisoft
2010-01-14 06:59 . 2007-05-30 12:10 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys
2010-01-14 06:59 . 2010-01-14 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2010-01-12 23:58 . 2009-11-21 16:36 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-06 22:36 . 2010-01-26 06:08 -------- d-----w- c:\program files\ViStart
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\VisualTooltip
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\ViOrb
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\Vista Sidebar
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\LClock
2010-01-06 22:36 . 2007-04-15 09:30 6181376 ----a-w- c:\windows\system32\vistaui.exe
2010-01-06 22:23 . 2010-01-06 22:23 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-06 22:23 . 2010-01-06 22:23 -------- d-----w- c:\program files\Red Kawa
2010-01-06 22:23 . 2010-01-06 22:23 -------- d-----w- c:\documents and settings\ngo\Application Data\Red Kawa
2010-01-06 21:59 . 2010-01-06 21:59 -------- d-----w- c:\documents and settings\ngo\Application Data\ViGlance
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\ViSplore
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\ViStart(2)
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\Vista Rainbar
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\ViGlance
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\Vista Drive Icon
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 06:08 . 2009-05-24 19:36 -------- d-----w- c:\program files\DNA
2010-01-26 06:08 . 2009-05-24 19:36 -------- d-----w- c:\documents and settings\ngo\Application Data\DNA
2010-01-14 21:17 . 2005-03-19 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-14 08:11 . 2007-06-15 03:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-14 08:06 . 2006-05-27 21:07 -------- d-----w- c:\program files\SpywareBlaster
2010-01-14 06:46 . 2006-10-01 06:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-14 06:46 . 2005-03-19 06:35 -------- d-----w- c:\program files\Lavasoft
2010-01-14 06:27 . 2005-03-19 06:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-14 05:54 . 2007-11-25 06:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-06 22:36 . 2008-09-20 23:32 -------- d-----w- c:\program files\TrueTransparency
2010-01-06 22:36 . 2008-09-20 23:32 -------- d-----w- c:\program files\WinFlip
2010-01-06 22:36 . 2008-09-20 23:32 -------- d-----w- c:\program files\Styler
2010-01-06 21:59 . 2008-09-20 23:35 -------- d-----w- c:\documents and settings\ngo\Application Data\ViStart
2009-12-29 07:54 . 2009-08-31 23:20 -------- d-----w- c:\documents and settings\ngo\Application Data\BitTorrent
2009-12-26 19:07 . 2008-09-21 08:28 -------- d-----w- c:\documents and settings\ngo\Application Data\Move Networks
2009-12-26 09:52 . 2009-12-26 09:52 144160 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\uninstall.exe
2009-12-26 09:52 . 2009-12-10 19:26 4187512 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\plugins\npqmp071505000011.dll
2009-12-26 09:52 . 2009-12-26 09:52 1438976 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\MoveMediaPlayerWin_071505000011.exe
2009-12-16 04:58 . 2009-12-16 04:55 -------- d-----w- c:\documents and settings\ngo\Application Data\Ventrilo
2009-12-16 04:54 . 2009-12-16 04:54 -------- d-----w- c:\program files\Ventrilo
2009-12-10 19:27 . 2009-12-10 19:27 97144 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-12-09 23:17 . 2008-09-20 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-21 16:36 . 2004-08-23 19:13 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
1999-07-07 00:00 . 1999-07-07 00:00 6 -csh--r- c:\windows\@@desktop.dat
1999-07-07 00:00 . 1999-07-07 00:00 6 -csh--r- c:\windows\@[email protected]
.
------- Sigcheck -------
[-] 2010-01-05 . 3B8259EF10C0F1425395981E40ED0EAA . 3599360 . . [7.00.6000.16981] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3gdr\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3qfe\mshtml.dll
[-] 2009-10-29 . 481C18143B26747E28779822D7520363 . 3807232 . . [7.00.6000.16945] . . c:\windows\system32\mshtml.dll
[7] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\system32\VITrans\mshtml.dll
[7] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2009-10-29 . 8B48737260C273C9B0DACA84EA1CCDBD . 3602432 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
[7] 2009-10-21 . 36145D2D908FB8A24772F04842366918 . 3598336 . . [7.00.6000.16939] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll
[7] 2009-10-21 . E6453EE08B283419171889786D057A75 . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
[7] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll
[7] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
[7] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[7] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[7] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[7] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[7] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[7] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[7] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[7] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[7] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[7] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[7] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[7] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[7] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[7] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . F321AD4A3FB4A196A34AC103BC52A3D2 . 3801088 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[7] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[7] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[7] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mshtml.dll
[7] 2008-03-02 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[7] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[7] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[7] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[7] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[7] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[7] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[7] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[7] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[7] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[7] 2007-05-08 . 1D4E3B86C601A2497C99790CC4D7DF26 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[7] 2007-05-08 . 5D90A7200F72DACE663EE78DE234FCC7 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[7] 2007-03-07 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[-] 2007-03-07 . DA1F163730850E4901C72C2D8D4EA0DD . 3790848 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-01-12 . BE795BAF50B026D0822F45E050C307D3 . 3789312 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[7] 2007-01-04 . 1C45525574EF206346FBAFCAAC7CC4A5 . 3062272 . . [6.00.2900.3059] . . c:\windows\$hf_mig$\KB928090\SP2QFE\mshtml.dll
[7] 2007-01-04 . 1C45525574EF206346FBAFCAAC7CC4A5 . 3062272 . . [6.00.2900.3059] . . c:\windows\ie7\mshtml.dll
[7] 2007-01-04 . F31274D7667D83E73C6EE16D2206B76C . 3056640 . . [6.00.2900.3059] . . c:\windows\$NtUninstallKB928090$\mshtml.dll
[7] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[7] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\mshtml.dll
[7] 2006-10-23 . 5FC7DE1195C8E9B5360FD65DBE95E5B0 . 3055104 . . [6.00.2900.3020] . . c:\windows\$NtUninstallKB928090_0$\mshtml.dll
[7] 2006-09-14 . BE45460D1453B7342E01EAE79BFBC681 . 3054592 . . [6.00.2900.2995] . . c:\windows\$NtUninstallKB925454$\mshtml.dll
[7] 2006-09-14 . CEFEA1C301139A817931BE132F0359FE . 3058688 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll
[-] 2006-07-28 . D251679BD9EF0250201FB899EC40FD32 . 3058176 . . [6.00.2900.2963] . . c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll
[-] 2006-07-28 . C7074DA3D8F8C0F6C03874BA0B05069C . 3054080 . . [6.00.2900.2963] . . c:\windows\$NtUninstallKB922760$\mshtml.dll
[-] 2006-07-28 . C7074DA3D8F8C0F6C03874BA0B05069C . 3054080 . . [6.00.2900.2963] . . c:\windows\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\backup\mshtml.dll
[7] 2006-05-19 . 284CE76B71DD5260B42A3CCF0135AF67 . 3052544 . . [6.00.2900.2912] . . c:\windows\$NtUninstallKB918899$\mshtml.dll
[7] 2006-05-19 . 8687E029BE63C77D4919485068C54D77 . 3055104 . . [6.00.2900.2912] . . c:\windows\$hf_mig$\KB916281\SP2QFE\mshtml.dll
[7] 2006-03-23 . DEAA438EA31095E14A196FF647E38D13 . 3053568 . . [6.00.2900.2873] . . c:\windows\$NtUninstallKB916281$\mshtml.dll
[7] 2006-03-23 . ABCD123F888E4E97C8751378CCCC4F26 . 3055616 . . [6.00.2900.2873] . . c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[7] 2005-11-24 . D3F037F5DA702AE9DDD7663EC9D78BA7 . 3018240 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[7] 2005-11-24 . 5E7A39950EA133BB54719A6E08C544A7 . 3015680 . . [6.00.2900.2802] . . c:\windows\$NtUninstallKB912812$\mshtml.dll
[7] 2005-10-05 . 3394299FBF1CD0B24089FC762611360B . 3017728 . . [6.00.2900.2769] . . c:\windows\$hf_mig$\KB896688\SP2QFE\mshtml.dll
[7] 2005-10-05 . 042AC20E084D21DD6BEE99B89CC30FB7 . 3015168 . . [6.00.2900.2769] . . c:\windows\$NtUninstallKB905915$\mshtml.dll
[7] 2005-07-20 . A14A7A206AE22DE4FE563E44CFC7DDF5 . 3016192 . . [6.00.2900.2722] . . c:\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll
[7] 2005-07-20 . 31E7520E58E5E4DFA93215A6D5603AF2 . 3014144 . . [6.00.2900.2722] . . c:\windows\$NtUninstallKB896688$\mshtml.dll
[7] 2005-05-02 . DCC5C79B99F02EEF8C826B074DBFC222 . 3014144 . . [6.00.2900.2668] . . c:\windows\$hf_mig$\KB883939\SP2QFE\mshtml.dll
[7] 2005-05-02 . DCFAC5470EE0A159EC4222BC28AE3EE6 . 3012608 . . [6.00.2900.2668] . . c:\windows\$NtUninstallKB896727$\mshtml.dll
[7] 2005-03-10 . 84A1B9B0C362051E68BB131F14C6DAAD . 3010560 . . [6.00.2900.2627] . . c:\windows\$NtUninstallKB883939$\mshtml.dll
[7] 2005-03-10 . 255C2CE965543ABDC3E0A25A5DA1874A . 3011072 . . [6.00.2900.2627] . . c:\windows\$hf_mig$\KB890923\SP2QFE\mshtml.dll
[7] 2005-01-27 . FAE3CA9B2459581C45B3A8845BE3077C . 3006976 . . [6.00.2900.2604] . . c:\windows\$NtUninstallKB890923$\mshtml.dll
[7] 2005-01-27 . 91C5ADE25BC4E3322577854FA2E7B58B . 3008000 . . [6.00.2900.2604] . . c:\windows\$hf_mig$\KB867282\SP2QFE\mshtml.dll
[7] 2004-09-29 . 087FF7C54E7EBE4A59BD4DFC1D0EE9B8 . 3004928 . . [6.00.2900.2524] . . c:\windows\$hf_mig$\KB834707\SP2QFE\mshtml.dll
[7] 2004-09-29 . D94E6405E420373161467ACD3DA65640 . 3004928 . . [6.00.2900.2523] . . c:\windows\$NtUninstallKB867282$\mshtml.dll
[7] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB834707$\mshtml.dll
[7] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[7] 2009-08-04 . D6B537A639D623ED85B73AF3E3BE4B94 . 2180352 . . [5.1.2600.3610] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-08-04 . D6B537A639D623ED85B73AF3E3BE4B94 . 2180352 . . [5.1.2600.3610] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-08-04 . 039B9E1E31DAEE0018B2779C8BF65C89 . 2147840 . . [5.1.2600.3610] . . c:\windows\system32\ntoskrnl.exe
[7] 2009-08-04 . 11CDD81560E766101F0032EB05872C1B . 2136064 . . [5.1.2600.3610] . . c:\windows\system32\VITrans\ntoskrnl.exe
[7] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-08-04 . 8DF112C341425F29DB4566B8D2A96A7F . 2185984 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . 16B5EBE97F243441264A8F8694C2F2AA . 2136064 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 . DD31AB4B91C2605601A3C108AF57A0C9 . 2136064 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntoskrnl.exe
[7] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 5FB20CABC9A81BAAABBE63F30FFC5284 . 2147840 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . 612C427014BB443153DCA528A4D37D13 . 2146816 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2005-03-02 . 48B3E89AF7074CEE0314A3E0C7FAFFDB . 2135552 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[7] 2004-08-04 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[7] 2004-08-04 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ntoskrnl.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 7159508EEBB8E80DE73A0A48D581ED50 . 1423360 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\system32\VITrans\explorer.exe
[-] 2004-08-04 . 4B0011B8E35843966A3CE5685058420F . 1422336 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2009-08-05 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe
[-] 2009-08-04 . 2A7AA4C4FC05B819E56045F4856D92B6 . 2027520 . . [5.1.2600.3610] . . c:\windows\system32\ntkrnlpa.exe
[7] 2009-08-04 . E832C72D32FA117CB0D033C5EA95B58F . 2015744 . . [5.1.2600.3610] . . c:\windows\system32\VITrans\ntkrnlpa.exe
[7] 2009-08-04 . B0BD27AA04C1B8E857C1DADEF4EF2159 . 2057728 . . [5.1.2600.3610] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-08-04 . B0BD27AA04C1B8E857C1DADEF4EF2159 . 2057728 . . [5.1.2600.3610] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-08-04 . 97E912E94CCED4064F5DEEE5C25A9278 . 2062976 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 . B238AB60093BABFE76AEC8F34B4D399D . 2015744 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 . DC097A896A03B8277457D228FD12D4E6 . 2015744 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntkrnlpa.exe
[7] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . 54A8B9806027049F8B19F1274A63C7B4 . 2027520 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . 44B54761A335D89C0CFB7364B23B0128 . 2026496 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2005-03-02 . 3CD941E472DDF3534E53038535719771 . 2015232 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[7] 2004-08-04 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[7] 2004-08-04 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-20 128000]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536]
"ViStart"="c:\program files\ViStart\ViStart.exe" [2007-11-27 593920]
"ViOrb"="c:\program files\ViOrb\ViOrb.exe" [2007-11-19 163840]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-14 323392]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-08-02 49152]
"VTTrayp"="VTtrayp.exe" [2004-08-02 143360]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536]
"FLMOFFICE4DMOUSE"="c:\program files\Browser Mouse\moffice.exe" [2007-04-15 806912]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"Glass2k"="c:\documents and settings\ngo\My Documents\Downloads\Glass2k.exe" [2007-04-06 56325]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
c:\documents and settings\Anh Pham\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-8 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo Scheduler server.lnk
backup=c:\windows\pss\InterVideo Scheduler server.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]
2007-04-06 01:24 56325 ----a-w- c:\documents and settings\ngo\My Documents\Downloads\Glass2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2002-08-12 18:07 36864 ----a-w- c:\program files\Scansoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-09-20 00:34 4347120 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2002-08-12 17:33 45108 ----a-w- c:\program files\Scansoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
2007-11-20 21:51 524288 ----a-w- c:\program files\Vista Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\WINDOWS\\system32\\P3MxSvr.exe"=
"c:\\WINDOWS\\system32\\p3mxvsvr.exe"=
"c:\\WINDOWS\\system32\\mnetasvr.exe"=
"c:\\WINDOWS\\system32\\mnetvsvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:UDP"= 5000:UDP:Yahoo Voice
S0 daiua;daiua;c:\windows\system32\drivers\lyvj.sys --> c:\windows\system32\drivers\lyvj.sys [?]
S0 epcjlr;epcjlr;c:\windows\system32\drivers\ssww.sys --> c:\windows\system32\drivers\ssww.sys [?]
S2 PortTalk;PortTalk;
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [11/8/2004 5:10 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [11/8/2004 5:10 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [11/8/2004 5:10 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [11/8/2004 5:10 PM 10368]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
uDefault_Search_URL = hxxp://ie.search.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0B96BF84-DA5C-46F4-A7FC-5319CFF74163} - hxxp://player.mnet.com/package/cjmuset.cab
DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} - hxxp://www.mnet.com/Ver2/App/totalApp/maxhelper/maxhelper.cab
DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} - hxxp://live.pdbox.co.kr:8057/AFCStarter.cab
FF - ProfilePath - c:\documents and settings\ngo\Application Data\Mozilla\Firefox\Profiles\h1ooj7gl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 22:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2946896428-4015859676-2471532444-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(440)
c:\windows\system32\cscui.dll
- - - - - - - > 'explorer.exe'(1188)
c:\windows\system32\WININET.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\msi.dll
.
Completion time: 2010-01-29 22:47:13
ComboFix-quarantined-files.txt 2010-01-30 06:47
ComboFix2.txt 2010-01-25 21:23
ComboFix3.txt 2008-06-06 23:05
Pre-Run: 111,972,597,760 bytes free
Post-Run: 111,948,505,088 bytes free
- - End Of File - - 5950B3E7F3F34BFD40E3B46FEEEA9FCA
5
Tech Clinic / Rootkit.TDSS
« on: January 29, 2010, 02:10:09 AM »
No, it says there are no change/modification or something, so nothing popped up.
6
Tech Clinic / Rootkit.TDSS
« on: January 26, 2010, 01:21:08 AM »
No, it didn't work, it still says "Driver load error".
7
Tech Clinic / Rootkit.TDSS
« on: January 25, 2010, 04:30:55 PM »
Combofix freaked me out a bit because I ran it on safemode without internet and was unable to install windows recovery console. It also froze in the middle of log-making process. Nevertheless, I got it 
http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'
\' />
ComboFix 10-01-25.01 - ngo 01/25/2010 13:15:18.3.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.479.212 [GMT -8:00]
Running from: c:\documents and settings\ngo\Desktop\Combo-Fix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents
c:\program files\INSTALL.LOG
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\nvDrv.sy
c:\windows\system32\drivers\H8SRToqxmbavmcy.sys
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRTqsbyqxtyrg.dat
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\H8SRTvnssrhspcb.dll
c:\windows\system32\H8SRTxtevdkeqti.dll
c:\windows\system32\H8SRTyemshiexbf.dll
c:\windows\system32\H8SRTypibegcmyl.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
-------\Service_WinDriver
((((((((((((((((((((((((( Files Created from 2009-12-25 to 2010-01-25 )))))))))))))))))))))))))))))))
.
2010-01-15 06:23 . 2010-01-15 06:23 -------- d-----w- C:\VundoFix Backups
2010-01-14 08:34 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 08:34 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 08:34 . 2010-01-14 20:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 06:59 . 2010-01-14 06:59 -------- d-----w- c:\documents and settings\ngo\Application Data\Grisoft
2010-01-14 06:59 . 2007-05-30 12:10 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys
2010-01-14 06:59 . 2010-01-14 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2010-01-12 23:58 . 2009-11-21 16:36 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-06 22:36 . 2010-01-20 21:35 -------- d-----w- c:\program files\ViStart
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\VisualTooltip
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\ViOrb
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\Vista Sidebar
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\LClock
2010-01-06 22:36 . 2007-04-15 09:30 6181376 ----a-w- c:\windows\system32\vistaui.exe
2010-01-06 22:23 . 2010-01-06 22:23 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-06 22:23 . 2010-01-06 22:23 -------- d-----w- c:\program files\Red Kawa
2010-01-06 22:23 . 2010-01-06 22:23 -------- d-----w- c:\documents and settings\ngo\Application Data\Red Kawa
2010-01-06 21:59 . 2010-01-06 21:59 -------- d-----w- c:\documents and settings\ngo\Application Data\ViGlance
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\ViSplore
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\ViStart(2)
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\Vista Rainbar
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\ViGlance
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\Vista Drive Icon
2009-12-28 22:48 . 2009-12-28 22:48 -------- d--h--w- c:\windows\PIF
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 21:35 . 2009-05-24 19:36 -------- d-----w- c:\program files\DNA
2010-01-20 21:35 . 2009-05-24 19:36 -------- d-----w- c:\documents and settings\ngo\Application Data\DNA
2010-01-14 21:17 . 2005-03-19 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-14 08:11 . 2007-06-15 03:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-14 08:06 . 2006-05-27 21:07 -------- d-----w- c:\program files\SpywareBlaster
2010-01-14 06:46 . 2006-10-01 06:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-14 06:46 . 2005-03-19 06:35 -------- d-----w- c:\program files\Lavasoft
2010-01-14 06:27 . 2005-03-19 06:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-14 05:54 . 2007-11-25 06:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-06 22:36 . 2008-09-20 23:32 -------- d-----w- c:\program files\TrueTransparency
2010-01-06 22:36 . 2008-09-20 23:32 -------- d-----w- c:\program files\WinFlip
2010-01-06 22:36 . 2008-09-20 23:32 -------- d-----w- c:\program files\Styler
2010-01-06 21:59 . 2008-09-20 23:35 -------- d-----w- c:\documents and settings\ngo\Application Data\ViStart
2009-12-29 07:54 . 2009-08-31 23:20 -------- d-----w- c:\documents and settings\ngo\Application Data\BitTorrent
2009-12-26 19:07 . 2008-09-21 08:28 -------- d-----w- c:\documents and settings\ngo\Application Data\Move Networks
2009-12-26 09:52 . 2009-12-26 09:52 144160 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\uninstall.exe
2009-12-26 09:52 . 2009-12-10 19:26 4187512 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\plugins\npqmp071505000011.dll
2009-12-26 09:52 . 2009-12-26 09:52 1438976 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\MoveMediaPlayerWin_071505000011.exe
2009-12-16 04:58 . 2009-12-16 04:55 -------- d-----w- c:\documents and settings\ngo\Application Data\Ventrilo
2009-12-16 04:54 . 2009-12-16 04:54 -------- d-----w- c:\program files\Ventrilo
2009-12-10 19:27 . 2009-12-10 19:27 97144 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-12-09 23:17 . 2008-09-20 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-21 16:36 . 2004-08-23 19:13 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:46 . 2004-08-23 19:13 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-23 19:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-23 19:13 17408 ----a-w- c:\windows\system32\corpol.dll
1999-07-07 00:00 . 1999-07-07 00:00 6 -csh--r- c:\windows\@@desktop.dat
1999-07-07 00:00 . 1999-07-07 00:00 6 -csh--r- c:\windows\@[email protected]
.
------- Sigcheck -------
[-] 2010-01-05 . 3B8259EF10C0F1425395981E40ED0EAA . 3599360 . . [7.00.6000.16981] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3gdr\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3qfe\mshtml.dll
[-] 2009-10-29 . 481C18143B26747E28779822D7520363 . 3807232 . . [7.00.6000.16945] . . c:\windows\system32\mshtml.dll
[7] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\system32\VITrans\mshtml.dll
[7] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2009-10-29 . 8B48737260C273C9B0DACA84EA1CCDBD . 3602432 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
[7] 2009-10-21 . 36145D2D908FB8A24772F04842366918 . 3598336 . . [7.00.6000.16939] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll
[7] 2009-10-21 . E6453EE08B283419171889786D057A75 . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
[7] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll
[7] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
[7] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[7] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[7] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[7] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[7] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[7] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[7] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[7] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[7] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[7] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[7] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[7] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[7] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[7] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . F321AD4A3FB4A196A34AC103BC52A3D2 . 3801088 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[7] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[7] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[7] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mshtml.dll
[7] 2008-03-02 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[7] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[7] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[7] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[7] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[7] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[7] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[7] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[7] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[7] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[7] 2007-05-08 . 1D4E3B86C601A2497C99790CC4D7DF26 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[7] 2007-05-08 . 5D90A7200F72DACE663EE78DE234FCC7 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[7] 2007-03-07 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[-] 2007-03-07 . DA1F163730850E4901C72C2D8D4EA0DD . 3790848 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-01-12 . BE795BAF50B026D0822F45E050C307D3 . 3789312 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[7] 2007-01-04 . 1C45525574EF206346FBAFCAAC7CC4A5 . 3062272 . . [6.00.2900.3059] . . c:\windows\$hf_mig$\KB928090\SP2QFE\mshtml.dll
[7] 2007-01-04 . 1C45525574EF206346FBAFCAAC7CC4A5 . 3062272 . . [6.00.2900.3059] . . c:\windows\ie7\mshtml.dll
[7] 2007-01-04 . F31274D7667D83E73C6EE16D2206B76C . 3056640 . . [6.00.2900.3059] . . c:\windows\$NtUninstallKB928090$\mshtml.dll
[7] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[7] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\mshtml.dll
[7] 2006-10-23 . 5FC7DE1195C8E9B5360FD65DBE95E5B0 . 3055104 . . [6.00.2900.3020] . . c:\windows\$NtUninstallKB928090_0$\mshtml.dll
[7] 2006-09-14 . BE45460D1453B7342E01EAE79BFBC681 . 3054592 . . [6.00.2900.2995] . . c:\windows\$NtUninstallKB925454$\mshtml.dll
[7] 2006-09-14 . CEFEA1C301139A817931BE132F0359FE . 3058688 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll
[-] 2006-07-28 . D251679BD9EF0250201FB899EC40FD32 . 3058176 . . [6.00.2900.2963] . . c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll
[-] 2006-07-28 . C7074DA3D8F8C0F6C03874BA0B05069C . 3054080 . . [6.00.2900.2963] . . c:\windows\$NtUninstallKB922760$\mshtml.dll
[-] 2006-07-28 . C7074DA3D8F8C0F6C03874BA0B05069C . 3054080 . . [6.00.2900.2963] . . c:\windows\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\backup\mshtml.dll
[7] 2006-05-19 . 284CE76B71DD5260B42A3CCF0135AF67 . 3052544 . . [6.00.2900.2912] . . c:\windows\$NtUninstallKB918899$\mshtml.dll
[7] 2006-05-19 . 8687E029BE63C77D4919485068C54D77 . 3055104 . . [6.00.2900.2912] . . c:\windows\$hf_mig$\KB916281\SP2QFE\mshtml.dll
[7] 2006-03-23 . DEAA438EA31095E14A196FF647E38D13 . 3053568 . . [6.00.2900.2873] . . c:\windows\$NtUninstallKB916281$\mshtml.dll
[7] 2006-03-23 . ABCD123F888E4E97C8751378CCCC4F26 . 3055616 . . [6.00.2900.2873] . . c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[7] 2005-11-24 . D3F037F5DA702AE9DDD7663EC9D78BA7 . 3018240 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[7] 2005-11-24 . 5E7A39950EA133BB54719A6E08C544A7 . 3015680 . . [6.00.2900.2802] . . c:\windows\$NtUninstallKB912812$\mshtml.dll
[7] 2005-10-05 . 3394299FBF1CD0B24089FC762611360B . 3017728 . . [6.00.2900.2769] . . c:\windows\$hf_mig$\KB896688\SP2QFE\mshtml.dll
[7] 2005-10-05 . 042AC20E084D21DD6BEE99B89CC30FB7 . 3015168 . . [6.00.2900.2769] . . c:\windows\$NtUninstallKB905915$\mshtml.dll
[7] 2005-07-20 . A14A7A206AE22DE4FE563E44CFC7DDF5 . 3016192 . . [6.00.2900.2722] . . c:\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll
[7] 2005-07-20 . 31E7520E58E5E4DFA93215A6D5603AF2 . 3014144 . . [6.00.2900.2722] . . c:\windows\$NtUninstallKB896688$\mshtml.dll
[7] 2005-05-02 . DCC5C79B99F02EEF8C826B074DBFC222 . 3014144 . . [6.00.2900.2668] . . c:\windows\$hf_mig$\KB883939\SP2QFE\mshtml.dll
[7] 2005-05-02 . DCFAC5470EE0A159EC4222BC28AE3EE6 . 3012608 . . [6.00.2900.2668] . . c:\windows\$NtUninstallKB896727$\mshtml.dll
[7] 2005-03-10 . 84A1B9B0C362051E68BB131F14C6DAAD . 3010560 . . [6.00.2900.2627] . . c:\windows\$NtUninstallKB883939$\mshtml.dll
[7] 2005-03-10 . 255C2CE965543ABDC3E0A25A5DA1874A . 3011072 . . [6.00.2900.2627] . . c:\windows\$hf_mig$\KB890923\SP2QFE\mshtml.dll
[7] 2005-01-27 . FAE3CA9B2459581C45B3A8845BE3077C . 3006976 . . [6.00.2900.2604] . . c:\windows\$NtUninstallKB890923$\mshtml.dll
[7] 2005-01-27 . 91C5ADE25BC4E3322577854FA2E7B58B . 3008000 . . [6.00.2900.2604] . . c:\windows\$hf_mig$\KB867282\SP2QFE\mshtml.dll
[7] 2004-09-29 . 087FF7C54E7EBE4A59BD4DFC1D0EE9B8 . 3004928 . . [6.00.2900.2524] . . c:\windows\$hf_mig$\KB834707\SP2QFE\mshtml.dll
[7] 2004-09-29 . D94E6405E420373161467ACD3DA65640 . 3004928 . . [6.00.2900.2523] . . c:\windows\$NtUninstallKB867282$\mshtml.dll
[7] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB834707$\mshtml.dll
[7] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[7] 2009-08-04 . D6B537A639D623ED85B73AF3E3BE4B94 . 2180352 . . [5.1.2600.3610] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-08-04 . D6B537A639D623ED85B73AF3E3BE4B94 . 2180352 . . [5.1.2600.3610] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-08-04 . 039B9E1E31DAEE0018B2779C8BF65C89 . 2147840 . . [5.1.2600.3610] . . c:\windows\system32\ntoskrnl.exe
[7] 2009-08-04 . 11CDD81560E766101F0032EB05872C1B . 2136064 . . [5.1.2600.3610] . . c:\windows\system32\VITrans\ntoskrnl.exe
[7] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-08-04 . 8DF112C341425F29DB4566B8D2A96A7F . 2185984 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . 16B5EBE97F243441264A8F8694C2F2AA . 2136064 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 . DD31AB4B91C2605601A3C108AF57A0C9 . 2136064 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntoskrnl.exe
[7] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 5FB20CABC9A81BAAABBE63F30FFC5284 . 2147840 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . 612C427014BB443153DCA528A4D37D13 . 2146816 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2005-03-02 . 48B3E89AF7074CEE0314A3E0C7FAFFDB . 2135552 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[7] 2004-08-04 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[7] 2004-08-04 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ntoskrnl.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 7159508EEBB8E80DE73A0A48D581ED50 . 1423360 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\system32\VITrans\explorer.exe
[-] 2004-08-04 . 4B0011B8E35843966A3CE5685058420F . 1422336 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2009-08-05 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe
[-] 2009-08-04 . 2A7AA4C4FC05B819E56045F4856D92B6 . 2027520 . . [5.1.2600.3610] . . c:\windows\system32\ntkrnlpa.exe
[7] 2009-08-04 . E832C72D32FA117CB0D033C5EA95B58F . 2015744 . . [5.1.2600.3610] . . c:\windows\system32\VITrans\ntkrnlpa.exe
[7] 2009-08-04 . B0BD27AA04C1B8E857C1DADEF4EF2159 . 2057728 . . [5.1.2600.3610] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-08-04 . B0BD27AA04C1B8E857C1DADEF4EF2159 . 2057728 . . [5.1.2600.3610] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-08-04 . 97E912E94CCED4064F5DEEE5C25A9278 . 2062976 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 . B238AB60093BABFE76AEC8F34B4D399D . 2015744 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 . DC097A896A03B8277457D228FD12D4E6 . 2015744 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntkrnlpa.exe
[7] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . 54A8B9806027049F8B19F1274A63C7B4 . 2027520 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . 44B54761A335D89C0CFB7364B23B0128 . 2026496 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2005-03-02 . 3CD941E472DDF3534E53038535719771 . 2015232 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[7] 2004-08-04 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[7] 2004-08-04 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-20 128000]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536]
"ViStart"="c:\program files\ViStart\ViStart.exe" [2007-11-27 593920]
"ViOrb"="c:\program files\ViOrb\ViOrb.exe" [2007-11-19 163840]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-14 323392]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-08-02 49152]
"VTTrayp"="VTtrayp.exe" [2004-08-02 143360]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536]
"FLMOFFICE4DMOUSE"="c:\program files\Browser Mouse\moffice.exe" [2007-04-15 806912]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"Glass2k"="c:\documents and settings\ngo\My Documents\Downloads\Glass2k.exe" [2007-04-06 56325]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
c:\documents and settings\Anh Pham\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-8 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo Scheduler server.lnk
backup=c:\windows\pss\InterVideo Scheduler server.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]
2007-04-06 01:24 56325 ----a-w- c:\documents and settings\ngo\My Documents\Downloads\Glass2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2002-08-12 18:07 36864 ----a-w- c:\program files\Scansoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-09-20 00:34 4347120 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2002-08-12 17:33 45108 ----a-w- c:\program files\Scansoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
2007-11-20 21:51 524288 ----a-w- c:\program files\Vista Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\WINDOWS\\system32\\P3MxSvr.exe"=
"c:\\WINDOWS\\system32\\p3mxvsvr.exe"=
"c:\\WINDOWS\\system32\\mnetasvr.exe"=
"c:\\WINDOWS\\system32\\mnetvsvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:UDP"= 5000:UDP:Yahoo Voice
S0 daiua;daiua;c:\windows\system32\drivers\lyvj.sys --> c:\windows\system32\drivers\lyvj.sys [?]
S0 epcjlr;epcjlr;c:\windows\system32\drivers\ssww.sys --> c:\windows\system32\drivers\ssww.sys [?]
S2 PortTalk;PortTalk;
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [11/8/2004 5:10 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [11/8/2004 5:10 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [11/8/2004 5:10 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [11/8/2004 5:10 PM 10368]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
uDefault_Search_URL = hxxp://ie.search.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0B96BF84-DA5C-46F4-A7FC-5319CFF74163} - hxxp://player.mnet.com/package/cjmuset.cab
DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} - hxxp://www.mnet.com/Ver2/App/totalApp/maxhelper/maxhelper.cab
DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} - hxxp://live.pdbox.co.kr:8057/AFCStarter.cab
FF - ProfilePath - c:\documents and settings\ngo\Application Data\Mozilla\Firefox\Profiles\h1ooj7gl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - plugin: c:\documents and settings\ngo\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Aim6 - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-AOL Instant Messanger - aim.exe
AddRemove-IE Help - c:\program files\se\v11\se.EXE
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 13:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2946896428-4015859676-2471532444-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(448)
c:\windows\system32\cscui.dll
- - - - - - - > 'explorer.exe'(388)
c:\windows\system32\WININET.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\msi.dll
.
Completion time: 2010-01-25 13:23:36
ComboFix-quarantined-files.txt 2010-01-25 21:23
ComboFix2.txt 2008-06-06 23:05
Pre-Run: 111,995,052,032 bytes free
Post-Run: 111,967,109,120 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 2ABD6027BA93AE3FE7E6406A01FE5BB9
\' />ComboFix 10-01-25.01 - ngo 01/25/2010 13:15:18.3.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.479.212 [GMT -8:00]
Running from: c:\documents and settings\ngo\Desktop\Combo-Fix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents
c:\program files\INSTALL.LOG
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\nvDrv.sy
c:\windows\system32\drivers\H8SRToqxmbavmcy.sys
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRTqsbyqxtyrg.dat
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\H8SRTvnssrhspcb.dll
c:\windows\system32\H8SRTxtevdkeqti.dll
c:\windows\system32\H8SRTyemshiexbf.dll
c:\windows\system32\H8SRTypibegcmyl.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
-------\Service_WinDriver
((((((((((((((((((((((((( Files Created from 2009-12-25 to 2010-01-25 )))))))))))))))))))))))))))))))
.
2010-01-15 06:23 . 2010-01-15 06:23 -------- d-----w- C:\VundoFix Backups
2010-01-14 08:34 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 08:34 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 08:34 . 2010-01-14 20:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 06:59 . 2010-01-14 06:59 -------- d-----w- c:\documents and settings\ngo\Application Data\Grisoft
2010-01-14 06:59 . 2007-05-30 12:10 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys
2010-01-14 06:59 . 2010-01-14 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2010-01-12 23:58 . 2009-11-21 16:36 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-06 22:36 . 2010-01-20 21:35 -------- d-----w- c:\program files\ViStart
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\VisualTooltip
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\ViOrb
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\Vista Sidebar
2010-01-06 22:36 . 2010-01-06 22:36 -------- d-----w- c:\program files\LClock
2010-01-06 22:36 . 2007-04-15 09:30 6181376 ----a-w- c:\windows\system32\vistaui.exe
2010-01-06 22:23 . 2010-01-06 22:23 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-06 22:23 . 2010-01-06 22:23 -------- d-----w- c:\program files\Red Kawa
2010-01-06 22:23 . 2010-01-06 22:23 -------- d-----w- c:\documents and settings\ngo\Application Data\Red Kawa
2010-01-06 21:59 . 2010-01-06 21:59 -------- d-----w- c:\documents and settings\ngo\Application Data\ViGlance
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\ViSplore
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\ViStart(2)
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\Vista Rainbar
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\ViGlance
2010-01-06 21:57 . 2010-01-06 22:23 -------- d-----w- c:\program files\Vista Drive Icon
2009-12-28 22:48 . 2009-12-28 22:48 -------- d--h--w- c:\windows\PIF
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 21:35 . 2009-05-24 19:36 -------- d-----w- c:\program files\DNA
2010-01-20 21:35 . 2009-05-24 19:36 -------- d-----w- c:\documents and settings\ngo\Application Data\DNA
2010-01-14 21:17 . 2005-03-19 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-14 08:11 . 2007-06-15 03:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-14 08:06 . 2006-05-27 21:07 -------- d-----w- c:\program files\SpywareBlaster
2010-01-14 06:46 . 2006-10-01 06:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-14 06:46 . 2005-03-19 06:35 -------- d-----w- c:\program files\Lavasoft
2010-01-14 06:27 . 2005-03-19 06:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-14 05:54 . 2007-11-25 06:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-06 22:36 . 2008-09-20 23:32 -------- d-----w- c:\program files\TrueTransparency
2010-01-06 22:36 . 2008-09-20 23:32 -------- d-----w- c:\program files\WinFlip
2010-01-06 22:36 . 2008-09-20 23:32 -------- d-----w- c:\program files\Styler
2010-01-06 21:59 . 2008-09-20 23:35 -------- d-----w- c:\documents and settings\ngo\Application Data\ViStart
2009-12-29 07:54 . 2009-08-31 23:20 -------- d-----w- c:\documents and settings\ngo\Application Data\BitTorrent
2009-12-26 19:07 . 2008-09-21 08:28 -------- d-----w- c:\documents and settings\ngo\Application Data\Move Networks
2009-12-26 09:52 . 2009-12-26 09:52 144160 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\uninstall.exe
2009-12-26 09:52 . 2009-12-10 19:26 4187512 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\plugins\npqmp071505000011.dll
2009-12-26 09:52 . 2009-12-26 09:52 1438976 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\MoveMediaPlayerWin_071505000011.exe
2009-12-16 04:58 . 2009-12-16 04:55 -------- d-----w- c:\documents and settings\ngo\Application Data\Ventrilo
2009-12-16 04:54 . 2009-12-16 04:54 -------- d-----w- c:\program files\Ventrilo
2009-12-10 19:27 . 2009-12-10 19:27 97144 ----a-w- c:\documents and settings\ngo\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-12-09 23:17 . 2008-09-20 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-21 16:36 . 2004-08-23 19:13 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:46 . 2004-08-23 19:13 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-23 19:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-23 19:13 17408 ----a-w- c:\windows\system32\corpol.dll
1999-07-07 00:00 . 1999-07-07 00:00 6 -csh--r- c:\windows\@@desktop.dat
1999-07-07 00:00 . 1999-07-07 00:00 6 -csh--r- c:\windows\@[email protected]
.
------- Sigcheck -------
[-] 2010-01-05 . 3B8259EF10C0F1425395981E40ED0EAA . 3599360 . . [7.00.6000.16981] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3gdr\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\SoftwareDistribution\Download\72187e1a9593df853aa7db379edb1348\sp3qfe\mshtml.dll
[-] 2009-10-29 . 481C18143B26747E28779822D7520363 . 3807232 . . [7.00.6000.16945] . . c:\windows\system32\mshtml.dll
[7] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\system32\VITrans\mshtml.dll
[7] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2009-10-29 . 8B48737260C273C9B0DACA84EA1CCDBD . 3602432 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
[7] 2009-10-21 . 36145D2D908FB8A24772F04842366918 . 3598336 . . [7.00.6000.16939] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll
[7] 2009-10-21 . E6453EE08B283419171889786D057A75 . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
[7] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll
[7] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
[7] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[7] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[7] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[7] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[7] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[7] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[7] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[7] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[7] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[7] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[7] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[7] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[7] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[7] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . F321AD4A3FB4A196A34AC103BC52A3D2 . 3801088 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[7] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[7] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[7] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mshtml.dll
[7] 2008-03-02 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[7] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[7] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[7] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[7] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[7] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[7] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[7] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[7] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[7] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[7] 2007-05-08 . 1D4E3B86C601A2497C99790CC4D7DF26 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[7] 2007-05-08 . 5D90A7200F72DACE663EE78DE234FCC7 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[7] 2007-03-07 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[-] 2007-03-07 . DA1F163730850E4901C72C2D8D4EA0DD . 3790848 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-01-12 . BE795BAF50B026D0822F45E050C307D3 . 3789312 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[7] 2007-01-04 . 1C45525574EF206346FBAFCAAC7CC4A5 . 3062272 . . [6.00.2900.3059] . . c:\windows\$hf_mig$\KB928090\SP2QFE\mshtml.dll
[7] 2007-01-04 . 1C45525574EF206346FBAFCAAC7CC4A5 . 3062272 . . [6.00.2900.3059] . . c:\windows\ie7\mshtml.dll
[7] 2007-01-04 . F31274D7667D83E73C6EE16D2206B76C . 3056640 . . [6.00.2900.3059] . . c:\windows\$NtUninstallKB928090$\mshtml.dll
[7] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[7] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\mshtml.dll
[7] 2006-10-23 . 5FC7DE1195C8E9B5360FD65DBE95E5B0 . 3055104 . . [6.00.2900.3020] . . c:\windows\$NtUninstallKB928090_0$\mshtml.dll
[7] 2006-09-14 . BE45460D1453B7342E01EAE79BFBC681 . 3054592 . . [6.00.2900.2995] . . c:\windows\$NtUninstallKB925454$\mshtml.dll
[7] 2006-09-14 . CEFEA1C301139A817931BE132F0359FE . 3058688 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll
[-] 2006-07-28 . D251679BD9EF0250201FB899EC40FD32 . 3058176 . . [6.00.2900.2963] . . c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll
[-] 2006-07-28 . C7074DA3D8F8C0F6C03874BA0B05069C . 3054080 . . [6.00.2900.2963] . . c:\windows\$NtUninstallKB922760$\mshtml.dll
[-] 2006-07-28 . C7074DA3D8F8C0F6C03874BA0B05069C . 3054080 . . [6.00.2900.2963] . . c:\windows\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\backup\mshtml.dll
[7] 2006-05-19 . 284CE76B71DD5260B42A3CCF0135AF67 . 3052544 . . [6.00.2900.2912] . . c:\windows\$NtUninstallKB918899$\mshtml.dll
[7] 2006-05-19 . 8687E029BE63C77D4919485068C54D77 . 3055104 . . [6.00.2900.2912] . . c:\windows\$hf_mig$\KB916281\SP2QFE\mshtml.dll
[7] 2006-03-23 . DEAA438EA31095E14A196FF647E38D13 . 3053568 . . [6.00.2900.2873] . . c:\windows\$NtUninstallKB916281$\mshtml.dll
[7] 2006-03-23 . ABCD123F888E4E97C8751378CCCC4F26 . 3055616 . . [6.00.2900.2873] . . c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[7] 2005-11-24 . D3F037F5DA702AE9DDD7663EC9D78BA7 . 3018240 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[7] 2005-11-24 . 5E7A39950EA133BB54719A6E08C544A7 . 3015680 . . [6.00.2900.2802] . . c:\windows\$NtUninstallKB912812$\mshtml.dll
[7] 2005-10-05 . 3394299FBF1CD0B24089FC762611360B . 3017728 . . [6.00.2900.2769] . . c:\windows\$hf_mig$\KB896688\SP2QFE\mshtml.dll
[7] 2005-10-05 . 042AC20E084D21DD6BEE99B89CC30FB7 . 3015168 . . [6.00.2900.2769] . . c:\windows\$NtUninstallKB905915$\mshtml.dll
[7] 2005-07-20 . A14A7A206AE22DE4FE563E44CFC7DDF5 . 3016192 . . [6.00.2900.2722] . . c:\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll
[7] 2005-07-20 . 31E7520E58E5E4DFA93215A6D5603AF2 . 3014144 . . [6.00.2900.2722] . . c:\windows\$NtUninstallKB896688$\mshtml.dll
[7] 2005-05-02 . DCC5C79B99F02EEF8C826B074DBFC222 . 3014144 . . [6.00.2900.2668] . . c:\windows\$hf_mig$\KB883939\SP2QFE\mshtml.dll
[7] 2005-05-02 . DCFAC5470EE0A159EC4222BC28AE3EE6 . 3012608 . . [6.00.2900.2668] . . c:\windows\$NtUninstallKB896727$\mshtml.dll
[7] 2005-03-10 . 84A1B9B0C362051E68BB131F14C6DAAD . 3010560 . . [6.00.2900.2627] . . c:\windows\$NtUninstallKB883939$\mshtml.dll
[7] 2005-03-10 . 255C2CE965543ABDC3E0A25A5DA1874A . 3011072 . . [6.00.2900.2627] . . c:\windows\$hf_mig$\KB890923\SP2QFE\mshtml.dll
[7] 2005-01-27 . FAE3CA9B2459581C45B3A8845BE3077C . 3006976 . . [6.00.2900.2604] . . c:\windows\$NtUninstallKB890923$\mshtml.dll
[7] 2005-01-27 . 91C5ADE25BC4E3322577854FA2E7B58B . 3008000 . . [6.00.2900.2604] . . c:\windows\$hf_mig$\KB867282\SP2QFE\mshtml.dll
[7] 2004-09-29 . 087FF7C54E7EBE4A59BD4DFC1D0EE9B8 . 3004928 . . [6.00.2900.2524] . . c:\windows\$hf_mig$\KB834707\SP2QFE\mshtml.dll
[7] 2004-09-29 . D94E6405E420373161467ACD3DA65640 . 3004928 . . [6.00.2900.2523] . . c:\windows\$NtUninstallKB867282$\mshtml.dll
[7] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB834707$\mshtml.dll
[7] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[7] 2009-08-04 . D6B537A639D623ED85B73AF3E3BE4B94 . 2180352 . . [5.1.2600.3610] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-08-04 . D6B537A639D623ED85B73AF3E3BE4B94 . 2180352 . . [5.1.2600.3610] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-08-04 . 039B9E1E31DAEE0018B2779C8BF65C89 . 2147840 . . [5.1.2600.3610] . . c:\windows\system32\ntoskrnl.exe
[7] 2009-08-04 . 11CDD81560E766101F0032EB05872C1B . 2136064 . . [5.1.2600.3610] . . c:\windows\system32\VITrans\ntoskrnl.exe
[7] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-08-04 . 8DF112C341425F29DB4566B8D2A96A7F . 2185984 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . 16B5EBE97F243441264A8F8694C2F2AA . 2136064 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 . DD31AB4B91C2605601A3C108AF57A0C9 . 2136064 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntoskrnl.exe
[7] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 5FB20CABC9A81BAAABBE63F30FFC5284 . 2147840 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . 612C427014BB443153DCA528A4D37D13 . 2146816 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2005-03-02 . 48B3E89AF7074CEE0314A3E0C7FAFFDB . 2135552 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[7] 2004-08-04 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[7] 2004-08-04 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ntoskrnl.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 7159508EEBB8E80DE73A0A48D581ED50 . 1423360 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\system32\VITrans\explorer.exe
[-] 2004-08-04 . 4B0011B8E35843966A3CE5685058420F . 1422336 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2009-08-05 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe
[-] 2009-08-04 . 2A7AA4C4FC05B819E56045F4856D92B6 . 2027520 . . [5.1.2600.3610] . . c:\windows\system32\ntkrnlpa.exe
[7] 2009-08-04 . E832C72D32FA117CB0D033C5EA95B58F . 2015744 . . [5.1.2600.3610] . . c:\windows\system32\VITrans\ntkrnlpa.exe
[7] 2009-08-04 . B0BD27AA04C1B8E857C1DADEF4EF2159 . 2057728 . . [5.1.2600.3610] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-08-04 . B0BD27AA04C1B8E857C1DADEF4EF2159 . 2057728 . . [5.1.2600.3610] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-08-04 . 97E912E94CCED4064F5DEEE5C25A9278 . 2062976 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 . B238AB60093BABFE76AEC8F34B4D399D . 2015744 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 . DC097A896A03B8277457D228FD12D4E6 . 2015744 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntkrnlpa.exe
[7] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . 54A8B9806027049F8B19F1274A63C7B4 . 2027520 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . 44B54761A335D89C0CFB7364B23B0128 . 2026496 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2005-03-02 . 3CD941E472DDF3534E53038535719771 . 2015232 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[7] 2004-08-04 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[7] 2004-08-04 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\backup\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-20 128000]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536]
"ViStart"="c:\program files\ViStart\ViStart.exe" [2007-11-27 593920]
"ViOrb"="c:\program files\ViOrb\ViOrb.exe" [2007-11-19 163840]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-14 323392]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-08-02 49152]
"VTTrayp"="VTtrayp.exe" [2004-08-02 143360]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536]
"FLMOFFICE4DMOUSE"="c:\program files\Browser Mouse\moffice.exe" [2007-04-15 806912]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"Glass2k"="c:\documents and settings\ngo\My Documents\Downloads\Glass2k.exe" [2007-04-06 56325]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
c:\documents and settings\Anh Pham\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-8 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo Scheduler server.lnk
backup=c:\windows\pss\InterVideo Scheduler server.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]
2007-04-06 01:24 56325 ----a-w- c:\documents and settings\ngo\My Documents\Downloads\Glass2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2002-08-12 18:07 36864 ----a-w- c:\program files\Scansoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-09-20 00:34 4347120 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2002-08-12 17:33 45108 ----a-w- c:\program files\Scansoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
2007-11-20 21:51 524288 ----a-w- c:\program files\Vista Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\WINDOWS\\system32\\P3MxSvr.exe"=
"c:\\WINDOWS\\system32\\p3mxvsvr.exe"=
"c:\\WINDOWS\\system32\\mnetasvr.exe"=
"c:\\WINDOWS\\system32\\mnetvsvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:UDP"= 5000:UDP:Yahoo Voice
S0 daiua;daiua;c:\windows\system32\drivers\lyvj.sys --> c:\windows\system32\drivers\lyvj.sys [?]
S0 epcjlr;epcjlr;c:\windows\system32\drivers\ssww.sys --> c:\windows\system32\drivers\ssww.sys [?]
S2 PortTalk;PortTalk;
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [11/8/2004 5:10 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [11/8/2004 5:10 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [11/8/2004 5:10 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [11/8/2004 5:10 PM 10368]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
uDefault_Search_URL = hxxp://ie.search.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0B96BF84-DA5C-46F4-A7FC-5319CFF74163} - hxxp://player.mnet.com/package/cjmuset.cab
DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} - hxxp://www.mnet.com/Ver2/App/totalApp/maxhelper/maxhelper.cab
DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} - hxxp://live.pdbox.co.kr:8057/AFCStarter.cab
FF - ProfilePath - c:\documents and settings\ngo\Application Data\Mozilla\Firefox\Profiles\h1ooj7gl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - plugin: c:\documents and settings\ngo\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Aim6 - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-AOL Instant Messanger - aim.exe
AddRemove-IE Help - c:\program files\se\v11\se.EXE
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 13:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2946896428-4015859676-2471532444-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(448)
c:\windows\system32\cscui.dll
- - - - - - - > 'explorer.exe'(388)
c:\windows\system32\WININET.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\msi.dll
.
Completion time: 2010-01-25 13:23:36
ComboFix-quarantined-files.txt 2010-01-25 21:23
ComboFix2.txt 2008-06-06 23:05
Pre-Run: 111,995,052,032 bytes free
Post-Run: 111,967,109,120 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 2ABD6027BA93AE3FE7E6406A01FE5BB9
8
Tech Clinic / Rootkit.TDSS
« on: January 22, 2010, 05:04:57 PM »
OK, so I ran TDSSKiller but the run prompt says that there is a driver error, or something. The log for it is this:
14:01:10:000 1548 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
14:01:10:000 1548 ================================================================================
14:01:10:000 1548 SystemInfo:
14:01:10:000 1548 OS Version: 5.1.2600 ServicePack: 2.0
14:01:10:000 1548 Product type: Workstation
14:01:10:000 1548 ComputerName: MY-COMPUTER
14:01:10:000 1548 UserName: ngo
14:01:10:000 1548 Windows directory: C:\WINDOWS
14:01:10:000 1548 Processor architecture: Intel x86
14:01:10:000 1548 Number of processors: 2
14:01:10:000 1548 Page size: 0x1000
14:01:10:000 1548 Boot type: Safe boot
14:01:10:000 1548 ================================================================================
14:01:10:000 1548 UnloadDriverW: NtUnloadDriver error 2
14:01:10:000 1548 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
14:01:10:015 1548 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
14:01:10:015 1548 UtilityInit: KLMD drop and load success
14:01:10:015 1548 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
14:01:10:015 1548 KLMD_OpenDevice: CreateFileW(KLMD201000) error 2
14:01:10:015 1548 Driver load error!
14:01:10:015 1548 UnloadDriverW: NtUnloadDriver error 2
14:01:10:015 1548 KLMD_Unload: UnloadDriverW(klmd21) error 2
14:01:10:015 1548 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
14:01:10:015 1548 UtilityDeinit: KLMD(ARK) unloaded successfully
14:01:10:000 1548 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
14:01:10:000 1548 ================================================================================
14:01:10:000 1548 SystemInfo:
14:01:10:000 1548 OS Version: 5.1.2600 ServicePack: 2.0
14:01:10:000 1548 Product type: Workstation
14:01:10:000 1548 ComputerName: MY-COMPUTER
14:01:10:000 1548 UserName: ngo
14:01:10:000 1548 Windows directory: C:\WINDOWS
14:01:10:000 1548 Processor architecture: Intel x86
14:01:10:000 1548 Number of processors: 2
14:01:10:000 1548 Page size: 0x1000
14:01:10:000 1548 Boot type: Safe boot
14:01:10:000 1548 ================================================================================
14:01:10:000 1548 UnloadDriverW: NtUnloadDriver error 2
14:01:10:000 1548 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
14:01:10:015 1548 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
14:01:10:015 1548 UtilityInit: KLMD drop and load success
14:01:10:015 1548 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
14:01:10:015 1548 KLMD_OpenDevice: CreateFileW(KLMD201000) error 2
14:01:10:015 1548 Driver load error!
14:01:10:015 1548 UnloadDriverW: NtUnloadDriver error 2
14:01:10:015 1548 KLMD_Unload: UnloadDriverW(klmd21) error 2
14:01:10:015 1548 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
14:01:10:015 1548 UtilityDeinit: KLMD(ARK) unloaded successfully
9
Tech Clinic / Rootkit.TDSS
« on: January 21, 2010, 01:23:08 AM »
And this is Extra.txt:
OTL Extras logfile created on: 1/20/2010 10:10:05 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = F:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
479.00 Mb Total Physical Memory | 261.00 Mb Available Physical Memory | 54.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 103.96 Gb Free Space | 69.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 120.73 Mb Total Space | 42.80 Mb Free Space | 35.45% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MY-COMPUTER
Current User Name: ngo
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
[color=\"#E56717\"]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[color=\"#E56717\"]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5000:UDP" = 5000:UDP:*:Enabled:Yahoo Voice
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[color=\"#E56717\"]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\WINDOWS\system32\P3MxSvr.exe" = C:\WINDOWS\system32\P3MxSvr.exe:*:Enabled:Maxmp3 AoD Control -- ()
"C:\WINDOWS\system32\p3mxvsvr.exe" = C:\WINDOWS\system32\p3mxvsvr.exe:*:Enabled:MAXMP3 VOD Control -- (Maxmp3)
"C:\WINDOWS\system32\mnetasvr.exe" = C:\WINDOWS\system32\mnetasvr.exe:*:Enabled:MNet AoD Server -- (PeeringPortal)
"C:\WINDOWS\system32\mnetvsvr.exe" = C:\WINDOWS\system32\mnetvsvr.exe:*:Enabled:MNet VoD Server -- (PeeringPortal)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Documents and Settings\ngo\Local Settings\Temp\WZSE0.TMP\SymNRT.exe" = C:\Documents and Settings\ngo\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Symantec Removal Utility -- File not found
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"D:\Phys_4A\Run.exe" = D:\Phys_4A\Run.exe:*:Enabled:Authorware Runtime -- File not found
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(tm) 6 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3FBC5FCA-F989-4D5D-93F6-B185EEE1EC76}" = IIS6 Manager
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{80FC797D-FDC4-4585-9551-E00A39274CD0}" = ArcSoft Collage Creator
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6.20080811
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AIM_6" = AIM 6
"ATT-PRT22" = ATT-PRT22
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"AVIcodec" = AVIcodec (remove only)
"AviSynth" = AviSynth 2.5
"BootSkin" = BootSkin
"BroadJump Client Foundation" = BroadJump Client Foundation
"Browser Mouse" = Browser Mouse
"CCleaner" = CCleaner (remove only)
"CDisplay_is1" = CDisplay 1.8
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Creative VF0080" = Creative WebCam Live! Pro Driver (1.01.01.1011)
"Creative WebCam Center" = Creative WebCam Center
"Creative WebCam Live! Pro User's Guide English" = Creative WebCam Live! Pro User's Guide (English)
"CursorXP" = CursorXP
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 500 Series" = EPSON WorkForce 500 Series Printer Uninstall
"ffdshow" = ffdshow (remove only)
"GSpot" = GSpot Codec Information Appliance
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE Help" = IE Help
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MP30x Tools_is1" = MP30x Tools1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Synapse" = Synapse Media Player
"TI-Winamp Control_is1" = Winamp TI-Control 0.9
"TrustSiteX Control" = TrustSiteX 1.0 Control
"TVAnts 1.0" = TVAnts 1.0
"Tweak UI 2.10" = Tweak UI
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"Videora iPod Converter" = Videora iPod Converter 5.03
"Vista Transformation Pack" = Vista Transformation Pack 8.0
"VobSub" = VobSub v2.23 (Remove Only)
"VTChromo" = S3 S3Chromo
"VTConfig3D" = S3 S3Config3D
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"VTRefreshLock" = S3 S3RefreshLock
"VTTrayPlus" = S3 S3TrayPlus
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Yahoo! Messenger" = Yahoo! Messenger
"YouTube Downloader App" = YouTube Downloader App 2.03
"Zune" = Zune
[color=\"#E56717\"]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Move Media Player" = Move Media Player
[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
OTL Extras logfile created on: 1/20/2010 10:10:05 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = F:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
479.00 Mb Total Physical Memory | 261.00 Mb Available Physical Memory | 54.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 103.96 Gb Free Space | 69.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 120.73 Mb Total Space | 42.80 Mb Free Space | 35.45% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MY-COMPUTER
Current User Name: ngo
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
[color=\"#E56717\"]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[color=\"#E56717\"]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5000:UDP" = 5000:UDP:*:Enabled:Yahoo Voice
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[color=\"#E56717\"]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\WINDOWS\system32\P3MxSvr.exe" = C:\WINDOWS\system32\P3MxSvr.exe:*:Enabled:Maxmp3 AoD Control -- ()
"C:\WINDOWS\system32\p3mxvsvr.exe" = C:\WINDOWS\system32\p3mxvsvr.exe:*:Enabled:MAXMP3 VOD Control -- (Maxmp3)
"C:\WINDOWS\system32\mnetasvr.exe" = C:\WINDOWS\system32\mnetasvr.exe:*:Enabled:MNet AoD Server -- (PeeringPortal)
"C:\WINDOWS\system32\mnetvsvr.exe" = C:\WINDOWS\system32\mnetvsvr.exe:*:Enabled:MNet VoD Server -- (PeeringPortal)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Documents and Settings\ngo\Local Settings\Temp\WZSE0.TMP\SymNRT.exe" = C:\Documents and Settings\ngo\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Symantec Removal Utility -- File not found
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"D:\Phys_4A\Run.exe" = D:\Phys_4A\Run.exe:*:Enabled:Authorware Runtime -- File not found
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(tm) 6 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3FBC5FCA-F989-4D5D-93F6-B185EEE1EC76}" = IIS6 Manager
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{80FC797D-FDC4-4585-9551-E00A39274CD0}" = ArcSoft Collage Creator
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6.20080811
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AIM_6" = AIM 6
"ATT-PRT22" = ATT-PRT22
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"AVIcodec" = AVIcodec (remove only)
"AviSynth" = AviSynth 2.5
"BootSkin" = BootSkin
"BroadJump Client Foundation" = BroadJump Client Foundation
"Browser Mouse" = Browser Mouse
"CCleaner" = CCleaner (remove only)
"CDisplay_is1" = CDisplay 1.8
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Creative VF0080" = Creative WebCam Live! Pro Driver (1.01.01.1011)
"Creative WebCam Center" = Creative WebCam Center
"Creative WebCam Live! Pro User's Guide English" = Creative WebCam Live! Pro User's Guide (English)
"CursorXP" = CursorXP
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 500 Series" = EPSON WorkForce 500 Series Printer Uninstall
"ffdshow" = ffdshow (remove only)
"GSpot" = GSpot Codec Information Appliance
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE Help" = IE Help
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MP30x Tools_is1" = MP30x Tools1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Synapse" = Synapse Media Player
"TI-Winamp Control_is1" = Winamp TI-Control 0.9
"TrustSiteX Control" = TrustSiteX 1.0 Control
"TVAnts 1.0" = TVAnts 1.0
"Tweak UI 2.10" = Tweak UI
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"Videora iPod Converter" = Videora iPod Converter 5.03
"Vista Transformation Pack" = Vista Transformation Pack 8.0
"VobSub" = VobSub v2.23 (Remove Only)
"VTChromo" = S3 S3Chromo
"VTConfig3D" = S3 S3Config3D
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"VTRefreshLock" = S3 S3RefreshLock
"VTTrayPlus" = S3 S3TrayPlus
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Yahoo! Messenger" = Yahoo! Messenger
"YouTube Downloader App" = YouTube Downloader App 2.03
"Zune" = Zune
[color=\"#E56717\"]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Move Media Player" = Move Media Player
[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
10
Tech Clinic / Rootkit.TDSS
« on: January 21, 2010, 01:20:36 AM »
Yes, I am able to run Malwarebytes, after some trial. But here is the latest log:
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.11
1/20/2010 10:00:47 PM
mbam-log-2010-01-20 (22-00-47).txt
Scan type: Quick Scan
Objects scanned: 112347
Time elapsed: 9 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
And this is the OTL.txt:
OTL logfile created on: 1/20/2010 10:10:05 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = F:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
479.00 Mb Total Physical Memory | 261.00 Mb Available Physical Memory | 54.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 103.96 Gb Free Space | 69.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 120.73 Mb Total Space | 42.80 Mb Free Space | 35.45% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MY-COMPUTER
Current User Name: ngo
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
PRC - [2010/01/21 13:29:40 | 00,547,328 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2007/06/13 02:23:08 | 01,423,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/30 04:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
MOD - [2010/01/21 13:29:40 | 00,547,328 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2006/08/25 07:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [On_Demand | Stopped] -- -- (ose)
SRV - [2009/09/04 12:17:00 | 00,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 12:16:54 | 05,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/09/04 12:16:54 | 00,058,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/01/26 14:13:52 | 00,303,104 | ---- | M] (Motive Communications, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/05/30 04:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
SRV - [2005/05/17 14:40:42 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2002/04/12 00:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) [Auto | Stopped] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
DRV - [2009/09/01 23:28:46 | 00,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2009/01/26 14:13:41 | 00,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/26 14:13:39 | 00,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/06/08 19:59:19 | 00,163,712 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\vidstub.sys -- (BootScreen)
DRV - [2007/05/30 04:10:42 | 00,011,000 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver)
DRV - [2007/05/30 04:10:42 | 00,010,872 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
DRV - [2007/04/14 16:01:30 | 00,062,592 | ---- | M] (Chic Tech.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2007/04/09 08:56:22 | 00,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 08:55:08 | 00,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 08:53:24 | 00,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/03/07 15:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2006/11/02 06:00:08 | 00,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2004/10/31 08:19:31 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/10/09 01:51:08 | 00,503,507 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0080Dev.sys -- (V0080Dev)
DRV - [2004/08/04 04:00:00 | 00,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 04:00:00 | 00,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2004/08/04 04:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/03 22:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/02 08:32:48 | 00,073,600 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\viamraid.sys -- (viamraid)
DRV - [2004/08/02 08:32:46 | 00,818,496 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda)
DRV - [2004/08/02 08:32:46 | 00,149,120 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx)
DRV - [2004/02/04 09:27:56 | 00,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2003/07/02 01:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/03/31 10:29:00 | 00,625,537 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/01/09 20:13:16 | 00,236,981 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr.sys -- (WinDriver)
DRV - [2002/10/02 01:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2002/02/19 16:02:54 | 00,007,157 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\porttalk.sys -- (PortTalk)
DRV - [2001/10/18 09:00:00 | 00,006,234 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaide.sys -- (ViaIde)
DRV - [2001/08/23 05:03:54 | 00,025,434 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2001/08/17 13:12:22 | 00,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 13:12:20 | 00,060,416 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM)
DRV - [2001/08/17 13:12:20 | 00,011,008 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2001/08/17 13:12:12 | 00,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [1999/09/10 03:06:00 | 00,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en&source=iglk
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=\"#E56717\"]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/13 21:32:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/13 21:32:13 | 00,000,000 | ---D | M]
[2008/09/13 20:13:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngo\Application Data\Mozilla\Extensions
[2010/01/13 21:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngo\Application Data\Mozilla\Firefox\Profiles\h1ooj7gl.default\extensions
[2008/09/20 23:10:17 | 00,000,000 | ---D | M] (Azerty III) -- C:\Documents and Settings\ngo\Application Data\Mozilla\Firefox\Profiles\h1ooj7gl.default\extensions\{04CA07AB-7FC3-4110-A83F-EF1E6B75D5B0}
[2008/09/20 23:12:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngo\Application Data\Mozilla\Firefox\Profiles\h1ooj7gl.default\extensions\CrystalFox_Qute@BigRedBrent
[2006/03/07 20:29:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngo\Application Data\Mozilla\Firefox\Profiles\h1ooj7gl.default\extensions\temp
[2008/02/17 11:25:27 | 00,001,877 | ---- | M] () -- C:\Documents and Settings\ngo\Application Data\Mozilla\Firefox\Profiles\h1ooj7gl.default\searchplugins\aolsearch.xml
[2010/01/13 21:13:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2008/08/02 18:33:55 | 00,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\moffice.exe ()
O4 - HKLM..\Run: [Glass2k] C:\Documents and Settings\ngo\My Documents\Downloads\Glass2k.exe (Chime Softwares)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe ( )
O4 - HKCU..\Run: [EPSON WorkForce 500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [twunk_32x.exe] C:\DOCUME~1\ngo\LOCALS~1\Temp\twunk_32x.exe File not found
O4 - HKCU..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe (Lee-Soft.com)
O4 - HKCU..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe (Lee Matthew Chantrey & Windows X)
O4 - Startup: C:\Documents and Settings\Anh Pham\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 84 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0B96BF84-DA5C-46F4-A7FC-5319CFF74163} http://player.mnet.com/package/cjmuset.cab (MnetLauncher Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} http://www.mnet.com/Ver2/App/totalApp/maxh...r/maxhelper.cab (MaxHelper Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} http://live.pdbox.co.kr:8057/AFCStarter.cab (AFCStarter Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (vistaui.exe) - C:\WINDOWS\System32\vistaui.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\ngo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ngo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
[2010/01/14 22:23:47 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/01/14 21:26:44 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\ngo\Recent
[2010/01/14 00:34:43 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/14 00:34:39 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/14 00:34:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/13 22:59:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ngo\Application Data\Grisoft
[2010/01/13 22:59:12 | 00,010,872 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgAsCln.sys
[2010/01/13 22:59:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/01/13 22:59:07 | 00,000,000 | ---D | C] -- C:\Program Files\Grisoft
[2010/01/12 15:58:49 | 00,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/06 14:36:13 | 00,000,000 | ---D | C] -- C:\Program Files\VisualTooltip
[2010/01/06 14:36:13 | 00,000,000 | ---D | C] -- C:\Program Files\ViStart
[2010/01/06 14:36:13 | 00,000,000 | ---D | C] -- C:\Program Files\ViOrb
[2010/01/06 14:36:11 | 00,000,000 | ---D | C] -- C:\Program Files\Vista Sidebar
[2010/01/06 14:36:10 | 06,181,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vistaui.exe
[2010/01/06 14:36:10 | 00,000,000 | ---D | C] -- C:\Program Files\LClock
[2010/01/06 14:23:11 | 00,000,000 | ---D | C] -- C:\Program Files\Red Kawa
[2010/01/06 14:23:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ngo\Application Data\Red Kawa
[2010/01/06 13:59:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ngo\Application Data\ViGlance
[2010/01/06 13:57:43 | 00,000,000 | ---D | C] -- C:\Program Files\ViSplore
[2010/01/06 13:57:41 | 00,000,000 | ---D | C] -- C:\Program Files\ViStart(2)
[2010/01/06 13:57:40 | 00,000,000 | ---D | C] -- C:\Program Files\Vista Rainbar
[2010/01/06 13:57:40 | 00,000,000 | ---D | C] -- C:\Program Files\ViGlance
[2010/01/06 13:57:39 | 00,000,000 | ---D | C] -- C:\Program Files\Vista Drive Icon
[2009/12/28 14:48:07 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2008/08/15 17:15:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/12/01 00:06:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/11/24 01:10:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/08/23 11:29:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
[2010/01/20 21:48:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/20 13:35:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/20 13:34:42 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\ngo\ntuser.ini
[2010/01/20 13:34:41 | 09,961,472 | ---- | M] () -- C:\Documents and Settings\ngo\ntuser.dat
[2010/01/20 13:13:00 | 04,314,324 | -H-- | M] () -- C:\Documents and Settings\ngo\Local Settings\Application Data\IconCache.db
[2010/01/20 12:59:50 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/14 13:13:13 | 00,000,687 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
[2010/01/14 12:11:20 | 00,000,000 | -HS- | M] () -- C:\WINDOWS\nvDrv.sy
[2010/01/13 21:54:15 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/13 21:53:22 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 23:25:17 | 00,356,203 | ---- | M] () -- C:\Documents and Settings\ngo\My Documents\Burnt_By_Summer_by_Eresh_Kigal.jpg
[2010/01/06 14:31:32 | 00,078,942 | ---- | M] () -- C:\WINDOWS\Icon_9.ico
[2009/12/22 22:05:08 | 00,000,262 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
[2010/01/14 00:34:46 | 00,000,687 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
[2010/01/13 21:53:22 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/06 23:25:14 | 00,356,203 | ---- | C] () -- C:\Documents and Settings\ngo\My Documents\Burnt_By_Summer_by_Eresh_Kigal.jpg
[2010/01/06 14:36:11 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\LClock.cpl
[2010/01/06 14:36:10 | 00,049,208 | ---- | C] () -- C:\WINDOWS\System32\vistartup.bmp
[2010/01/06 14:31:32 | 00,078,942 | ---- | C] () -- C:\WINDOWS\Icon_9.ico
[2010/01/02 23:04:32 | 09,961,472 | ---- | C] () -- C:\Documents and Settings\ngo\ntuser.dat
[2009/12/28 14:25:30 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\nvDrv.sy
[2009/12/15 20:54:46 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/09/07 21:01:37 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2008/09/21 14:57:24 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/08/30 21:11:56 | 00,000,211 | ---- | C] () -- C:\WINDOWS\Exorcist.INI
[2008/08/15 17:16:31 | 00,870,128 | ---- | C] () -- C:\Documents and Settings\ngo\Application Data\mcs.rma
[2008/08/15 17:16:31 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\ngo\Application Data\E5503F
[2007/11/24 22:37:50 | 00,356,352 | ---- | C] () -- C:\WINDOWS\System32\p3max.dll
[2007/11/24 13:50:37 | 00,000,024 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2007/10/27 21:23:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2007/10/27 21:18:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2007/06/06 15:13:45 | 00,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2006/11/26 20:52:06 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CC_SETUP.ini
[2006/05/23 15:54:35 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\ngo\Local Settings\Application Data\fusioncache.dat
[2005/10/14 01:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 01:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 01:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 01:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 01:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 01:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/10/14 01:56:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005/08/24 22:48:10 | 00,000,067 | ---- | C] () -- C:\WINDOWS\IDMan.INI
[2005/08/18 13:29:54 | 00,002,638 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/08/16 15:30:27 | 00,000,171 | ---- | C] () -- C:\WINDOWS\System Updat Tool.INI
[2005/04/02 18:52:57 | 00,000,238 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2005/01/22 20:21:49 | 00,000,729 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/01/06 16:02:43 | 00,000,023 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll
[2005/01/06 16:01:52 | 00,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2004/11/29 21:04:14 | 00,000,457 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2004/11/21 14:55:50 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/15 15:36:27 | 00,098,304 | ---- | C] () -- C:\Documents and Settings\ngo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/11/11 17:23:13 | 00,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/11/09 19:27:07 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/11/08 17:13:03 | 00,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2004/11/08 17:10:39 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2004/11/08 17:10:18 | 00,002,652 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2004/11/08 17:06:07 | 00,000,454 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2004/11/08 17:06:07 | 00,000,310 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2004/11/08 17:06:07 | 00,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2004/11/08 17:04:05 | 00,000,806 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2004/11/08 12:36:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/08/23 12:31:52 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/23 11:30:57 | 00,000,806 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/23 11:13:58 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2004/08/23 11:13:47 | 00,001,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/12 08:19:42 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/07/05 06:12:06 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\authdvd.dll
[2002/01/08 16:57:34 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
< End of report >
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.11
1/20/2010 10:00:47 PM
mbam-log-2010-01-20 (22-00-47).txt
Scan type: Quick Scan
Objects scanned: 112347
Time elapsed: 9 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
And this is the OTL.txt:
OTL logfile created on: 1/20/2010 10:10:05 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = F:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
479.00 Mb Total Physical Memory | 261.00 Mb Available Physical Memory | 54.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 103.96 Gb Free Space | 69.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 120.73 Mb Total Space | 42.80 Mb Free Space | 35.45% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MY-COMPUTER
Current User Name: ngo
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
PRC - [2010/01/21 13:29:40 | 00,547,328 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2007/06/13 02:23:08 | 01,423,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/30 04:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
MOD - [2010/01/21 13:29:40 | 00,547,328 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2006/08/25 07:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [On_Demand | Stopped] -- -- (ose)
SRV - [2009/09/04 12:17:00 | 00,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 12:16:54 | 05,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/09/04 12:16:54 | 00,058,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/01/26 14:13:52 | 00,303,104 | ---- | M] (Motive Communications, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/05/30 04:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
SRV - [2005/05/17 14:40:42 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2002/04/12 00:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) [Auto | Stopped] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
DRV - [2009/09/01 23:28:46 | 00,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2009/01/26 14:13:41 | 00,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/26 14:13:39 | 00,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/06/08 19:59:19 | 00,163,712 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\vidstub.sys -- (BootScreen)
DRV - [2007/05/30 04:10:42 | 00,011,000 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver)
DRV - [2007/05/30 04:10:42 | 00,010,872 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
DRV - [2007/04/14 16:01:30 | 00,062,592 | ---- | M] (Chic Tech.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2007/04/09 08:56:22 | 00,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 08:55:08 | 00,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 08:53:24 | 00,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/03/07 15:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2006/11/02 06:00:08 | 00,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2004/10/31 08:19:31 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/10/09 01:51:08 | 00,503,507 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0080Dev.sys -- (V0080Dev)
DRV - [2004/08/04 04:00:00 | 00,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 04:00:00 | 00,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2004/08/04 04:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/03 22:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/02 08:32:48 | 00,073,600 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\viamraid.sys -- (viamraid)
DRV - [2004/08/02 08:32:46 | 00,818,496 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda)
DRV - [2004/08/02 08:32:46 | 00,149,120 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx)
DRV - [2004/02/04 09:27:56 | 00,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2003/07/02 01:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/03/31 10:29:00 | 00,625,537 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/01/09 20:13:16 | 00,236,981 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr.sys -- (WinDriver)
DRV - [2002/10/02 01:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2002/02/19 16:02:54 | 00,007,157 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\porttalk.sys -- (PortTalk)
DRV - [2001/10/18 09:00:00 | 00,006,234 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaide.sys -- (ViaIde)
DRV - [2001/08/23 05:03:54 | 00,025,434 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2001/08/17 13:12:22 | 00,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 13:12:20 | 00,060,416 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM)
DRV - [2001/08/17 13:12:20 | 00,011,008 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2001/08/17 13:12:12 | 00,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [1999/09/10 03:06:00 | 00,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en&source=iglk
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=\"#E56717\"]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/13 21:32:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/13 21:32:13 | 00,000,000 | ---D | M]
[2008/09/13 20:13:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngo\Application Data\Mozilla\Extensions
[2010/01/13 21:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngo\Application Data\Mozilla\Firefox\Profiles\h1ooj7gl.default\extensions
[2008/09/20 23:10:17 | 00,000,000 | ---D | M] (Azerty III) -- C:\Documents and Settings\ngo\Application Data\Mozilla\Firefox\Profiles\h1ooj7gl.default\extensions\{04CA07AB-7FC3-4110-A83F-EF1E6B75D5B0}
[2008/09/20 23:12:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngo\Application Data\Mozilla\Firefox\Profiles\h1ooj7gl.default\extensions\CrystalFox_Qute@BigRedBrent
[2006/03/07 20:29:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngo\Application Data\Mozilla\Firefox\Profiles\h1ooj7gl.default\extensions\temp
[2008/02/17 11:25:27 | 00,001,877 | ---- | M] () -- C:\Documents and Settings\ngo\Application Data\Mozilla\Firefox\Profiles\h1ooj7gl.default\searchplugins\aolsearch.xml
[2010/01/13 21:13:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2008/08/02 18:33:55 | 00,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\moffice.exe ()
O4 - HKLM..\Run: [Glass2k] C:\Documents and Settings\ngo\My Documents\Downloads\Glass2k.exe (Chime Softwares)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe ( )
O4 - HKCU..\Run: [EPSON WorkForce 500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [twunk_32x.exe] C:\DOCUME~1\ngo\LOCALS~1\Temp\twunk_32x.exe File not found
O4 - HKCU..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe (Lee-Soft.com)
O4 - HKCU..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe (Lee Matthew Chantrey & Windows X)
O4 - Startup: C:\Documents and Settings\Anh Pham\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 84 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0B96BF84-DA5C-46F4-A7FC-5319CFF74163} http://player.mnet.com/package/cjmuset.cab (MnetLauncher Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} http://www.mnet.com/Ver2/App/totalApp/maxh...r/maxhelper.cab (MaxHelper Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} http://live.pdbox.co.kr:8057/AFCStarter.cab (AFCStarter Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (vistaui.exe) - C:\WINDOWS\System32\vistaui.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\ngo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ngo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
[2010/01/14 22:23:47 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/01/14 21:26:44 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\ngo\Recent
[2010/01/14 00:34:43 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/14 00:34:39 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/14 00:34:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/13 22:59:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ngo\Application Data\Grisoft
[2010/01/13 22:59:12 | 00,010,872 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgAsCln.sys
[2010/01/13 22:59:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/01/13 22:59:07 | 00,000,000 | ---D | C] -- C:\Program Files\Grisoft
[2010/01/12 15:58:49 | 00,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/06 14:36:13 | 00,000,000 | ---D | C] -- C:\Program Files\VisualTooltip
[2010/01/06 14:36:13 | 00,000,000 | ---D | C] -- C:\Program Files\ViStart
[2010/01/06 14:36:13 | 00,000,000 | ---D | C] -- C:\Program Files\ViOrb
[2010/01/06 14:36:11 | 00,000,000 | ---D | C] -- C:\Program Files\Vista Sidebar
[2010/01/06 14:36:10 | 06,181,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vistaui.exe
[2010/01/06 14:36:10 | 00,000,000 | ---D | C] -- C:\Program Files\LClock
[2010/01/06 14:23:11 | 00,000,000 | ---D | C] -- C:\Program Files\Red Kawa
[2010/01/06 14:23:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ngo\Application Data\Red Kawa
[2010/01/06 13:59:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ngo\Application Data\ViGlance
[2010/01/06 13:57:43 | 00,000,000 | ---D | C] -- C:\Program Files\ViSplore
[2010/01/06 13:57:41 | 00,000,000 | ---D | C] -- C:\Program Files\ViStart(2)
[2010/01/06 13:57:40 | 00,000,000 | ---D | C] -- C:\Program Files\Vista Rainbar
[2010/01/06 13:57:40 | 00,000,000 | ---D | C] -- C:\Program Files\ViGlance
[2010/01/06 13:57:39 | 00,000,000 | ---D | C] -- C:\Program Files\Vista Drive Icon
[2009/12/28 14:48:07 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2008/08/15 17:15:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/12/01 00:06:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/11/24 01:10:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/08/23 11:29:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
[2010/01/20 21:48:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/20 13:35:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/20 13:34:42 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\ngo\ntuser.ini
[2010/01/20 13:34:41 | 09,961,472 | ---- | M] () -- C:\Documents and Settings\ngo\ntuser.dat
[2010/01/20 13:13:00 | 04,314,324 | -H-- | M] () -- C:\Documents and Settings\ngo\Local Settings\Application Data\IconCache.db
[2010/01/20 12:59:50 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/14 13:13:13 | 00,000,687 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
[2010/01/14 12:11:20 | 00,000,000 | -HS- | M] () -- C:\WINDOWS\nvDrv.sy
[2010/01/13 21:54:15 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/13 21:53:22 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 23:25:17 | 00,356,203 | ---- | M] () -- C:\Documents and Settings\ngo\My Documents\Burnt_By_Summer_by_Eresh_Kigal.jpg
[2010/01/06 14:31:32 | 00,078,942 | ---- | M] () -- C:\WINDOWS\Icon_9.ico
[2009/12/22 22:05:08 | 00,000,262 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
[2010/01/14 00:34:46 | 00,000,687 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
[2010/01/13 21:53:22 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/06 23:25:14 | 00,356,203 | ---- | C] () -- C:\Documents and Settings\ngo\My Documents\Burnt_By_Summer_by_Eresh_Kigal.jpg
[2010/01/06 14:36:11 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\LClock.cpl
[2010/01/06 14:36:10 | 00,049,208 | ---- | C] () -- C:\WINDOWS\System32\vistartup.bmp
[2010/01/06 14:31:32 | 00,078,942 | ---- | C] () -- C:\WINDOWS\Icon_9.ico
[2010/01/02 23:04:32 | 09,961,472 | ---- | C] () -- C:\Documents and Settings\ngo\ntuser.dat
[2009/12/28 14:25:30 | 00,000,000 | -HS- | C] () -- C:\WINDOWS\nvDrv.sy
[2009/12/15 20:54:46 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/09/07 21:01:37 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2008/09/21 14:57:24 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/08/30 21:11:56 | 00,000,211 | ---- | C] () -- C:\WINDOWS\Exorcist.INI
[2008/08/15 17:16:31 | 00,870,128 | ---- | C] () -- C:\Documents and Settings\ngo\Application Data\mcs.rma
[2008/08/15 17:16:31 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\ngo\Application Data\E5503F
[2007/11/24 22:37:50 | 00,356,352 | ---- | C] () -- C:\WINDOWS\System32\p3max.dll
[2007/11/24 13:50:37 | 00,000,024 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2007/10/27 21:23:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2007/10/27 21:18:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2007/06/06 15:13:45 | 00,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2006/11/26 20:52:06 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CC_SETUP.ini
[2006/05/23 15:54:35 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\ngo\Local Settings\Application Data\fusioncache.dat
[2005/10/14 01:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 01:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 01:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 01:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 01:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 01:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/10/14 01:56:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005/08/24 22:48:10 | 00,000,067 | ---- | C] () -- C:\WINDOWS\IDMan.INI
[2005/08/18 13:29:54 | 00,002,638 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/08/16 15:30:27 | 00,000,171 | ---- | C] () -- C:\WINDOWS\System Updat Tool.INI
[2005/04/02 18:52:57 | 00,000,238 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2005/01/22 20:21:49 | 00,000,729 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/01/06 16:02:43 | 00,000,023 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll
[2005/01/06 16:01:52 | 00,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2004/11/29 21:04:14 | 00,000,457 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2004/11/21 14:55:50 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/15 15:36:27 | 00,098,304 | ---- | C] () -- C:\Documents and Settings\ngo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/11/11 17:23:13 | 00,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/11/09 19:27:07 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/11/08 17:13:03 | 00,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2004/11/08 17:10:39 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2004/11/08 17:10:18 | 00,002,652 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2004/11/08 17:06:07 | 00,000,454 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2004/11/08 17:06:07 | 00,000,310 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2004/11/08 17:06:07 | 00,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2004/11/08 17:04:05 | 00,000,806 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2004/11/08 12:36:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/08/23 12:31:52 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/23 11:30:57 | 00,000,806 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/23 11:13:58 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2004/08/23 11:13:47 | 00,001,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/12 08:19:42 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/07/05 06:12:06 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\authdvd.dll
[2002/01/08 16:57:34 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
< End of report >
11
Tech Clinic / Rootkit.TDSS
« on: January 20, 2010, 04:38:53 PM »
I am unable to remove this malware from my computer. I have tried Malwarebytes but it does not work. I looked it up and it seems to be a dangerous infection so I really would appreciate any help, for I do not want to do a full system recovery. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'
\' />
Thank you in advance.
\' /> Thank you in advance.
12
Tech Clinic / Computer laaagss
« on: June 10, 2008, 07:43:22 PM »
The problem is still there http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'\' /> it still freezes every 30 sec for so.... As for the scan, it still has 3 malware until it froze at msobmain.dll, and after that, the program quit responding.
\' /> it still freezes every 30 sec for so.... As for the scan, it still has 3 malware until it froze at msobmain.dll, and after that, the program quit responding.
13
Tech Clinic / Computer laaagss
« on: June 09, 2008, 08:45:04 PM »
I'm connected by wire. This problem wasn't here before until after I installed Google Earth. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wacko.gif\' class=\'bbc_emoticon\' alt=\':wacko:\' />
14
Tech Clinic / Computer laaagss
« on: June 09, 2008, 05:55:27 PM »
I apologize for the late reply http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'\' /> Well... things are running well accept that my internet freezes momentarily, like every 30 sec it would freeze for a bout 5 sec and got back to normal and does it again, continuously.
\' /> Well... things are running well accept that my internet freezes momentarily, like every 30 sec it would freeze for a bout 5 sec and got back to normal and does it again, continuously.
15
Tech Clinic / Computer laaagss
« on: June 06, 2008, 06:05:22 PM »
Combofix:
ComboFix 08-05-29.1 - ngo 2008-06-06 16:00:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.227 [GMT -7:00]
Running from: C:\Documents and Settings\ngo\Desktop\ComboFix.exe
* Created a new restore point
[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\d.bat
C:\Documents and Settings\ngo\Application Data\Sskdmns.dll
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\racle~1
C:\Program Files\Common Files\racle~1\RACLE~1\ctxad-436.0000
C:\Program Files\Common Files\racle~1\RACLE~1\ctxad-436.0001
C:\Program Files\Common Files\racle~1\RACLE~1\ctxad-436.0002
C:\Program Files\Common Files\racle~1\RACLE~1\ctxad-436.0003
C:\Program Files\Common Files\racle~1\RACLE~1\ctxad-437.0000
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\simtest\svchostsys.bat
C:\Program Files\Common Files\simtest\temp.txt
C:\Program Files\snowball wars
C:\Program Files\snowball wars\License.txt
C:\Program Files\snowball wars\uninstaller.exe
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\bang-006.ico
C:\WINDOWS\system32\components
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\silc_dll.dll
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\uninst2.htm
C:\WINDOWS\unist1.htm
.
((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.
2008-06-04 22:11 . 2008-06-04 22:11 <DIR> d-------- C:\Documents and Settings\ngo\Application Data\Malwarebytes
2008-06-04 22:10 . 2008-06-04 22:10 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-04 22:10 . 2008-06-04 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 22:10 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-04 22:10 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-04 22:09 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-04 22:07 . 2008-06-04 22:09 <DIR> d-------- C:\Program Files\Java
2008-06-04 22:06 . 2008-06-04 22:06 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-04 20:21 . 2008-06-04 20:21 <DIR> d-------- C:\Program Files\Qualcomm
2008-06-04 18:44 . 2008-06-04 18:44 <DIR> d-------- C:\Deckard
2008-06-04 18:43 . 2008-06-04 18:43 <DIR> d-------- C:\Program Files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 22:59 --------- d-----w C:\Program Files\lx_cats
2008-06-06 02:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-05 04:44 --------- d-----w C:\Program Files\Viewpoint
2008-06-05 04:44 --------- d-----w C:\Documents and Settings\ngo\Application Data\Viewpoint
2008-06-05 04:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-15 04:48 --------- d-----w C:\Program Files\Google
2008-05-03 00:17 --------- d-----w C:\Documents and Settings\ngo\Application Data\AdobeUM
2008-04-24 04:02 3,143 ----a-w C:\acttmp.dat
2008-04-24 01:23 --------- d-----w C:\Program Files\BroadJump
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2004-11-30 05:04 457 -c--a-w C:\Program Files\INSTALL.LOG
1999-07-07 00:00 6 -csh--r C:\WINDOWS\@@desktop.dat
1999-07-07 00:00 6 -csh--r C:\WINDOWS\@[email protected]
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"Aim6"="" []
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 17:34 128000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"VTTimer"="VTTimer.exe" [2004-08-02 09:32 49152 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2004-08-02 09:32 143360 C:\WINDOWS\system32\VTTrayp.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-14 17:59 70816]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [2006-01-25 09:02 286720]
"EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [2006-02-06 22:10 98304]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 01:11 290816]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 02:27 65536]
"FLMOFFICE4DMOUSE"="C:\Program Files\Browser Mouse\moffice.exe" [2007-04-14 17:01 806912]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 15:22 35328]
"Glass2k"="C:\Documents and Settings\ngo\My Documents\Downloads\Glass2k.exe" [2007-04-05 18:24 56325]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2005-12-01 11:38 65536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-08 17:50:39 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.avrn"= AvidAVICodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo Scheduler server.lnk
backup=C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Instant Messanger]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]
--a------ 2007-04-05 18:24 56325 C:\Documents and Settings\ngo\My Documents\Downloads\Glass2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2002-08-12 11:07 36864 C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2002-08-12 10:33 45108 C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\WINDOWS\\system32\\P3MxSvr.exe"=
"C:\\WINDOWS\\system32\\p3mxvsvr.exe"=
"C:\\WINDOWS\\system32\\mnetasvr.exe"=
"C:\\WINDOWS\\system32\\mnetvsvr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:UDP"= 5000:UDP:Yahoo Voice
R3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 12:23]
R3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2007-04-14 17:01]
R3 WinDriver;WinDriver Kernel Module;C:\WINDOWS\system32\Drivers\windrvr.sys [2003-01-09 21:13]
S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 14:12]
S3 BrSerWDM;Brother Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2001-08-17 14:12]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys [2001-08-17 14:12]
S3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINDOWS\system32\Drivers\BrUsbScn.sys [2001-08-17 14:12]
S3 V0080Dev;Creative Camera VF0080 Driver;C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2004-10-09 02:51]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fc5cbdc-180e-11dc-afd8-00e04cce355a}]
\Shell\AutoRun\command - G:\Autorun.exe /run
\Shell\Shell00\Command - G:\Autorun.exe /run
\Shell\Shell01\Command - G:\Autorun.exe /action
\Shell\Shell02\Command - G:\Autorun.exe /uninstall
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 03:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\Navw32.exe
"2006-07-03 03:26:29 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-03-23 00:11:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
"2007-04-28 00:02:06 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 16:02:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCYCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16?
?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-06 16:05:35
ComboFix-quarantined-files.txt 2008-06-06 23:05:06
Pre-Run: 127,117,750,272 bytes free
Post-Run: 127,105,859,584 bytes free
182 --- E O F --- 2008-05-28 04:15:48
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:34 PM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Browser Mouse\moffice.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Browser Mouse\MOUSE32A.DAT
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\moffice.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Glass2k] C:\Documents and Settings\ngo\My Documents\Downloads\Glass2k.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0B96BF84-DA5C-46F4-A7FC-5319CFF74163} (MnetLauncher Control) - http://player.mnet.com/package/cjmuset.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} (MaxHelper Control) - http://www.mnet.com/Ver2/App/totalApp/maxh...r/maxhelper.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} (AFCStarter Control) - http://live.pdbox.co.kr:8057/AFCStarter.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 8364 bytes
ComboFix 08-05-29.1 - ngo 2008-06-06 16:00:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.227 [GMT -7:00]
Running from: C:\Documents and Settings\ngo\Desktop\ComboFix.exe
* Created a new restore point
[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\d.bat
C:\Documents and Settings\ngo\Application Data\Sskdmns.dll
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\racle~1
C:\Program Files\Common Files\racle~1\RACLE~1\ctxad-436.0000
C:\Program Files\Common Files\racle~1\RACLE~1\ctxad-436.0001
C:\Program Files\Common Files\racle~1\RACLE~1\ctxad-436.0002
C:\Program Files\Common Files\racle~1\RACLE~1\ctxad-436.0003
C:\Program Files\Common Files\racle~1\RACLE~1\ctxad-437.0000
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\simtest\svchostsys.bat
C:\Program Files\Common Files\simtest\temp.txt
C:\Program Files\snowball wars
C:\Program Files\snowball wars\License.txt
C:\Program Files\snowball wars\uninstaller.exe
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\bang-006.ico
C:\WINDOWS\system32\components
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\silc_dll.dll
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\uninst2.htm
C:\WINDOWS\unist1.htm
.
((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.
2008-06-04 22:11 . 2008-06-04 22:11 <DIR> d-------- C:\Documents and Settings\ngo\Application Data\Malwarebytes
2008-06-04 22:10 . 2008-06-04 22:10 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-04 22:10 . 2008-06-04 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 22:10 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-04 22:10 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-04 22:09 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-04 22:07 . 2008-06-04 22:09 <DIR> d-------- C:\Program Files\Java
2008-06-04 22:06 . 2008-06-04 22:06 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-04 20:21 . 2008-06-04 20:21 <DIR> d-------- C:\Program Files\Qualcomm
2008-06-04 18:44 . 2008-06-04 18:44 <DIR> d-------- C:\Deckard
2008-06-04 18:43 . 2008-06-04 18:43 <DIR> d-------- C:\Program Files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 22:59 --------- d-----w C:\Program Files\lx_cats
2008-06-06 02:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-05 04:44 --------- d-----w C:\Program Files\Viewpoint
2008-06-05 04:44 --------- d-----w C:\Documents and Settings\ngo\Application Data\Viewpoint
2008-06-05 04:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-15 04:48 --------- d-----w C:\Program Files\Google
2008-05-03 00:17 --------- d-----w C:\Documents and Settings\ngo\Application Data\AdobeUM
2008-04-24 04:02 3,143 ----a-w C:\acttmp.dat
2008-04-24 01:23 --------- d-----w C:\Program Files\BroadJump
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2004-11-30 05:04 457 -c--a-w C:\Program Files\INSTALL.LOG
1999-07-07 00:00 6 -csh--r C:\WINDOWS\@@desktop.dat
1999-07-07 00:00 6 -csh--r C:\WINDOWS\@[email protected]
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"Aim6"="" []
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 17:34 128000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"VTTimer"="VTTimer.exe" [2004-08-02 09:32 49152 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2004-08-02 09:32 143360 C:\WINDOWS\system32\VTTrayp.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-14 17:59 70816]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [2006-01-25 09:02 286720]
"EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [2006-02-06 22:10 98304]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 01:11 290816]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 02:27 65536]
"FLMOFFICE4DMOUSE"="C:\Program Files\Browser Mouse\moffice.exe" [2007-04-14 17:01 806912]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 15:22 35328]
"Glass2k"="C:\Documents and Settings\ngo\My Documents\Downloads\Glass2k.exe" [2007-04-05 18:24 56325]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2005-12-01 11:38 65536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-08 17:50:39 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.avrn"= AvidAVICodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo Scheduler server.lnk
backup=C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Instant Messanger]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]
--a------ 2007-04-05 18:24 56325 C:\Documents and Settings\ngo\My Documents\Downloads\Glass2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2002-08-12 11:07 36864 C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2002-08-12 10:33 45108 C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\WINDOWS\\system32\\P3MxSvr.exe"=
"C:\\WINDOWS\\system32\\p3mxvsvr.exe"=
"C:\\WINDOWS\\system32\\mnetasvr.exe"=
"C:\\WINDOWS\\system32\\mnetvsvr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:UDP"= 5000:UDP:Yahoo Voice
R3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 12:23]
R3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2007-04-14 17:01]
R3 WinDriver;WinDriver Kernel Module;C:\WINDOWS\system32\Drivers\windrvr.sys [2003-01-09 21:13]
S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 14:12]
S3 BrSerWDM;Brother Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2001-08-17 14:12]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys [2001-08-17 14:12]
S3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINDOWS\system32\Drivers\BrUsbScn.sys [2001-08-17 14:12]
S3 V0080Dev;Creative Camera VF0080 Driver;C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2004-10-09 02:51]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fc5cbdc-180e-11dc-afd8-00e04cce355a}]
\Shell\AutoRun\command - G:\Autorun.exe /run
\Shell\Shell00\Command - G:\Autorun.exe /run
\Shell\Shell01\Command - G:\Autorun.exe /action
\Shell\Shell02\Command - G:\Autorun.exe /uninstall
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 03:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\Navw32.exe
"2006-07-03 03:26:29 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-03-23 00:11:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
"2007-04-28 00:02:06 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 16:02:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCYCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16?
? scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-06 16:05:35
ComboFix-quarantined-files.txt 2008-06-06 23:05:06
Pre-Run: 127,117,750,272 bytes free
Post-Run: 127,105,859,584 bytes free
182 --- E O F --- 2008-05-28 04:15:48
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:34 PM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Browser Mouse\moffice.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Browser Mouse\MOUSE32A.DAT
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\moffice.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Glass2k] C:\Documents and Settings\ngo\My Documents\Downloads\Glass2k.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0B96BF84-DA5C-46F4-A7FC-5319CFF74163} (MnetLauncher Control) - http://player.mnet.com/package/cjmuset.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} (MaxHelper Control) - http://www.mnet.com/Ver2/App/totalApp/maxh...r/maxhelper.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} (AFCStarter Control) - http://live.pdbox.co.kr:8057/AFCStarter.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 8364 bytes
16
Tech Clinic / Computer laaagss
« on: June 05, 2008, 09:37:22 PM »
OK. I ran the MBAM program 3 times and each time, it would stop/freeze at system32 msobmain.dll. It also found 5 files infected [but it actually found 7 until the msobmain.dll but I aborted the scan to get rid of the 5] and I removed them, however, my computer did now improve.
Here is the log of the files I removed:
Malwarebytes' Anti-Malware 1.14
Database version: 826
7:37:29 PM 6/5/2008
mbam-log-6-5-2008 (19-37-29).txt
Scan type: Full Scan (C:\|)
Objects scanned: 14347
Time elapsed: 3 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
And Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:31 PM, on 6/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Browser Mouse\moffice.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Browser Mouse\MOUSE32A.DAT
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\moffice.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Glass2k] C:\Documents and Settings\ngo\My Documents\Downloads\Glass2k.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0B96BF84-DA5C-46F4-A7FC-5319CFF74163} (MnetLauncher Control) - http://player.mnet.com/package/cjmuset.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} (MaxHelper Control) - http://www.mnet.com/Ver2/App/totalApp/maxh...r/maxhelper.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} (AFCStarter Control) - http://live.pdbox.co.kr:8057/AFCStarter.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 8331 bytes
Here is the log of the files I removed:
Malwarebytes' Anti-Malware 1.14
Database version: 826
7:37:29 PM 6/5/2008
mbam-log-6-5-2008 (19-37-29).txt
Scan type: Full Scan (C:\|)
Objects scanned: 14347
Time elapsed: 3 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
And Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:31 PM, on 6/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Browser Mouse\moffice.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Browser Mouse\MOUSE32A.DAT
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\moffice.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Glass2k] C:\Documents and Settings\ngo\My Documents\Downloads\Glass2k.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0B96BF84-DA5C-46F4-A7FC-5319CFF74163} (MnetLauncher Control) - http://player.mnet.com/package/cjmuset.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} (MaxHelper Control) - http://www.mnet.com/Ver2/App/totalApp/maxh...r/maxhelper.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} (AFCStarter Control) - http://live.pdbox.co.kr:8057/AFCStarter.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 8331 bytes
17
Tech Clinic / Computer laaagss
« on: June 04, 2008, 08:48:01 PM »
Here are the files:
main.txt:
Deckard's System Scanner v20071014.68
Run by ngo on 2008-06-04 18:44:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
24: 2008-06-05 01:44:58 UTC - RP176 - Deckard's System Scanner Restore Point
23: 2008-05-31 06:29:41 UTC - RP175 - Installed Windows Media Player 10
22: 2008-05-29 05:18:38 UTC - RP174 - System Checkpoint
21: 2008-05-28 04:14:54 UTC - RP173 - Software Distribution Service 3.0
20: 2008-05-24 18:33:57 UTC - RP172 - System Checkpoint
-- First Restore Point --
1: 2008-03-01 01:03:20 UTC - RP153 - Software Distribution Service 3.0
Backed up registry hives.
Performed disk cleanup.
[color=\"red\"]Total Physical Memory: 480 MiB (512 MiB recommended).[/color]
-- HijackThis (run as ngo.exe) -------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:02 PM, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Browser Mouse\moffice.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Browser Mouse\MOUSE32A.DAT
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\ngo\Desktop\dss.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ngo.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\moffice.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Glass2k] C:\Documents and Settings\ngo\My Documents\Downloads\Glass2k.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0B96BF84-DA5C-46F4-A7FC-5319CFF74163} (MnetLauncher Control) - http://player.mnet.com/package/cjmuset.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} (MaxHelper Control) - http://www.mnet.com/Ver2/App/totalApp/maxh...r/maxhelper.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} (AFCStarter Control) - http://live.pdbox.co.kr:8057/AFCStarter.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - \
--
End of file - 8926 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 WinDriver (WinDriver Kernel Module) - c:\windows\system32\drivers\windrvr.sys <Not Verified; Jungo; WinDriver Device Driver>
S0 BootScreen - c:\windows\\systemroot\system32\drivers\vidstub.sys (file missing)
S3 npkcrypt - c:\program files\softnyx\gunbound\npkcrypt.sys (file missing)
S3 sscdbus (SAMSUNG USB Composite Device driver (WDM)) - c:\windows\system32\drivers\sscdbus.sys <Not Verified; MCCI; SAMSUNG USB Composite Device>
S3 sscdmdfl (SAMSUNG CDMA Modem Filter) - c:\windows\system32\drivers\sscdmdfl.sys <Not Verified; MCCI; SAMSUNG CDMA Modem Filter Driver>
S3 sscdmdm (SAMSUNG CDMA Modem Drivers) - c:\windows\system32\drivers\sscdmdm.sys <Not Verified; MCCI; SAMSUNG CDMA Modem>
S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-05-02 20:00:00 526 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
2008-03-22 17:11:00 262 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-04-27 17:02:06 380 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
2006-07-02 20:26:29 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
-- Files created between 2008-05-04 and 2008-06-04 -----------------------------
2008-06-04 18:43:11 0 d-------- C:\Program Files\Trend Micro
2008-06-03 19:52:41 0 dr-h----- C:\Documents and Settings\ngo\Recent
2008-05-14 18:56:56 0 d-------- C:\Documents and Settings\ngo\Application Data\Google
-- Find3M Report ---------------------------------------------------------------
2008-05-28 07:19:26 0 d-------- C:\Program Files\lx_cats
2008-05-14 21:48:37 0 d-------- C:\Program Files\Google
2008-05-14 18:59:30 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-02 17:17:19 0 d-------- C:\Documents and Settings\ngo\Application Data\AdobeUM
2008-04-23 21:02:12 3143 --a------ C:\acttmp.dat
2008-04-23 18:23:54 0 d-------- C:\Program Files\BroadJump
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"VTTimer"="VTTimer.exe" [08/02/2004 09:32 AM C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [08/02/2004 09:32 AM C:\WINDOWS\system32\VTTrayp.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/14/2003 05:59 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 05:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 05:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:00 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [01/25/2006 09:02 AM]
"EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [02/06/2006 10:10 PM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [02/02/2006 01:11 AM]
"LClock"="C:\Program Files\LClock\LClock.exe" [09/20/2004 02:27 AM]
"FLMOFFICE4DMOUSE"="C:\Program Files\Browser Mouse\moffice.exe" [04/14/2007 05:01 PM]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [04/26/2004 04:21 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [05/14/2007 03:22 PM]
"Glass2k"="C:\Documents and Settings\ngo\My Documents\Downloads\Glass2k.exe" [04/05/2007 06:24 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 09:26 PM]
"LXCYCATS"="C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [12/01/2005 11:38 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"Aim6"="" []
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [01/19/2005 05:34 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo Scheduler server.lnk
backup=C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Instant Messanger]
aim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]
C:\Documents and Settings\ngo\My Documents\Downloads\Glass2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fc5cbdc-180e-11dc-afd8-00e04cce355a}]
AutoRun\command- G:\Autorun.exe /run
Shell00\Command- G:\Autorun.exe /run
Shell01\Command- G:\Autorun.exe /action
Shell02\Command- G:\Autorun.exe /uninstall
-- End of Deckard's System Scanner: finished at 2008-06-04 18:50:35 ------------
extra. txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 479.48 MiB / 196.69 MiB
Pagefile Memory (total/avail): 1122.13 MiB / 898.25 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.76 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 149.04 GiB total, 118.44 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
\\.\PHYSICALDRIVE0 - SAMSUNG SP1604N - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - C:
\\.\PHYSICALDRIVE1 - Lexmark USB Mass Storage USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: Norton AntiVirus v2004 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\ICQ\\Icq.exe"="C:\\Program Files\\ICQ\\Icq.exe:*:Disabled:ICQ"
"C:\\Program Files\\LimeWire\\LimeWire 4.2.6\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire 4.2.6\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\\Program Files\\softnyx\\GunBound\\GunBound.exe"="C:\\Program Files\\softnyx\\GunBound\\GunBound.exe:*:Disabled:GunBound Startup Application"
"C:\\Program Files\\softnyx\\GunBound\\GunBound.gme"="C:\\Program Files\\softnyx\\GunBound\\GunBound.gme:*:Disabled:GunBound"
"C:\\Documents and Settings\\ngo\\Local Settings\\Temp\\~os47.tmp\\ossproxy.exe"="C:\\Documents and Settings\\ngo\\Local Settings\\Temp\\~os47.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Synapse\\synapse.exe"="C:\\Program Files\\Synapse\\synapse.exe:*:Disabled:Synapse Media Player"
"C:\\WINDOWS\\system32\\aim.exe"="C:\\WINDOWS\\system32\\aim.exe:*:Disabled:aim"
"C:\\Documents and Settings\\ngo\\Local Settings\\Temp\\~os4.tmp\\ossproxy.exe"="C:\\Documents and Settings\\ngo\\Local Settings\\Temp\\~os4.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\sysreset\\mirc.exe"="C:\\sysreset\\mirc.exe:*:Enabled:mIRC"
"c:\\Documents and Settings\\ngo\\Local Settings\\Temp\\~os3.tmp\\ossproxy.exe"="c:\\Documents and Settings\\ngo\\Local Settings\\Temp\\~os3.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"c:\\Documents and Settings\\ngo\\Local Settings\\Temp\\~os2.tmp\\ossproxy.exe"="c:\\Documents and Settings\\ngo\\Local Settings\\Temp\\~os2.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\ngo\\Local Settings\\Temp\\~os9.tmp\\ossproxy.exe"="C:\\Documents and Settings\\ngo\\Local Settings\\Temp\\~os9.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\AIM\\AIM95_c2\\aim.exe"="C:\\Program Files\\AIM\\AIM95_c2\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\AIM\\AIM95_c3\\aim.exe"="C:\\Program Files\\AIM\\AIM95_c3\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\AIM\\AIM95_c1\\aim.exe"="C:\\Program Files\\AIM\\AIM95_c1\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\AIM\\AIM95_c0\\aim.exe"="C:\\Program Files\\AIM\\AIM95_c0\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Disabled:LastFM"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\GRETECH\\GomPlayer\\GOM.exe"="C:\\Program Files\\GRETECH\\GomPlayer\\GOM.exe:*:Enabled:GOM Player"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\WINDOWS\\system32\\P3MxSvr.exe"="C:\\WINDOWS\\system32\\P3MxSvr.exe:*:Enabled:Maxmp3 AoD Control"
"C:\\WINDOWS\\system32\\p3mxvsvr.exe"="C:\\WINDOWS\\system32\\p3mxvsvr.exe:*:Enabled:MAXMP3 VOD Control"
"C:\\WINDOWS\\system32\\mnetasvr.exe"="C:\\WINDOWS\\system32\\mnetasvr.exe:*:Enabled:MNet AoD Server"
"C:\\WINDOWS\\system32\\mnetvsvr.exe"="C:\\WINDOWS\\system32\\mnetvsvr.exe:*:Enabled:MNet VoD Server"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\ngo\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MY-COMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ngo
LOGONSERVER=\\MY-COMPUTER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ngo\LOCALS~1\Temp
TMP=C:\DOCUME~1\ngo\LOCALS~1\Temp
USERDOMAIN=MY-COMPUTER
USERNAME=ngo
USERPROFILE=C:\Documents and Settings\ngo
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
ngo (admin)
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Actiontec Gateway --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9692FD03-6662-4E62-B08C-30DFF51651E1}\setup.exe" -l0x9
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator CS --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
Adobe Interactive Forms Update SP1 --> MsiExec.exe /I{AC76BA86-0000-F676-9FA0-000000000603}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Anti-Leech Plugin for Internet Explorer --> C:\Program Files\Anti-Leech\ALIE_1.0.1.6\iesetup2.exe uninstall
ArcSoft Collage Creator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80FC797D-FDC4-4585-9551-E00A39274CD0}\SETUP.exe" -l0x9
ArcSoft Multimedia Email --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD54CF66-090B-43E7-97C1-110EF526474D}\SETUP.exe" -l0x9 -uninst
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC888095-A35E-4993-A9E0-366BF6F0CCE0}\SETUP.exe" -l0x9
ArcSoft VideoImpression 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1136B2B6-60BD-4D79-94E9-2E0E8C395F54}\SETUP.exe" -l0x9
BitPim 1.0.4 --> "C:\Program Files\BitPim\unins000.exe"
BitTornado 0.3.8 --> C:\Program Files\BitTornado\uninst.exe
BootSkin --> C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\UNWISE.EXE C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\INSTALL.LOG
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Browser Mouse --> C:\Program Files\Browser Mouse\uninst00.exe
C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9 /remove
Creative WebCam Live! Pro Driver (1.01.01.1011) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0080.uns -unsext NT -plugin V0080Pin.dll -pluginres V0080Pin.crl
Creative WebCam Live! Pro User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Live! Pro\Creative WebCam Live! Pro User's Guide\English\CTManual.isu"
CursorXP --> C:\Program Files\CursorXP\CurXPUtil.exe -u
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
GSpot Codec Information Appliance --> C:\Program Files\GSpot\Uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IE Help --> "C:\Program Files\se\v11\se.EXE" /R F
IIS6 Manager --> MsiExec.exe /X{3FBC5FCA-F989-4D5D-93F6-B185EEE1EC76}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment Standard Edition v1.3.1_04 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_04\Uninst.isu"
Java(tm) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(tm) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(tm) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(tm) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lexmark 3400 Series --> C:\Program Files\Lexmark 3400 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Lexmark Toolbar --> regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
LrcEdit 1.0 --> "C:\Program Files\LrcEdit\unins000.exe"
Mario Forever v 2.16 ! --> C:\Mario Forever\UnMario.exe
Microsoft AppLocale --> MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Application Compatibility Database --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP30x Tools1.0 --> "C:\Program Files\MP30x\unins000.exe"
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
Norton AntiVirus 2004 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2004 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
PaperPort 8.0 SE --> MsiExec.exe /I{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}
QCP Converter --> C:\Program Files\QCP Converter\uninstall.exe
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
S3 S3Chromo --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Chromo'
S3 S3Config3D --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Config3D'
S3 S3Display --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
S3 S3RefreshLock --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3RefreshLock'
S3 S3TrayPlus --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3TrayPlus'
Samsung A840 USB - Handset Manager V9.2 --> MsiExec.exe /I{A918DE8A-98C8-0920-0000-000000220040}
Samsung USB Driver (MCCI 4.16) --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1485ABFA-12D7-4107-9148-54EE30CDBA67}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
Synapse Media Player --> C:\Program Files\Synapse\uninstaller.exe
TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
TrustSiteX 1.0 Control --> C:\Program Files\KCP\TrustSiteX\setup.exe -ui
TVAnts 1.0 --> C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp TI-Control 0.9 --> c:\winamp\PLUGINS\unins000.exe
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xvid 1.1.2 final uninstall --> "C:\Program Files\XviD\unins001.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-- Application Event Log -------------------------------------------------------
Event Record #/Type21563 / Error
Event Submitted/Written: 05/27/2008 09:10:42 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Photoshop.exe, version 9.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type78669 / Error
Event Submitted/Written: 06/04/2008 06:46:18 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.
Event Record #/Type78646 / Error
Event Submitted/Written: 06/04/2008 06:33:52 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
viamraid
Event Record #/Type78645 / Error
Event Submitted/Written: 06/04/2008 06:33:50 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The PortTalk service failed to start due to the following error:
%%2
Event Record #/Type78619 / Error
Event Submitted/Written: 06/03/2008 06:28:03 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
viamraid
Event Record #/Type78618 / Error
Event Submitted/Written: 06/03/2008 06:28:01 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The PortTalk service failed to start due to the following error:
%%2
-- End of Deckard's System Scanner: finished at 2008-06-04 18:50:35 ------------
main.txt:
Deckard's System Scanner v20071014.68
Run by ngo on 2008-06-04 18:44:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
24: 2008-06-05 01:44:58 UTC - RP176 - Deckard's System Scanner Restore Point
23: 2008-05-31 06:29:41 UTC - RP175 - Installed Windows Media Player 10
22: 2008-05-29 05:18:38 UTC - RP174 - System Checkpoint
21: 2008-05-28 04:14:54 UTC - RP173 - Software Distribution Service 3.0
20: 2008-05-24 18:33:57 UTC - RP172 - System Checkpoint
-- First Restore Point --
1: 2008-03-01 01:03:20 UTC - RP153 - Software Distribution Service 3.0
Backed up registry hives.
Performed disk cleanup.
[color=\"red\"]Total Physical Memory: 480 MiB (512 MiB recommended).[/color]
-- HijackThis (run as ngo.exe) -------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:02 PM, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Browser Mouse\moffice.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Browser Mouse\MOUSE32A.DAT
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\ngo\Desktop\dss.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ngo.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\moffice.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Glass2k] C:\Documents and Settings\ngo\My Documents\Downloads\Glass2k.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0B96BF84-DA5C-46F4-A7FC-5319CFF74163} (MnetLauncher Control) - http://player.mnet.com/package/cjmuset.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} (MaxHelper Control) - http://www.mnet.com/Ver2/App/totalApp/maxh...r/maxhelper.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} (AFCStarter Control) - http://live.pdbox.co.kr:8057/AFCStarter.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - \
--
End of file - 8926 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 WinDriver (WinDriver Kernel Module) - c:\windows\system32\drivers\windrvr.sys <Not Verified; Jungo; WinDriver Device Driver>
S0 BootScreen - c:\windows\\systemroot\system32\drivers\vidstub.sys (file missing)
S3 npkcrypt - c:\program files\softnyx\gunbound\npkcrypt.sys (file missing)
S3 sscdbus (SAMSUNG USB Composite Device driver (WDM)) - c:\windows\system32\drivers\sscdbus.sys <Not Verified; MCCI; SAMSUNG USB Composite Device>
S3 sscdmdfl (SAMSUNG CDMA Modem Filter) - c:\windows\system32\drivers\sscdmdfl.sys <Not Verified; MCCI; SAMSUNG CDMA Modem Filter Driver>
S3 sscdmdm (SAMSUNG CDMA Modem Drivers) - c:\windows\system32\drivers\sscdmdm.sys <Not Verified; MCCI; SAMSUNG CDMA Modem>
S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-05-02 20:00:00 526 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
2008-03-22 17:11:00 262 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-04-27 17:02:06 380 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
2006-07-02 20:26:29 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
-- Files created between 2008-05-04 and 2008-06-04 -----------------------------
2008-06-04 18:43:11 0 d-------- C:\Program Files\Trend Micro
2008-06-03 19:52:41 0 dr-h----- C:\Documents and Settings\ngo\Recent
2008-05-14 18:56:56 0 d-------- C:\Documents and Settings\ngo\Application Data\Google
-- Find3M Report ---------------------------------------------------------------
2008-05-28 07:19:26 0 d-------- C:\Program Files\lx_cats
2008-05-14 21:48:37 0 d-------- C:\Program Files\Google
2008-05-14 18:59:30 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-02 17:17:19 0 d-------- C:\Documents and Settings\ngo\Application Data\AdobeUM
2008-04-23 21:02:12 3143 --a------ C:\acttmp.dat
2008-04-23 18:23:54 0 d-------- C:\Program Files\BroadJump
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"VTTimer"="VTTimer.exe" [08/02/2004 09:32 AM C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [08/02/2004 09:32 AM C:\WINDOWS\system32\VTTrayp.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/14/2003 05:59 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 05:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 05:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:00 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [01/25/2006 09:02 AM]
"EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [02/06/2006 10:10 PM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [02/02/2006 01:11 AM]
"LClock"="C:\Program Files\LClock\LClock.exe" [09/20/2004 02:27 AM]
"FLMOFFICE4DMOUSE"="C:\Program Files\Browser Mouse\moffice.exe" [04/14/2007 05:01 PM]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [04/26/2004 04:21 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [05/14/2007 03:22 PM]
"Glass2k"="C:\Documents and Settings\ngo\My Documents\Downloads\Glass2k.exe" [04/05/2007 06:24 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 09:26 PM]
"LXCYCATS"="C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [12/01/2005 11:38 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"Aim6"="" []
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [01/19/2005 05:34 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo Scheduler server.lnk
backup=C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Instant Messanger]
aim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]
C:\Documents and Settings\ngo\My Documents\Downloads\Glass2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fc5cbdc-180e-11dc-afd8-00e04cce355a}]
AutoRun\command- G:\Autorun.exe /run
Shell00\Command- G:\Autorun.exe /run
Shell01\Command- G:\Autorun.exe /action
Shell02\Command- G:\Autorun.exe /uninstall
-- End of Deckard's System Scanner: finished at 2008-06-04 18:50:35 ------------
extra. txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 479.48 MiB / 196.69 MiB
Pagefile Memory (total/avail): 1122.13 MiB / 898.25 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.76 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 149.04 GiB total, 118.44 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
\\.\PHYSICALDRIVE0 - SAMSUNG SP1604N - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - C:
\\.\PHYSICALDRIVE1 - Lexmark USB Mass Storage USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: Norton AntiVirus v2004 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\ICQ\\Icq.exe"="C:\\Program Files\\ICQ\\Icq.exe:*:Disabled:ICQ"
"C:\\Program Files\\LimeWire\\LimeWire 4.2.6\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire 4.2.6\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\\Program Files\\softnyx\\GunBound\\GunBound.exe"="C:\\Program Files\\softnyx\\GunBound\\GunBound.exe:*:Disabled:GunBound Startup Application"
"C:\\Program Files\\softnyx\\GunBound\\GunBound.gme"="C:\\Program Files\\softnyx\\GunBound\\GunBound.gme:*:Disabled:GunBound"
"C:\\Documents and Settings\\ngo\\Local Settings\\Temp\\~os47.tmp\\ossproxy.exe"="C:\\Documents and Settings\\ngo\\Local Settings\\Temp\\~os47.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Synapse\\synapse.exe"="C:\\Program Files\\Synapse\\synapse.exe:*:Disabled:Synapse Media Player"
"C:\\WINDOWS\\system32\\aim.exe"="C:\\WINDOWS\\system32\\aim.exe:*:Disabled:aim"
"C:\\Documents and Settings\\ngo\\Local Settings\\Temp\\~os4.tmp\\ossproxy.exe"="C:\\Documents and Settings\\ngo\\Local Settings\\Temp\\~os4.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\sysreset\\mirc.exe"="C:\\sysreset\\mirc.exe:*:Enabled:mIRC"
"c:\\Documents and Settings\\ngo\\Local Settings\\Temp\\~os3.tmp\\ossproxy.exe"="c:\\Documents and Settings\\ngo\\Local Settings\\Temp\\~os3.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"c:\\Documents and Settings\\ngo\\Local Settings\\Temp\\~os2.tmp\\ossproxy.exe"="c:\\Documents and Settings\\ngo\\Local Settings\\Temp\\~os2.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\ngo\\Local Settings\\Temp\\~os9.tmp\\ossproxy.exe"="C:\\Documents and Settings\\ngo\\Local Settings\\Temp\\~os9.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\AIM\\AIM95_c2\\aim.exe"="C:\\Program Files\\AIM\\AIM95_c2\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\AIM\\AIM95_c3\\aim.exe"="C:\\Program Files\\AIM\\AIM95_c3\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\AIM\\AIM95_c1\\aim.exe"="C:\\Program Files\\AIM\\AIM95_c1\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\AIM\\AIM95_c0\\aim.exe"="C:\\Program Files\\AIM\\AIM95_c0\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Disabled:LastFM"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\GRETECH\\GomPlayer\\GOM.exe"="C:\\Program Files\\GRETECH\\GomPlayer\\GOM.exe:*:Enabled:GOM Player"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\WINDOWS\\system32\\P3MxSvr.exe"="C:\\WINDOWS\\system32\\P3MxSvr.exe:*:Enabled:Maxmp3 AoD Control"
"C:\\WINDOWS\\system32\\p3mxvsvr.exe"="C:\\WINDOWS\\system32\\p3mxvsvr.exe:*:Enabled:MAXMP3 VOD Control"
"C:\\WINDOWS\\system32\\mnetasvr.exe"="C:\\WINDOWS\\system32\\mnetasvr.exe:*:Enabled:MNet AoD Server"
"C:\\WINDOWS\\system32\\mnetvsvr.exe"="C:\\WINDOWS\\system32\\mnetvsvr.exe:*:Enabled:MNet VoD Server"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\ngo\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MY-COMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ngo
LOGONSERVER=\\MY-COMPUTER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ngo\LOCALS~1\Temp
TMP=C:\DOCUME~1\ngo\LOCALS~1\Temp
USERDOMAIN=MY-COMPUTER
USERNAME=ngo
USERPROFILE=C:\Documents and Settings\ngo
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
ngo (admin)
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Actiontec Gateway --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9692FD03-6662-4E62-B08C-30DFF51651E1}\setup.exe" -l0x9
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator CS --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
Adobe Interactive Forms Update SP1 --> MsiExec.exe /I{AC76BA86-0000-F676-9FA0-000000000603}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Anti-Leech Plugin for Internet Explorer --> C:\Program Files\Anti-Leech\ALIE_1.0.1.6\iesetup2.exe uninstall
ArcSoft Collage Creator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80FC797D-FDC4-4585-9551-E00A39274CD0}\SETUP.exe" -l0x9
ArcSoft Multimedia Email --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD54CF66-090B-43E7-97C1-110EF526474D}\SETUP.exe" -l0x9 -uninst
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC888095-A35E-4993-A9E0-366BF6F0CCE0}\SETUP.exe" -l0x9
ArcSoft VideoImpression 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1136B2B6-60BD-4D79-94E9-2E0E8C395F54}\SETUP.exe" -l0x9
BitPim 1.0.4 --> "C:\Program Files\BitPim\unins000.exe"
BitTornado 0.3.8 --> C:\Program Files\BitTornado\uninst.exe
BootSkin --> C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\UNWISE.EXE C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\INSTALL.LOG
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Browser Mouse --> C:\Program Files\Browser Mouse\uninst00.exe
C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9 /remove
Creative WebCam Live! Pro Driver (1.01.01.1011) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0080.uns -unsext NT -plugin V0080Pin.dll -pluginres V0080Pin.crl
Creative WebCam Live! Pro User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Live! Pro\Creative WebCam Live! Pro User's Guide\English\CTManual.isu"
CursorXP --> C:\Program Files\CursorXP\CurXPUtil.exe -u
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
GSpot Codec Information Appliance --> C:\Program Files\GSpot\Uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IE Help --> "C:\Program Files\se\v11\se.EXE" /R F
IIS6 Manager --> MsiExec.exe /X{3FBC5FCA-F989-4D5D-93F6-B185EEE1EC76}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment Standard Edition v1.3.1_04 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_04\Uninst.isu"
Java(tm) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(tm) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(tm) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(tm) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lexmark 3400 Series --> C:\Program Files\Lexmark 3400 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Lexmark Toolbar --> regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
LrcEdit 1.0 --> "C:\Program Files\LrcEdit\unins000.exe"
Mario Forever v 2.16 ! --> C:\Mario Forever\UnMario.exe
Microsoft AppLocale --> MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Application Compatibility Database --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP30x Tools1.0 --> "C:\Program Files\MP30x\unins000.exe"
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
Norton AntiVirus 2004 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2004 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
PaperPort 8.0 SE --> MsiExec.exe /I{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}
QCP Converter --> C:\Program Files\QCP Converter\uninstall.exe
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
S3 S3Chromo --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Chromo'
S3 S3Config3D --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Config3D'
S3 S3Display --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
S3 S3RefreshLock --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3RefreshLock'
S3 S3TrayPlus --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3TrayPlus'
Samsung A840 USB - Handset Manager V9.2 --> MsiExec.exe /I{A918DE8A-98C8-0920-0000-000000220040}
Samsung USB Driver (MCCI 4.16) --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1485ABFA-12D7-4107-9148-54EE30CDBA67}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
Synapse Media Player --> C:\Program Files\Synapse\uninstaller.exe
TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
TrustSiteX 1.0 Control --> C:\Program Files\KCP\TrustSiteX\setup.exe -ui
TVAnts 1.0 --> C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp TI-Control 0.9 --> c:\winamp\PLUGINS\unins000.exe
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xvid 1.1.2 final uninstall --> "C:\Program Files\XviD\unins001.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-- Application Event Log -------------------------------------------------------
Event Record #/Type21563 / Error
Event Submitted/Written: 05/27/2008 09:10:42 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Photoshop.exe, version 9.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type78669 / Error
Event Submitted/Written: 06/04/2008 06:46:18 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.
Event Record #/Type78646 / Error
Event Submitted/Written: 06/04/2008 06:33:52 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
viamraid
Event Record #/Type78645 / Error
Event Submitted/Written: 06/04/2008 06:33:50 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The PortTalk service failed to start due to the following error:
%%2
Event Record #/Type78619 / Error
Event Submitted/Written: 06/03/2008 06:28:03 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
viamraid
Event Record #/Type78618 / Error
Event Submitted/Written: 06/03/2008 06:28:01 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The PortTalk service failed to start due to the following error:
%%2
-- End of Deckard's System Scanner: finished at 2008-06-04 18:50:35 ------------
18
Tech Clinic / Computer laaagss
« on: June 03, 2008, 09:38:53 PM »
I have an XP with DSL and it was running fine until I installed Google Earth. I tried to solve the problem by uninstalling it but the lag is still there. Every 5 seconds or so, my internet would freeze, and when I try to load a webpage, it would freeze and load about 2 minutes later. Someone please help me http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'\' />
Here's my hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 7:45:23 PM, on 6/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Browser Mouse\moffice.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Browser Mouse\MOUSE32A.DAT
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\moffice.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Glass2k] C:\Documents and Settings\ngo\My Documents\Downloads\Glass2k.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B96BF84-DA5C-46F4-A7FC-5319CFF74163} (MnetLauncher Control) - http://player.mnet.com/package/cjmuset.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} (MaxHelper Control) - http://www.mnet.com/Ver2/App/totalApp/maxh...r/maxhelper.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} (AFCStarter Control) - http://live.pdbox.co.kr:8057/AFCStarter.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Thank you in advance~!
\' /> Here's my hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 7:45:23 PM, on 6/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Browser Mouse\moffice.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Browser Mouse\MOUSE32A.DAT
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\moffice.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Glass2k] C:\Documents and Settings\ngo\My Documents\Downloads\Glass2k.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B96BF84-DA5C-46F4-A7FC-5319CFF74163} (MnetLauncher Control) - http://player.mnet.com/package/cjmuset.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} (MaxHelper Control) - http://www.mnet.com/Ver2/App/totalApp/maxh...r/maxhelper.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} (AFCStarter Control) - http://live.pdbox.co.kr:8057/AFCStarter.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Thank you in advance~!
19
Tech Clinic / Computer very slow when starting up.
« on: September 09, 2006, 12:17:10 AM »
Oh yay~ it's faster now! I guess I should defrag once in a while http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />
Thank you very much!
\' /> Thank you very much!
20
Tech Clinic / Computer very slow when starting up.
« on: September 05, 2006, 08:17:37 PM »
Alright.
Pages: [1] 2