Welcome to Lockergnome.com!
HomeHome FAQFAQ   SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log in/Register/PasswordLog in/Register/Password

adaware.virtumonde

  
   Home -> General -> Problem Solvers -> HijackThis Logs RSS
Next:  HijackThis Logs: tons of pop ups  
Author Message
darklord17ed




Joined: Dec 09, 2003
Posts: 93



(Msg. 1) Posted: Mon May 26, 2008 1:48 pm
Post subject: adaware.virtumonde
Downloaded a codec pack that had a surprise. Now I have virtumonde and can't get rid of it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:25 PM, on 5/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pine-net.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pine-net.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: {a608b6e2-55f0-6088-db54-e79c0251d021} - {120d1520-c97e-45bd-8806-0f552e6b806a} - C:\Windows\system32\nqsaffaj.dll
O2 - BHO: (no name) - {30104DFC-060B-426A-907C-8309B0937F30} - C:\Windows\system32\ljJBqpqn.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\wvUkHWMC.dll,#1
O4 - HKLM\..\Run: [BM1b49b432] Rundll32.exe "C:\Windows\system32\vyetjlpa.dll",s
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\r3hook.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10651 bytes
Back to top
Login to vote
greyknight17




Joined: Feb 03, 2003
Posts: 4825

Location: Brooklyn, NY
(Msg. 2) Posted: Mon May 26, 2008 7:46 pm
Post subject: Re: adaware.virtumonde [Login to view extended thread Info.]
Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: {a608b6e2-55f0-6088-db54-e79c0251d021} - {120d1520-c97e-45bd-8806-0f552e6b806a} - C:\Windows\system32\nqsaffaj.dll
O2 - BHO: (no name) - {30104DFC-060B-426A-907C-8309B0937F30} - C:\Windows\system32\ljJBqpqn.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\wvUkHWMC.dll,#1
O4 - HKLM\..\Run: [BM1b49b432] Rundll32.exe "C:\Windows\system32\vyetjlpa.dll",s

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\Windows\system32\nqsaffaj.dll
C:\Windows\system32\ljJBqpqn.dll
C:\Windows\system32\wvUkHWMC.dll
C:\Windows\system32\vyetjlpa.dll

Don't worry if you have problems deleting any of the files. We will take care of them in the next round.

1. Download combofix at http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe or http://download.bleepingcomputer.com/sUBs/ComboFix.exe Save it to your Desktop before you run it.
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

I want you to upload this file (C:\Windows\system32\wininit.exe) to http://virusscan.jotti.org and report back what it found.
Back to top
Login to vote
darklord17ed




Joined: Dec 09, 2003
Posts: 93



(Msg. 3) Posted: Mon May 26, 2008 9:49 pm
Post subject: Re: adaware.virtumonde [Login to view extended thread Info.]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: {a608b6e2-55f0-6088-db54-e79c0251d021} - {120d1520-c97e-45bd-8806-0f552e6b806a} - C:\Windows\system32\nqsaffaj.dll
O2 - BHO: (no name) - {30104DFC-060B-426A-907C-8309B0937F30} - C:\Windows\system32\ljJBqpqn.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\wvUkHWMC.dll,#1
O4 - HKLM\..\Run: [BM1b49b432] Rundll32.exe "C:\Windows\system32\vyetjlpa.dll",s

Fixed

C:\Windows\system32\nqsaffaj.dll (not found)
C:\Windows\system32\ljJBqpqn.dll (deleted)
C:\Windows\system32\wvUkHWMC.dll (not deleted)
C:\Windows\system32\vyetjlpa.dll (not found)

Jotti reported the file as ok

ComboFix 08-05-25.5 - Dads Laptop 2008-05-26 20:19:58.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2019 [GMT -5:00]
Running from: C:\Users\Dads Laptop\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Dads Laptop\AppData\Roaming\inst.exe
C:\Windows\system32\cqjccvct.ini
C:\Windows\system32\efcYsPhh.dll
C:\Windows\system32\geBrqpqp.dll
C:\Windows\System32\GjmloUtv.ini
C:\Windows\System32\GjmloUtv.ini2
C:\Windows\system32\KBL.LOG
C:\Windows\system32\ljJBqpqn.dll
C:\Windows\system32\mmgvoltm.ini
C:\Windows\system32\nqpqBJjl.ini
C:\Windows\System32\nqpqBJjl.ini2

.
((((((((((((((((((((((((( Files Created from 2008-04-27 to 2008-05-27 )))))))))))))))))))))))))))))))
.

2008-05-26 17:46 . 2008-05-26 17:46 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-05-26 17:46 . 2008-05-26 17:46 <DIR> d-------- C:\ProgramData\Lavasoft
2008-05-26 17:46 . 2008-05-26 18:12 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-26 13:40 . 2008-05-26 13:40 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-26 13:40 . 2008-05-26 13:40 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-05-26 13:38 . 2008-05-26 13:38 <DIR> d-------- C:\Users\Dads Laptop\AppData\Roaming\SUPERAntiSpyware.com
2008-05-26 13:38 . 2008-05-26 13:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-26 13:35 . 2008-05-26 17:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-26 12:01 . 2008-05-26 12:03 524,288 --ahs---- C:\ntuser.dat{4efec4f9-2b45-11dd-afc7-001a73db8085}.TMContainer00000000000000000002.regtrans-ms
2008-05-26 12:01 . 2008-05-26 20:08 524,288 --ahs---- C:\ntuser.dat{4efec4f9-2b45-11dd-afc7-001a73db8085}.TMContainer00000000000000000001.regtrans-ms
2008-05-26 12:01 . 2008-05-26 20:08 65,536 --ahs---- C:\ntuser.dat{4efec4f9-2b45-11dd-afc7-001a73db8085}.TM.blf
2008-05-26 11:36 . 2008-05-26 11:36 124,928 --a------ C:\Windows\System32\vyetjlpa.dll
2008-05-26 10:37 . 2008-05-26 11:28 524,288 --ahs---- C:\ntuser.dat{7eaa315a-2b39-11dd-b018-001b24e37c49}.TMContainer00000000000000000002.regtrans-ms
2008-05-26 10:37 . 2008-05-26 11:28 524,288 --ahs---- C:\ntuser.dat{7eaa315a-2b39-11dd-b018-001b24e37c49}.TMContainer00000000000000000001.regtrans-ms
2008-05-26 10:37 . 2008-05-26 11:28 65,536 --ahs---- C:\ntuser.dat{7eaa315a-2b39-11dd-b018-001b24e37c49}.TM.blf
2008-05-26 02:01 . 2008-02-01 11:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-05-26 02:01 . 2007-12-10 13:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-05-26 02:00 . 2008-05-26 20:08 262,144 --a------ C:\ntuser.dat
2008-05-26 02:00 . 2007-12-10 13:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-05-26 02:00 . 2007-12-10 13:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-05-26 02:00 . 2008-05-26 20:08 5,120 --ah----- C:\ntuser.dat.LOG1
2008-05-26 02:00 . 2008-05-26 10:37 0 --ah----- C:\ntuser.dat.LOG2
2008-05-26 01:47 . 2008-05-26 01:47 <DIR> d-------- C:\Users\Dads Laptop\AppData\Roaming\PC Tools
2008-05-26 01:47 . 2008-05-26 19:42 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-25 20:21 . 2008-05-26 19:45 419 --a------ C:\Windows\wininit.ini
2008-05-25 19:22 . 2008-05-25 19:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-25 17:45 . 2008-05-25 17:50 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-25 16:04 . 2008-05-25 18:18 54,156 --ah----- C:\Windows\QTFont.qfn
2008-05-25 16:04 . 2008-05-25 16:04 1,409 --a------ C:\Windows\QTFont.for
2008-05-25 16:03 . 2008-05-25 16:03 <DIR> d-------- C:\Program Files\iPod
2008-05-25 16:02 . 2008-05-25 16:02 <DIR> d-------- C:\Program Files\Bonjour
2008-05-25 16:00 . 2008-05-25 16:00 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-25 15:58 . 2008-05-25 15:58 <DIR> d-------- C:\Users\All Users\Apple
2008-05-25 15:58 . 2008-05-25 15:58 <DIR> d-------- C:\ProgramData\Apple
2008-05-25 15:58 . 2008-05-25 15:58 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-22 20:21 . 2008-05-22 20:21 38 --a------ C:\Windows\avisplitter.INI
2008-05-21 19:30 . 2008-05-21 20:22 96,645 --a------ C:\Windows\System32\drivers\klin.dat
2008-05-21 19:30 . 2008-05-21 20:22 87,941 --a------ C:\Windows\System32\drivers\klick.dat
2008-05-21 19:29 . 2008-05-26 20:27 34,510,368 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-05-21 19:29 . 2008-05-26 20:26 464,312 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-05-18 08:39 . 2008-05-18 08:39 <DIR> d-------- C:\Program Files\Gravis
2008-05-18 08:39 . 1999-08-04 11:16 126,976 --------- C:\Windows\System32\DZIP32.DLL
2008-05-18 08:39 . 1999-08-16 09:35 110,592 --------- C:\Windows\System32\DUNZIP32.DLL
2008-05-18 08:39 . 2001-04-03 12:42 37,575 --------- C:\Windows\GRAVXPR.grb
2008-05-18 08:39 . 1999-10-05 06:09 29,184 --------- C:\Windows\System32\POPUP.OCX
2008-05-18 08:39 . 2001-09-26 14:59 11,920 --------- C:\Windows\System32\drivers\KID_SYS.sys
2008-05-18 08:39 . 2001-07-26 14:36 9,140 --------- C:\Windows\System32\drivers\KID_LIB.sys
2008-05-18 08:04 . 2008-05-18 08:04 <DIR> d-------- C:\Users\Dads Laptop\AppData\Roaming\GTek
2008-05-17 15:22 . 2008-05-17 15:22 <DIR> d-------- C:\Windows\Sun
2008-05-11 21:21 . 2008-05-11 21:21 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-05-10 22:19 . 2008-05-10 22:19 <DIR> d-------- C:\Program Files\Audacity
2008-05-10 20:59 . 2008-05-19 15:05 <DIR> d-------- C:\Program Files\IrfanView
2008-05-05 21:51 . 2008-05-05 21:51 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-05 18:35 . 2008-05-05 18:35 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-05-05 16:39 . 2008-05-05 16:39 <DIR> d-------- C:\PerfLogs
2008-05-05 16:35 . 2008-05-05 16:35 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2008-05-05 16:15 . 2008-01-19 02:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-05-05 16:15 . 2008-01-19 02:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-05-05 16:13 . 2008-01-19 02:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-05 16:12 . 2008-01-19 02:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-05-05 16:11 . 2008-01-19 01:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-05 16:10 . 2008-01-19 02:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-05 16:10 . 2008-01-19 02:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-05 16:10 . 2008-01-19 02:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-05 16:10 . 2008-01-19 02:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-05 16:10 . 2008-01-19 02:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-05 16:09 . 2008-01-19 02:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-05 16:09 . 2008-01-19 02:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-05 16:09 . 2008-01-19 02:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-05 16:09 . 2006-11-02 04:45 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-05-05 16:09 . 2008-01-19 02:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-05 11:57 . 2008-05-05 11:57 <DIR> d-------- C:\Program Files\Area Wide Directory
2008-05-04 15:42 . 2008-05-04 15:42 <DIR> d-------- C:\Program Files\Tracker Checker 2
2008-04-29 22:20 . 2008-04-29 22:21 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-29 18:56 . 2008-04-29 18:56 0 --a------ C:\Windows\JDSecure20.INI
2008-04-28 21:09 . 2008-04-28 21:09 <DIR> d-------- C:\Users\All Users\vsosdk
2008-04-28 21:09 . 2008-04-28 21:09 <DIR> d-------- C:\ProgramData\vsosdk
2008-04-28 20:50 . 2008-05-26 19:53 69 --a------ C:\Windows\NeroDigital.ini
2008-04-28 00:03 . 2008-04-28 00:03 <DIR> d-------- C:\Users\All Users\Ubisoft
2008-04-28 00:03 . 2008-04-28 00:03 <DIR> d-------- C:\ProgramData\Ubisoft
2008-04-28 00:01 . 2008-04-28 07:53 <DIR> d-------- C:\Program Files\Raptor
2008-04-27 22:19 . 2008-04-27 22:19 <DIR> d-------- C:\Program Files\Ubisoft
2008-04-27 18:32 . 2008-04-27 18:32 256,276,620 --a------ C:\Windows\MEMORY.DMP
2008-04-27 18:20 . 2008-05-01 18:09 151 --a------ C:\Windows\PhotoSnapViewer.INI
2008-04-27 14:26 . 2008-04-27 14:26 <DIR> d-------- C:\Program Files\Convar
2008-04-27 14:26 . 2003-07-18 13:58 516,784 -ra------ C:\Windows\System32\XceedCry.dll
2008-04-27 14:26 . 2002-02-28 09:46 217,088 --a------ C:\Windows\System32\DartSock.dll
2008-04-27 14:26 . 2000-05-22 00:00 140,488 --a------ C:\Windows\System32\COMDLG32.OCX
2008-04-27 14:26 . 2002-02-21 10:12 118,784 --a------ C:\Windows\System32\DartWeb.dll
2008-04-27 14:26 . 1998-06-18 00:00 89,360 --a------ C:\Windows\System32\VB5DB.DLL
2008-04-27 14:26 . 1998-06-13 22:53 44,544 --a------ C:\Windows\System32\Gif89.dll
2008-04-27 14:26 . 2002-04-12 13:19 28,672 --a------ C:\Windows\System32\DartWeb.oca

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 00:47 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-05-27 00:42 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-26 21:23 --------- d---a-w C:\ProgramData\TEMP
2008-05-26 18:16 --------- d-----w C:\Program Files\Google
2008-05-25 21:29 --------- d-----w C:\Users\Dads Laptop\AppData\Roaming\uTorrent
2008-05-25 21:03 --------- d-----w C:\Users\Dads Laptop\AppData\Roaming\Apple Computer
2008-05-25 21:03 --------- d-----w C:\ProgramData\Apple Computer
2008-05-25 21:03 --------- d-----w C:\Program Files\itunes
2008-05-25 21:02 --------- d-----w C:\Program Files\quicktime
2008-05-25 02:19 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-22 00:29 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-18 16:12 --------- d-----w C:\Program Files\Trillian
2008-05-18 13:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 08:02 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 08:02 --------- d-----w C:\Program Files\Windows Mail
2008-05-05 21:52 --------- d-----w C:\ProgramData\NVIDIA
2008-05-05 21:50 174 --sha-w C:\Program Files\desktop.ini
2008-05-05 21:40 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-05 21:40 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-05 21:40 --------- d-----w C:\Program Files\Windows Journal
2008-05-05 21:40 --------- d-----w C:\Program Files\Windows Defender
2008-05-05 21:40 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-05 21:40 --------- d-----w C:\Program Files\Windows Calendar
2008-05-05 21:26 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-05 21:26 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-29 21:27 --------- d-----w C:\Users\Dads Laptop\AppData\Roaming\Ahead
2008-04-29 04:14 --------- d-----w C:\Users\Dads Laptop\AppData\Roaming\Vso
2008-04-26 21:48 --------- d-----w C:\ProgramData\LightScribe
2008-04-26 21:45 --------- d-----w C:\ProgramData\Ahead
2008-04-26 21:45 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-26 21:43 --------- d-----w C:\ProgramData\Nero
2008-04-18 05:03 --------- d-----w C:\Program Files\HP
2008-04-18 01:02 --------- d-----w C:\ProgramData\BVRP Software
2008-04-18 00:50 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-04-18 00:49 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-04-18 00:39 --------- d-----w C:\Program Files\Avanquest update
2008-04-18 00:28 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2008-04-13 06:56 --------- d-----w C:\Program Files\PFConfig
2008-04-13 06:55 --------- d-----w C:\Program Files\DNA
2008-04-12 15:32 27,905 ----a-w C:\Users\Dads Laptop\AppData\Roaming\nvModes.dat
2008-04-10 15:04 --------- d-----w C:\Program Files\Guild Wars
2008-04-10 14:29 --------- d-----w C:\ProgramData\CCP
2008-04-10 14:25 --------- d-----w C:\Program Files\CCP
2008-04-08 03:20 --------- d-----w C:\ProgramData\CyberLink
2008-04-08 03:19 --------- d-----w C:\Users\Dads Laptop\AppData\Roaming\CyberLink
2008-04-07 20:12 --------- d-----w C:\Program Files\Java
2008-03-31 17:57 --------- d-----w C:\Program Files\Amazon
2008-03-31 04:28 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
2008-03-31 04:28 47,360 ----a-w C:\Users\Dads Laptop\AppData\Roaming\pcouffin.sys
2008-03-31 04:28 --------- d-----w C:\Program Files\VSO
2008-03-31 03:51 --------- d-----w C:\Program Files\MozBackup
2008-03-31 00:54 --------- d-----w C:\Program Files\palmone
2008-03-31 00:38 --------- d-----w C:\Program Files\picaloader
2008-03-31 00:38 --------- d-----w C:\Program Files\openoffice.org 2.3
2008-03-31 00:37 --------- d-----w C:\Program Files\nero
2008-03-30 22:55 --------- d-----w C:\Program Files\Maxis
2008-03-30 20:58 --------- d-----w C:\ProgramData\AOL
2008-03-30 18:08 --------- d-----w C:\Program Files\DivX
2008-03-30 18:07 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-03-30 17:58 --------- d-----w C:\Users\Dads Laptop\AppData\Roaming\DivX
2008-03-30 17:57 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-30 17:04 --------- d-----w C:\Users\Dads Laptop\AppData\Roaming\WildTangent
2008-03-30 17:04 --------- d-----w C:\ProgramData\WildTangent
2008-03-30 02:25 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-03-30 02:24 --------- d-----w C:\Program Files\Download Direct
2008-03-29 01:40 --------- d-----w C:\Users\Dads Laptop\AppData\Roaming\Media Player Classic
2008-03-29 01:36 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-28 19:58 --------- d-----w C:\Users\Dads Laptop\AppData\Roaming\HP
2008-03-28 19:58 --------- d-----w C:\ProgramData\HP
2008-03-28 08:00 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-28 02:41 --------- d-----w C:\Program Files\uTorrent
2008-03-28 02:15 --------- d-----w C:\Users\Dads Laptop\AppData\Roaming\Thunderbird
2008-03-28 01:50 --------- d-----w C:\ProgramData\Media Center Programs
2008-03-28 01:40 --------- d-----w C:\Program Files\CONEXANT
2008-03-04 17:33 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2008-03-04 07:34 2,125,312 ----a-w C:\Windows\System32\CnxtAp32.dll
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2007-05-29 21:19 92,064 ----a-w C:\Users\Dads Laptop\mqdmmdm.sys
2007-05-29 21:19 9,232 ----a-w C:\Users\Dads Laptop\mqdmmdfl.sys
2007-05-29 21:19 79,328 ----a-w C:\Users\Dads Laptop\mqdmserd.sys
2007-05-29 21:19 66,656 ----a-w C:\Users\Dads Laptop\mqdmbus.sys
2007-05-29 21:19 6,208 ----a-w C:\Users\Dads Laptop\mqdmcmnt.sys
2007-05-29 21:19 5,936 ----a-w C:\Users\Dads Laptop\mqdmwhnt.sys
2007-05-29 21:19 4,048 ----a-w C:\Users\Dads Laptop\mqdmcr.sys
2007-05-29 21:19 25,600 ----a-w C:\Users\Dads Laptop\usbsermptxp.sys
2007-05-29 21:19 22,768 ----a-w C:\Users\Dads Laptop\usbsermpt.sys
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]
2007-08-31 13:32 177504 --a------ c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 02:33 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136]
"TrackerChecker2"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 16:54 554320]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 16:32 222504]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 10:47 480560]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 17:53 311296]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 15:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 15:05 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 15:05 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 19:31 1033512]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"BM1b49b432"="C:\Windows\system32\vyetjlpa.dll" [2008-05-26 11:36 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{8053AF4F-F35D-4EC6-A411-039EFB515CD8}"= C:\Windows\system32\efcYsPhh.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\r3hook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{29DA7670-1067-4EF0-89EE-9BD6B12C9B54}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CABE275A-2E71-4CD7-BEFE-592949AFE45F}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3EC86714-8387-408B-96E6-981610836165}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6F50D2C4-8E6C-46EE-88E2-254E72827181}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{39B3D989-6E77-4032-8CD7-F8CA94EF8C0D}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{45353C69-11B0-49DF-A153-FAEF489D2F33}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B9D5E06F-0DF6-4F61-A359-53B94B0B938C}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F6A10BF2-F0DE-4AAE-BFE2-504D153C766F}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{170CDA6A-111A-4A9A-98ED-2A85D43D77DB}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B81F62E7-E9A4-4330-BE2B-FBF881E4FAB3}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2F635961-175D-4664-B4FD-26A3D12F4096}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B0F27E38-CFE8-41DC-B0E2-38BC89DB1161}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{44388AFA-0173-4865-B296-D9C006EB967A}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{A6DCD29F-AA9C-456D-B6E6-B818B46EC845}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3B08578E-8776-4AEE-ABC4-898679DDF5D1}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{94ADB046-CD9A-434F-AD33-83C0D038F7D1}E:\\bin\\ia\\core\\mdm_util.exe"= UDP:E:\bin\ia\core\mdm_util.exe:MDM_Util
"UDP Query User{03A044DB-06E8-4391-BE35-E6E312E8A947}E:\\bin\\ia\\core\\mdm_util.exe"= TCP:E:\bin\ia\core\mdm_util.exe:MDM_Util
"{0D722FE6-D3DD-4E64-93C8-748E7CC79EFE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{71FB4E80-113A-4559-A834-CEC483187791}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{21839995-5E0B-4FA6-9B28-C5932594ABAA}C:\\program files\\trillian\\trillian.exe"= UDP:C:\program files\trillian\trillian.exe:Trillian
"UDP Query User{493B4AAC-E43D-4D28-A481-8DAFB750210B}C:\\program files\\trillian\\trillian.exe"= TCP:C:\program files\trillian\trillian.exe:Trillian
"{7D608789-C8AA-4D20-8756-3AEA00E53F1D}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{74E041F9-F57E-44B7-85E9-B3B9A2E98D74}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"TCP Query User{C01A3FE8-4567-459A-BD79-A840B913E37E}C:\\program files\\ccp\\eve\\bin\\exefile.exe"= UDP:C:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"UDP Query User{86D08B89-425B-46B5-9E35-30B71F58122F}C:\\program files\\ccp\\eve\\bin\\exefile.exe"= TCP:C:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"{6EE97025-1443-445A-BF12-89F82A8D1050}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{15C3D8BD-E6C6-4D40-967C-BEBAEA571C11}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"TCP Query User{EADEAA38-C543-452A-A648-E52293CAA4BE}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{9798A4B6-54CC-4A63-9136-D97B48C7207B}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{ADCCA65E-0733-445F-8C67-29FAAD884CC6}C:\\program files\\ccp\\eve\\bin\\exefile.exe"= UDP:C:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"UDP Query User{79661837-C416-4777-9D1F-4DC2F35E0106}C:\\program files\\ccp\\eve\\bin\\exefile.exe"= TCP:C:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"TCP Query User{2D73E99C-4797-40BB-8A5E-E64B8CB799C8}C:\\kav\\kav7.0\\english\\setup.exe"= UDP:C:\kav\kav7.0\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{164FA832-0017-4DC7-80D5-C6B5531E45CA}C:\\kav\\kav7.0\\english\\setup.exe"= TCP:C:\kav\kav7.0\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"{8F94C6F0-7805-4990-8264-A577B8060C64}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9F5181CB-AD69-4ABB-9173-C6F5DA2695B9}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{BEC1A758-442E-475F-99CB-30BAF25C14A3}"= UDP:C:\Program Files\itunes\iTunes.exe:iTunes
"{1BDA0372-99C6-408F-B254-29F4D0D7E6EF}"= TCP:C:\Program Files\itunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2007-09-30 22:34]
R2 QPSched;QuickPlay Task Scheduler (QTS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2007-09-30 22:34]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 06:36]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 13:30]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 16:50]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-12 23:50]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-23 18:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c7e13c2-fecd-11dc-ab32-001b24e37c49}]
\shell\AutoRun\command - G:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-26 20:27:59
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\vyetjlpa.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\wlanext.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\Locator.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-05-26 20:47:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-27 01:46:59

Pre-Run: 112,493,441,024 bytes free
Post-Run: 112,331,100,160 bytes free

366 --- E O F --- 2008-05-25 02:19:31
Back to top
Login to vote
darklord17ed




Joined: Dec 09, 2003
Posts: 93



(Msg. 4) Posted: Mon May 26, 2008 9:57 pm
Post subject: Re: adaware.virtumonde [Login to view extended thread Info.]
New HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:04 PM, on 5/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pine-net.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pine-net.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BM1b49b432] Rundll32.exe "C:\Windows\system32\vyetjlpa.dll",s
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\r3hook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7681 bytes
Back to top
Login to vote
greyknight17




Joined: Feb 03, 2003
Posts: 4825

Location: Brooklyn, NY
(Msg. 5) Posted: Fri May 30, 2008 9:45 am
Post subject: [Login to view extended thread Info.]
I don't recommend using programs like Limewire or BitTorrent since they may help contribute to malware infections.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:
Quote:
File::
C:\Windows\System32\vyetjlpa.dll
C:\Windows\system32\wvUkHWMC.dll
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM1b49b432"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{8053AF4F-F35D-4EC6-A411-039EFB515CD8}"=-

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.
Back to top
Login to vote
darklord17ed




Joined: Dec 09, 2003
Posts: 93



(Msg. 6) Posted: Sun Jun 01, 2008 7:23 pm
Post subject: combofix log [Login to view extended thread Info.]
ComboFix 08-05-25.5 - Dads Laptop 2008-06-01 18:21:03.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1496 [GMT -5:00]
Running from: C:\Users\Dads Laptop\Desktop\ComboFix.exe
Command switches used :: C:\Users\Dads Laptop\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Windows\System32\vyetjlpa.dll
C:\Windows\system32\wvUkHWMC.dll
.

((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.

2008-05-28 16:57 . 2008-03-07 21:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 16:57 . 2008-03-07 23:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-26 13:40 . 2008-05-26 13:40 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-26 13:40 . 2008-05-26 13:40 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-05-26 13:38 . 2008-05-26 13:38 <DIR> d-------- C:\Users\Dads Laptop\AppData\Roaming\SUPERAntiSpyware.com
2008-05-26 13:38 . 2008-05-26 13:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-26 13:35 . 2008-05-26 22:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-26 12:01 . 2008-05-26 12:03 524,288 --ahs---- C:\ntuser.dat{4efec4f9-2b45-11dd-afc7-001a73db8085}.TMContainer00000000000000000002.regtrans-ms
2008-05-26 12:01 . 2008-05-28 17:23 524,288 --ahs---- C:\ntuser.dat{4efec4f9-2b45-11dd-afc7-001a73db8085}.TMContainer00000000000000000001.regtrans-ms
2008-05-26 12:01 . 2008-05-28 17:23 65,536 --ahs---- C:\ntuser.dat{4efec4f9-2b45-11dd-afc7-001a73db8085}.TM.blf
2008-05-26 10:37 . 2008-05-26 11:28 524,288 --ahs---- C:\ntuser.dat{7eaa315a-2b39-11dd-b018-001b24e37c49}.TMContainer00000000000000000002.regtrans-ms
2008-05-26 10:37 . 2008-05-26 11:28 524,288 --ahs---- C:\ntuser.dat{7eaa315a-2b39-11dd-b018-001b24e37c49}.TMContainer00000000000000000001.regtrans-ms
2008-05-26 10:37 . 2008-05-26 11:28 65,536 --ahs---- C:\ntuser.dat{7eaa315a-2b39-11dd-b018-001b24e37c49}.TM.blf
2008-05-26 02:00 . 2008-05-28 17:23 262,144 --a------ C:\ntuser.dat
2008-05-26 02:00 . 2008-05-28 17:23 5,120 --ah----- C:\ntuser.dat.LOG1
2008-05-26 02:00 . 2008-05-26 10:37 0 --ah----- C:\ntuser.dat.LOG2
2008-05-25 20:21 . 2008-05-26 19:45 419 --a------ C:\Windows\wininit.ini
2008-05-25 19:22 . 2008-05-25 19:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-25 17:45 . 2008-05-25 17:50 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-25 16:04 . 2008-05-28 16:54 54,156 --ah----- C:\Windows\QTFont.qfn
2008-05-25 16:04 . 2008-05-25 16:04 1,409 --a------ C:\Windows\QTFont.for
2008-05-25 16:03 . 2008-05-25 16:03 <DIR> d-------- C:\Program Files\iPod
2008-05-25 16:02 . 2008-05-25 16:02 <DIR> d-------- C:\Program Files\Bonjour
2008-05-25 16:00 . 2008-05-25 16:00 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-25 15:58 . 2008-05-25 15:58 <DIR> d-------- C:\Users\All Users\Apple
2008-05-25 15:58 . 2008-05-25 15:58 <DIR> d-------- C:\ProgramData\Apple
2008-05-25 15:58 . 2008-05-25 15:58 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-22 20:21 . 2008-05-22 20:21 38 --a------ C:\Windows\avisplitter.INI
2008-05-21 19:30 . 2008-05-28 16:56 96,966 --a------ C:\Windows\System32\drivers\klin.dat
2008-05-21 19:30 . 2008-05-29 13:46 88,774 --a------ C:\Windows\System32\drivers\klick.dat
2008-05-21 19:29 . 2008-06-01 18:25 53,571,872 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-05-21 19:29 . 2008-05-29 21:32 558,680 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-05-18 08:39 . 2008-05-18 08:39 <DIR> d-------- C:\Program Files\Gravis
2008-05-18 08:39 . 1999-08-04 11:16 126,976 --------- C:\Windows\System32\DZIP32.DLL
2008-05-18 08:39 . 1999-08-16 09:35 110,592 --------- C:\Windows\System32\DUNZIP32.DLL
2008-05-18 08:39 . 2001-04-03 12:42 37,575 --------- C:\Windows\GRAVXPR.grb
2008-05-18 08:39 . 1999-10-05 06:09 29,184 --------- C:\Windows\System32\POPUP.OCX
2008-05-18 08:39 . 2001-09-26 14:59 11,920 --------- C:\Windows\System32\drivers\KID_SYS.sys
2008-05-18 08:39 . 2001-07-26 14:36 9,140 --------- C:\Windows\System32\drivers\KID_LIB.sys
2008-05-18 08:04 . 2008-05-18 08:04 <DIR> d-------- C:\Users\Dads Laptop\AppData\Roaming\GTek
2008-05-17 15:22 . 2008-05-17 15:22 <DIR> d-------- C:\Windows\Sun
2008-05-11 21:21 . 2008-05-11 21:21 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-05-10 22:19 . 2008-05-10 22:19 <DIR> d-------- C:\Program Files\Audacity
2008-05-10 20:59 . 2008-05-19 15:05 <DIR> d-------- C:\Program Files\IrfanView
2008-05-05 21:51 . 2008-05-05 21:51 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-05 18:35 . 2008-05-05 18:35 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-05-05 16:39 . 2008-05-05 16:39 <DIR> d-------- C:\PerfLogs
2008-05-05 16:35 . 2008-05-05 16:35 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2008-05-05 16:15 . 2008-01-19 02:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-05-05 16:15 . 2008-01-19 02:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-05-05 16:13 . 2008-01-19 02:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-05 16:12 . 2008-01-19 02:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-05-05 16:11 . 2008-01-19 01:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-05 16:10 . 2008-01-19 02:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-05 16:10 . 2008-01-19 02:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-05 16:10 . 2008-01-19 02:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-05 16:10 . 2008-01-19 02:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-05 16:10 . 2008-01-19 02:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-05 16:09 . 2008-01-19 02:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-05 16:09 . 2008-01-19 02:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-05 16:09 . 2008-01-19 02:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-05 16:09 . 2006-11-02 04:45 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-05-05 16:09 . 2008-01-19 02:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-05 11:57 . 2008-05-05 11:57 <DIR> d-------- C:\Program Files\Area Wide Directory


.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 23:10 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-05-28 21:56 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys
2008-05-27 03:33 --------- d---a-w C:\ProgramData\TEMP
2008-05-27 03:33 --------- d-----w C:\Program Files\Trillian
2008-05-27 03:33 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-27 03:33 --------- d-----w C:\Program Files\Guild Wars
2008-05-27 00:42 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-26 18:16 --------- d-----w C:\Program Files\Google
2008-05-25 21:03 --------- d-----w C:\Users\Dads Laptop\AppData\Roaming\Apple Computer
2008-05-25 21:03 --------- d-----w C:\ProgramData\Apple Computer
2008-05-25 21:03 --------- d-----w C:\Program Files\itunes
2008-05-25 21:02 --------- d-----w C:\Program Files\quicktime
2008-05-25 02:19 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-22 00:29 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-18 13:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 08:02 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 08:02 --------- d-----w C:\Program Files\Windows Mail
2008-05-05 21:52 --------- d-----w C:\ProgramData\NVIDIA
2008-05-05 21:50 174 --sha-w C:\Program Files\desktop.ini
2008-05-05 21:40 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-05 21:40 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-05 21:40 --------- d-----w C:\Program Files\Windows Journal
2008-05-05 21:40 --------- d-----w C:\Program Files\Windows Defender
2008-05-05 21:40 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-05 21:40 --------- d-----w C:\Program Files\Windows Calendar
2008-05-05 21:26 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-05 21:26 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-30 03:21 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-29 21:27 --------- d-----w C:\Users\Dads Laptop\AppData\Roaming\Ahead
2008-04-29 04:14 --------- d-----w C:\Users\Dads Laptop\AppData\Roaming\Vso
2008-04-29 02:09 --------- d-----w C:\ProgramData\vsosdk
2008-04-28 12:53 --------- d-----w C:\Program Files\Raptor
2008-04-28 05:03 --------- d-----w C:\ProgramData\Ubisoft
2008-04-28 03:19 --------- d-----w C:\Program Files\Ubisoft
2008-04-27 19:26 --------- d-----w C:\Program Files\Convar
2008-04-26 21:48 --------- d-----w C:\ProgramData\LightScribe
2008-04-26 21:45 --------- d-----w C:\ProgramData\Ahead
2008-04-26 21:45 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-26 21:43 --------- d-----w C:\ProgramData\Nero
2008-04-18 05:03 --------- d-----w C:\Program Files\HP
2008-04-18 01:02 --------- d-----w C:\ProgramData\BVRP Software
2008-04-18 00:50 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-04-18 00:49 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-04-18 00:39 --------- d-----w C:\Program Files\Avanquest update
2008-04-18 00:28 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2008-04-13 06:56 --------- d-----w C:\Program Files\PFConfig
2008-04-13 06:55 --------- d-----w C:\Program Files\DNA
2008-04-12 15:32 27,905 ----a-w C:\Users\Dads Laptop\AppData\Roaming\nvModes.dat
2008-04-10 14:29 --------- d-----w C:\ProgramData\CCP
2008-04-10 14:25 --------- d-----w C:\Program Files\CCP
2008-04-08 03:20 --------- d-----w C:\ProgramData\CyberLink
2008-04-08 03:19 --------- d-----w C:\Users\Dads Laptop\AppData\Roaming\CyberLink
2008-04-07 20:12 --------- d-----w C:\Program Files\Java
2008-03-31 04:28 47,360 ----a-w C:\Users\Dads Laptop\AppData\Roaming\pcouffin.sys
2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-03-04 17:33 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2008-03-04 07:34 2,125,312 ----a-w C:\Windows\System32\CnxtAp32.dll
2007-05-29 21:19 92,064 ----a-w C:\Users\Dads Laptop\mqdmmdm.sys
2007-05-29 21:19 9,232 ----a-w C:\Users\Dads Laptop\mqdmmdfl.sys
2007-05-29 21:19 79,328 ----a-w C:\Users\Dads Laptop\mqdmserd.sys
2007-05-29 21:19 66,656 ----a-w C:\Users\Dads Laptop\mqdmbus.sys
2007-05-29 21:19 6,208 ----a-w C:\Users\Dads Laptop\mqdmcmnt.sys
2007-05-29 21:19 5,936 ----a-w C:\Users\Dads Laptop\mqdmwhnt.sys
2007-05-29 21:19 4,048 ----a-w C:\Users\Dads Laptop\mqdmcr.sys
2007-05-29 21:19 25,600 ----a-w C:\Users\Dads Laptop\usbsermptxp.sys
2007-05-29 21:19 22,768 ----a-w C:\Users\Dads Laptop\usbsermpt.sys
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot DeleteThis @2008-05-26_20.33.43.52 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-27 01:27:10 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-30 23:25:19 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-30 23:25:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-30 23:25:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-27 01:27:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-05-30 23:26:28 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-05-27 01:27:40 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-05-30 23:26:23 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-05-26 22:39:28 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-28 22:24:48 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-26 22:39:28 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-28 22:24:48 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-26 22:39:28 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-28 22:24:48 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-27 00:51:18 101,350 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-30 23:31:53 101,350 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-27 00:51:18 595,684 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-30 23:31:53 595,684 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-14 09:01:08 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2008-05-28 22:23:17 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
- 2008-05-26 23:59:04 7,848 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2586256623-984843883-1022202914-1000_UserData.bin
+ 2008-05-30 23:27:16 8,266 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2586256623-984843883-1022202914-1000_UserData.bin
- 2008-05-26 23:59:03 68,280 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-30 23:27:15 68,844 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-26 19:59:17 37,094 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-30 02:35:00 38,572 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-05-13 22:35:58 131,973,921 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-05-28 21:56:30 132,410,843 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-03-08 00:22:51 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16651_none_0a06ea31f54d7fe8\AcRes.dll
+ 2008-03-08 00:15:10 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20788_none_0a77193f0e7d24e6\AcRes.dll
+ 2008-03-08 01:58:43 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18032_none_0c03c8f9f262f24e\AcRes.dll
+ 2008-03-08 01:56:45 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22132_none_0c8d65c50b809218\AcRes.dll
+ 2008-03-08 04:30:03 2,144,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16651_none_0a08eac5f54bb296\AcGenral.dll
+ 2008-03-08 04:15:43 2,144,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20788_none_0a7919d30e7b5794\AcGenral.dll
+ 2008-03-08 04:19:20 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18032_none_0c05c98df26124fc\AcGenral.dll
+ 2008-03-08 04:09:28 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22132_none_0c8f66590b7ec4c6\AcGenral.dll
+ 2008-03-08 04:30:03 449,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16651_none_0a09eb0ff54acbed\AcSpecfc.dll
+ 2008-03-08 04:15:44 450,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20788_none_0a7a1a1d0e7a70eb\AcSpecfc.dll
+ 2008-03-08 04:19:21 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18032_none_0c06c9d7f2603e53\AcSpecfc.dll
+ 2008-03-08 04:09:29 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22132_none_0c9066a30b7dde1d\AcSpecfc.dll
+ 2008-03-08 04:30:03 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcLayers.dll
+ 2008-03-08 04:30:03 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcXtrnal.dll
+ 2008-03-08 04:15:44 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcLayers.dll
+ 2008-03-08 04:15:44 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcXtrnal.dll
+ 2008-03-08 04:19:20 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcLayers.dll
+ 2008-03-08 04:19:21 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcXtrnal.dll
+ 2008-03-08 04:09:28 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcLayers.dll
+ 2008-03-08 04:09:30 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcXtrnal.dll
+ 2008-03-08 04:30:04 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\gameux.dll
+ 2008-03-08 00:37:02 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\GameUXLegacyGDFs.dll
+ 2008-03-08 04:16:23 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\gameux.dll
+ 2008-03-08 00:29:38 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\GameUXLegacyGDFs.dll
+ 2008-03-08 04:21:55 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\gameux.dll
+ 2008-03-08 02:08:55 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\GameUXLegacyGDFs.dll
+ 2008-03-08 04:10:46 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\gameux.dll
+ 2008-03-08 02:09:25 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\GameUXLegacyGDFs.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]
2007-08-31 13:32 177504 --a------ c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 02:33 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136]
"TrackerChecker2"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 16:54 554320]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 16:32 222504]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 10:47 480560]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 17:53 311296]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 15:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 15:05 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 15:05 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 19:31 1033512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\r3hook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{29DA7670-1067-4EF0-89EE-9BD6B12C9B54}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CABE275A-2E71-4CD7-BEFE-592949AFE45F}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3EC86714-8387-408B-96E6-981610836165}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6F50D2C4-8E6C-46EE-88E2-254E72827181}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{39B3D989-6E77-4032-8CD7-F8CA94EF8C0D}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{45353C69-11B0-49DF-A153-FAEF489D2F33}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B9D5E06F-0DF6-4F61-A359-53B94B0B938C}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F6A10BF2-F0DE-4AAE-BFE2-504D153C766F}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{170CDA6A-111A-4A9A-98ED-2A85D43D77DB}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B81F62E7-E9A4-4330-BE2B-FBF881E4FAB3}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2F635961-175D-4664-B4FD-26A3D12F4096}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B0F27E38-CFE8-41DC-B0E2-38BC89DB1161}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{44388AFA-0173-4865-B296-D9C006EB967A}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{A6DCD29F-AA9C-456D-B6E6-B818B46EC845}"= User{94ADB046-CD9A-434F-AD33-83C0D038F7D1}E:\\bin\\ia\\core\\mdm_util.exe"= UDP:E:\bin\ia\core\mdm_util.exe:MDM_Util
"UDP Query User{03A044DB-06E8-4391-BE35-E6E312E8A947}E:\\bin\\ia\\core\\mdm_util.exe"= TCP:E:\bin\ia\core\mdm_util.exe:MDM_Util
"{0D722FE6-D3DD-4E64-93C8-748E7CC79EFE}"=
"TCP Query User{21839995-5E0B-4FA6-9B28-C5932594ABAA}C:\\program files\\trillian\\trillian.exe"= UDP:C:\program files\trillian\trillian.exe:Trillian
"UDP Query User{493B4AAC-E43D-4D28-A481-8DAFB750210B}C:\\program files\\trillian\\trillian.exe"= TCP:C:\program files\trillian\trillian.exe:Trillian
"{7D608789-C8AA-4D20-8756-3AEA00E53F1D}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{74E041F9-F57E-44B7-85E9-B3B9A2E98D74}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"TCP Query User{C01A3FE8-4567-459A-BD79-A840B913E37E}C:\\program files\\ccp\\eve\\bin\\exefile.exe"= UDP:C:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"UDP Query User{86D08B89-425B-46B5-9E35-30B71F58122F}C:\\program files\\ccp\\eve\\bin\\exefile.exe"= TCP:C:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"{6EE97025-1443-445A-BF12-89F82A8D1050}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{15C3D8BD-E6C6-4D40-967C-BEBAEA571C11}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"TCP Query User{EADEAA38-C543-452A-A648-E52293CAA4BE}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{9798A4B6-54CC-4A63-9136-D97B48C7207B}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{ADCCA65E-0733-445F-8C67-29FAAD884CC6}C:\\program files\\ccp\\eve\\bin\\exefile.exe"= UDP:C:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"UDP Query User{79661837-C416-4777-9D1F-4DC2F35E0106}C:\\program files\\ccp\\eve\\bin\\exefile.exe"= TCP:C:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"TCP Query User{2D73E99C-4797-40BB-8A5E-E64B8CB799C8}C:\\kav\\kav7.0\\english\\setup.exe"= UDP:C:\kav\kav7.0\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{164FA832-0017-4DC7-80D5-C6B5531E45CA}C:\\kav\\kav7.0\\english\\setup.exe"= TCP:C:\kav\kav7.0\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"{8F94C6F0-7805-4990-8264-A577B8060C64}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9F5181CB-AD69-4ABB-9173-C6F5DA2695B9}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{BEC1A758-442E-475F-99CB-30BAF25C14A3}"= UDP:C:\Program Files\itunes\iTunes.exe:iTunes
"{1BDA0372-99C6-408F-B254-29F4D0D7E6EF}"= TCP:C:\Program Files\itunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2007-09-30 22:34]
R2 QPSched;QuickPlay Task Scheduler (QTS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2007-09-30 22:34]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 06:36]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 13:30]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 16:50]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-12 23:50]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-23 18:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c7e13c2-fecd-11dc-ab32-001b24e37c49}]
\shell\AutoRun\command - G:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 18:25:09
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-01 18:27:12
ComboFix-quarantined-files.txt 2008-06-01 23:27:04
ComboFix2.txt 2008-05-27 01:47:52

Pre-Run: 101,406,089,216 bytes free
Post-Run: 101,369,507,840 bytes free

334 --- E O F --- 2008-05-28 21:58:49
Back to top
Login to vote
greyknight17




Joined: Feb 03, 2003
Posts: 4825

Location: Brooklyn, NY
(Msg. 7) Posted: Mon Jun 02, 2008 11:20 am
Post subject: Re: combofix log [Login to view extended thread Info.]
Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
Back to top
Login to vote
darklord17ed




Joined: Dec 09, 2003
Posts: 93



(Msg. 8) Posted: Mon Jun 02, 2008 12:58 pm
Post subject: Re: combofix log [Login to view extended thread Info.]
Thanks Kevin.
As always when I get caught with my shorts down you pick them up!!HeHe!


Regards,
Ed
Back to top
Login to vote
Display posts from previous:   
       Home -> General -> Problem Solvers -> HijackThis Logs All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Categories:
  General
 Microsoft Windows XP
 Microsoft Windows Vista
 Microsoft Windows (other)
 Microsoft Office
 Microsoft Office (other)
 Computer Security
 Linux
 Movies

[ Contact us | Terms of Service/Privacy Policy ]