Member Panel

Obsidian

Logfile of The Avenger Version 2.0, (c) by Swandog46
Swandog46's Public Anti-Malware Tools

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "C:WINDOWSmrofinu1001186.exe" not found!
Deletion of file "C:WINDOWSmrofinu1001186.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:WINDOWSTEMPDILC.tmp" not found!
Deletion of file "C:WINDOWSTEMPDILC.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:WINDOWSb152.exe" not found!
Deletion of file "C:WINDOWSb152.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:49:42 PM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Double Password\DblPswService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\SlySoft\Game Jackal\GameJackal.exe
C:\Program Files\OO Software\CleverCache\ooccag.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\program files\steam\steam.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\WINDOWS\system32\srxTitan.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\TEMP\DILC.tmp
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dl l
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dl l
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [Maplom] C:\Program Files\SlySoft\Game Jackal\GameJackal.exe /silent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SpeedRunner] C:\Documents and Settings\Administrator\Application Data\SpeedRunner\SpeedRunner.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SfKg6wIP] C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\koilfjuv.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Tair] "C:\DOCUME~1\ADMINI~1\MYDOCU~1\SEMBLY~1\netdde.exe " -vt yazb (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Yiphyhgu] "C:\Documents and Settings\Administrator\My Documents\??crosoft\t?skmgr.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PGPtray.exe.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_se...zTCPConfig.CAB
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V020...5031/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: PGPmapih.dll
O23 - Service: Abel - Unknown owner - C:\Program Files\Cain\Abel.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DoublePasswordSvc - Unknown owner - C:\Program Files\Double Password\DblPswService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Titan FTP Server Daemon (SRTSERVERDAEMON) - South River Technologies, Inc. - C:\WINDOWS\system32\srxTitan.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 18523 bytes

ComboFix 08-05-01.3 - Administrator 2008-05-06 19:41:49.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1273 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Administrator\My Documents\CROSOF~1
C:\Documents and Settings\Administrator\My Documents\CROSOF~1\t?skmgr.exe
C:\Documents and Settings\Administrator\My Documents\SEMBLY~1
C:\Documents and Settings\Administrator\My Documents\SEMBLY~1\??sembly\
C:\Documents and Settings\Administrator\My Documents\SEMBLY~1\netdde.exe
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\inetget2
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\Temporary
C:\WINDOWS\b104.exe
C:\WINDOWS\b116.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b155.exe
C:\WINDOWS\b157.exe
C:\WINDOWS\b999.exe
C:\WINDOWS\mrofinu1001186.exe
C:\WINDOWS\Q2hhc2UgUmlnZ2lucw\
C:\WINDOWS\Q2hhc2UgUmlnZ2lucw\\asappsrv.dll
C:\WINDOWS\Q2hhc2UgUmlnZ2lucw\\command.exe
C:\WINDOWS\Q2hhc2UgUmlnZ2lucw\\kZ11wZo0oA5BtZ5RwT. vbs
C:\WINDOWS\Q2hhc2UgUmlnZ2lucw\command.exe
C:\WINDOWS\system32\_005304_.tmp.dll
C:\WINDOWS\system32\_005305_.tmp.dll
C:\WINDOWS\system32\_005306_.tmp.dll
C:\WINDOWS\system32\_005307_.tmp.dll
C:\WINDOWS\system32\_005314_.tmp.dll
C:\WINDOWS\system32\_005315_.tmp.dll
C:\WINDOWS\system32\_005316_.tmp.dll
C:\WINDOWS\system32\_005317_.tmp.dll
C:\WINDOWS\system32\_005319_.tmp.dll
C:\WINDOWS\system32\_005320_.tmp.dll
C:\WINDOWS\system32\_005323_.tmp.dll
C:\WINDOWS\system32\_005324_.tmp.dll
C:\WINDOWS\system32\_005326_.tmp.dll
C:\WINDOWS\system32\_005327_.tmp.dll
C:\WINDOWS\system32\_005328_.tmp.dll
C:\WINDOWS\system32\_005330_.tmp.dll
C:\WINDOWS\system32\_005333_.tmp.dll
C:\WINDOWS\system32\_005334_.tmp.dll
C:\WINDOWS\system32\_005338_.tmp.dll
C:\WINDOWS\system32\_005339_.tmp.dll
C:\WINDOWS\system32\_005341_.tmp.dll
C:\WINDOWS\system32\_005344_.tmp.dll
C:\WINDOWS\system32\_005346_.tmp.dll
C:\WINDOWS\system32\_005347_.tmp.dll
C:\WINDOWS\system32\_005348_.tmp.dll
C:\WINDOWS\system32\_005349_.tmp.dll
C:\WINDOWS\system32\_005350_.tmp.dll
C:\WINDOWS\system32\_005353_.tmp.dll
C:\WINDOWS\system32\_005354_.tmp.dll
C:\WINDOWS\system32\_005355_.tmp.dll
C:\WINDOWS\system32\_005356_.tmp.dll
C:\WINDOWS\system32\_005357_.tmp.dll
C:\WINDOWS\system32\_005362_.tmp.dll
C:\WINDOWS\system32\_005364_.tmp.dll
C:\WINDOWS\system32\_005365_.tmp.dll
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\CPV.stt
C:\WINDOWS\system32\eoz.dll
C:\WINDOWS\uninstall_nmon.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
-------\Service_Network Monitor

((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))
.

2008-05-06 18:45 . 2007-05-08 18:08 86,728 --a------ C:\WINDOWS\system32\msxml6r.dll
2008-05-06 18:40 . 2008-04-14 05:41 423,936 --a------ C:\WINDOWS\system32\SET345.tmp
2008-05-06 18:33 . 2008-05-06 19:40 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-06 18:25 . 2008-05-06 18:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SpeedRunner
2008-05-06 18:15 . 2008-05-06 18:15 <DIR> d-------- C:\Program Files\Spcron
2008-05-03 20:39 . 2008-05-06 18:46 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Applicati on Data\MEGAUPLOADTOOLBAR
2008-05-03 20:03 . 2008-05-03 20:03 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-03 19:56 . 2008-05-03 20:14 <DIR> d-------- C:\SDFix
2008-05-03 16:08 . 2007-12-04 16:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-05-03 00:55 . 2008-05-05 18:11 91,136 --a------ C:\WINDOWS\system32\VT100.EXE
2008-05-02 10:39 . 2008-05-02 10:39 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-02 10:39 . 2008-05-02 10:39 <DIR> d-------- C:\Program Files\Veoh Networks
2008-04-25 17:53 . 2008-04-25 17:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft Games
2008-04-24 17:33 . 2008-04-24 17:33 <DIR> d-------- C:\Program Files\iPod
2008-04-16 20:38 . 2008-04-16 20:38 <DIR> d-------- C:\Program Files\Microsoft Games
2008-04-16 18:55 . 2008-04-16 19:47 <DIR> d-------- C:\Program Files\Cheat Engine
2008-04-16 18:55 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-04-16 18:55 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-04-13 19:11 . 2008-04-13 19:11 2,843,136 --a------ C:\WINDOWS\system32\SET2FA.tmp
2008-04-13 19:10 . 2008-04-13 19:10 53,279 --a------ C:\WINDOWS\system32\SET28A.tmp
2008-04-13 19:09 . 2008-04-13 19:09 545,280 --a------ C:\WINDOWS\system32\SET389.tmp
2008-04-13 19:09 . 2008-04-13 19:09 290,816 --a------ C:\WINDOWS\system32\SET346.tmp
2008-04-13 19:09 . 2008-04-13 19:09 285,696 --a------ C:\WINDOWS\system32\SET447.tmp
2008-04-13 19:09 . 2008-04-13 19:09 16,896 --a------ C:\WINDOWS\system32\SET42B.tmp
2008-04-13 12:37 . 2008-04-13 12:37 208,384 --a------ C:\WINDOWS\system32\SET23A.tmp
2008-04-13 12:37 . 2008-04-13 12:37 138,752 --a------ C:\WINDOWS\system32\SET3AF.tmp
2008-04-13 12:26 . 2008-04-13 12:26 94,208 --a------ C:\WINDOWS\system32\SET28B.tmp
2008-04-13 12:26 . 2008-04-13 12:26 90,112 --a------ C:\WINDOWS\system32\SET1F8.tmp
2008-04-13 12:26 . 2008-04-13 12:26 12,288 --a------ C:\WINDOWS\system32\SET30D.tmp
2008-04-13 12:26 . 2008-04-13 12:26 12,288 --a------ C:\WINDOWS\system32\SET288.tmp
2008-04-13 12:24 . 2008-04-13 12:24 20,480 --a------ C:\WINDOWS\system32\SET2E6.tmp
2008-04-13 12:03 . 2008-04-13 12:03 549,376 --a------ C:\WINDOWS\system32\SET217.tmp
2008-04-13 12:03 . 2008-04-13 12:03 63,488 --a------ C:\WINDOWS\system32\SET43B.tmp
2008-04-13 11:23 . 2008-04-13 11:23 48,128 --a------ C:\WINDOWS\system32\SET2E1.tmp
2008-04-13 11:22 . 2008-04-13 11:22 48,128 --a------ C:\WINDOWS\system32\SET369.tmp
2008-04-13 10:42 . 2008-04-13 10:42 16,896 --a------ C:\WINDOWS\system32\SET1E7.tmp
2008-04-13 10:39 . 2008-04-13 10:39 884,736 --a------ C:\WINDOWS\system32\SET2F3.tmp
2008-04-11 19:10 . 2007-10-22 19:07 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-11 19:09 . 2008-04-11 19:09 <DIR> d-------- C:\Program Files\?icrosoft
2008-04-11 19:09 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\M?crosoft
2008-04-11 19:08 . 2008-04-11 19:08 <DIR> d-------- C:\Program Files\Common Files\T?sks
2008-04-11 19:08 . 2008-04-11 19:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\M?crosoft.NET
2008-04-11 19:07 . 2008-05-06 19:25 <DIR> d-------- C:\Program Files\Common Files\System
2008-04-11 19:07 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\T?sks
2008-04-11 19:06 . 2008-04-11 19:06 <DIR> d-------- C:\WINDOWS\system32\?ymbols
2008-04-11 19:06 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\Common Files\çasks
2008-04-11 19:06 . 2008-04-11 19:06 <DIR> d-------- C:\Program Files\A?pPatch
2008-04-11 19:05 . 2008-04-11 19:00 <DIR> d-------- C:\WINDOWS\system32\çasks
2008-04-11 19:05 . 2008-04-11 19:03 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2008-04-11 19:04 . 2008-04-11 19:00 <DIR> d-------- C:\WINDOWS\system32\çasks
2008-04-11 19:04 . 2008-05-06 19:18 <DIR> d---s---- C:\WINDOWS\Tasks
2008-04-11 19:04 . 2008-05-06 19:18 <DIR> d---s---- C:\WINDOWS\Tasks
2008-04-11 19:04 . 2008-04-11 19:03 <DIR> d-------- C:\Program Files\Common Files\àppPatch
2008-04-11 19:04 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET
2008-04-11 19:04 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\A?pPatch
2008-04-11 19:03 . 2008-04-11 19:00 <DIR> d-------- C:\WINDOWS\àppPatch
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\WINDOWS\system32\a?sembly
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2008-04-11 19:03 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\M?crosoft.NET
2008-04-11 19:03 . 2008-03-25 18:08 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2008-04-11 19:03 . 2008-05-06 19:43 <DIR> d-------- C:\WINDOWS\system32
2008-04-11 19:03 . 2008-03-25 18:08 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Program Files\Common Files\àppPatch
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Program Files\Common Files\?ystem32
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Program Files\a?sembly
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\àppPatch
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?stem
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\?ystem32
2008-04-11 19:03 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?stem32
2008-04-11 19:03 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?mbols
2008-04-11 19:03 . 2008-04-11 18:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\S?mantec
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\WINDOWS\çasks
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\WINDOWS\system32\?ystem
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\WINDOWS\system32\?ecurity
2008-04-11 19:02 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\s?stem32
2008-04-11 19:02 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\s?mbols
2008-04-11 19:02 . 2007-10-22 19:07 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-11 19:02 . 2008-04-11 19:01 <DIR> d-------- C:\WINDOWS\M?crosoft
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\Program Files\Common Files\s?stem32
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\Program Files\Common Files\M?crosoft.NET
2008-04-11 19:02 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\s?stem
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\T?sks
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?mbols
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET
2008-04-11 19:02 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?curity
2008-04-11 19:02 . 2008-04-30 22:47 <DIR> d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-11 19:01 . 2008-04-11 18:57 <DIR> d-------- C:\Program Files\Common Files\M?crosoft
2008-04-11 19:01 . 2008-04-11 19:01 <DIR> d-------- C:\Program Files\?racle
2008-04-11 19:01 . 2008-04-11 19:06 <DIR> d-------- C:\Program Files\A?pPatch
2008-04-11 19:01 . 2008-04-11 18:58 <DIR> d-------- C:\Program Files\s?mbols
2008-04-11 19:01 . 2008-04-11 19:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\M?crosoft.NET
2008-04-11 19:01 . 2008-04-11 18:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\çasks
2008-04-11 19:00 . 2008-04-11 19:02 <DIR> d-------- C:\WINDOWS\çasks
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\àppPatch
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\W?nSxS
2008-04-11 19:00 . 2008-01-31 20:43 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\M?crosoft
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\Common Files\çasks
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\Common Files\A?pPatch
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\Common Files\?ssembly
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET
2008-04-11 19:00 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\Common Files\a?sembly
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\?ymantec
2008-04-11 19:00 . 2008-04-11 19:01 <DIR> d-------- C:\Program Files\?racle
2008-04-11 19:00 . 2008-04-11 19:09 <DIR> d-------- C:\Program Files\?icrosoft
2008-04-11 19:00 . 2008-03-06 17:51 <DIR> d-------- C:\Program Files\Adobe
2008-04-11 19:00 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\çasks
2008-04-11 19:00 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\S?mantec
2008-04-11 19:00 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\s?curity
2008-04-11 19:00 . 2008-01-31 20:43 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-11 19:00 . 2008-01-31 20:43 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?stem32
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?curity
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\A?pPatch
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\?ymantec
2008-04-11 19:00 . 2008-04-30 22:47 <DIR> d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-11 19:00 . 2008-04-30 22:47 <DIR> d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\T?sks
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\s?stem32
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\s?mbols
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\M?crosoft.NET
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\?ymantec
2008-04-11 18:59 . 2008-05-06 18:51 <DIR> d-------- C:\WINDOWS\security
2008-04-11 18:59 . 2008-05-06 19:25 <DIR> dr--s---- C:\WINDOWS\Fonts
2008-04-11 18:59 . 2008-05-06 19:25 <DIR> d-------- C:\WINDOWS\AppPatch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-07 00:46 --------- d-----w C:\Program Files\Steam
2008-05-07 00:46 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-05-07 00:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-05-07 00:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\VMware
2008-05-07 00:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-05-06 23:43 --------- d-----w C:\Program Files\Wireshark
2008-05-06 23:42 --------- d-----w C:\Program Files\Windows Mobile 5.0 SDK R2
2008-05-06 23:38 --------- d-----w C:\Program Files\QuickTime
2008-05-06 23:36 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-05-06 23:27 --------- d-----w C:\Program Files\BurnInTest
2008-05-06 23:18 --------- d-----w C:\Program Files\AC3Filter
2008-05-02 15:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-30 00:20 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-27 19:41 22,328 ----a-w C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
2008-04-27 05:29 --------- d-----w C:\Program Files\Apple Software Update
2008-04-24 22:33 --------- d-----w C:\Program Files\iTunes
2008-04-14 00:15 218,134 ----a-w C:\WINDOWS\AppPatch\SET54C.tmp
2008-04-14 00:15 204,396 ----a-w C:\WINDOWS\AppPatch\SET54B.tmp
2008-04-14 00:15 1,202,774 ----a-w C:\WINDOWS\AppPatch\SET54A.tmp
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\SET477.tmp
2008-04-14 00:11 451,072 ----a-w C:\WINDOWS\AppPatch\SET550.tmp
2008-04-14 00:11 245,248 ----a-w C:\WINDOWS\AppPatch\SET54E.tmp
2008-04-14 00:11 141,312 ----a-w C:\WINDOWS\AppPatch\SET54F.tmp
2008-04-14 00:11 116,224 ----a-w C:\WINDOWS\AppPatch\SET54D.tmp
2008-04-14 00:11 1,852,928 ----a-w C:\WINDOWS\AppPatch\SET551.tmp
2008-04-13 05:32 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-04-09 02:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-04 21:04 --------- d-----w C:\Program Files\Valve Hammer Editor
2008-03-29 18:43 880,640 ----a-w C:\WINDOWS\iun6002.exe
2008-03-29 18:43 --------- d-----w C:\Program Files\FireTune
2008-03-24 19:29 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-24 17:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
2008-03-17 16:17 --------- d-----w C:\Program Files\AudioShell
2008-03-17 16:12 --------- d-----w C:\Program Files\TagRename
2008-03-17 16:09 --------- d-----w C:\Program Files\Abdio
2008-03-17 16:06 --------- d-----w C:\Program Files\Hexprobe
2008-03-09 22:26 573,440 ----a-w C:\WINDOWS\AJScreensaver.scr
2008-03-09 17:17 --------- d--h--w C:\Documents and Settings\Administrator\Application Data\FVSTemp
2008-03-09 16:52 --------- d-----w C:\Program Files\Electronic Arts
2008-03-09 16:20 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Dev-Cpp
2008-03-07 13:24 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-03-07 02:17 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-18 16:39 524,288 ----a-w C:\WINDOWS\opuc.dll
2008-02-16 00:00 984,576 ----a-w C:\Documents and Settings\Administrator\Application Data\kernel33.dll
.

------- Sigcheck -------

2008-04-13 19:12 518656 a558ce9fd4fe025984785f8eea281b8c C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\winlogon.exe
2007-11-25 15:41 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe

2007-06-13 05:23 1043968 f8655f96b0ef9116738ec1092dc4a381 C:\WINDOWS\explorer.exe
2007-06-13 06:26 1076736 a0ac0caf7f1f16ca295d5f9e5a18ff23 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2008-04-13 19:12 1044480 5225aa034af7002d93c4e8119c5c916e C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\explorer.exe
2007-06-13 05:23 1043968 4b39cd60a0bf8cd65946cfef65914f82 C:\WINDOWS\system32\dllcache\explorer.exe

2008-04-13 19:12 26112 01f1465fbcb82326d2a4df083fe97535 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ctfmon.exe
2004-08-12 08:18 26112 dd545714c04b6f169de685be1462d95d C:\WINDOWS\system32\ctfmon.exe
2004-08-12 08:18 26112 7486b56961ef60d6be46d97129a96b27 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-03_20.37.23.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-04 01:35:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-07 00:45:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2000-08-31 13:00:00 40,960 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 13:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
- 2007-10-29 22:32:53 87,263 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
+ 2008-05-07 00:19:13 87,263 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
- 2007-10-29 22:32:53 3,344 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore. bin
+ 2008-05-07 00:19:13 2,734 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore. bin
+ 2008-05-06 23:16:00 944,072 ----a-w C:\WINDOWS\system32\config\systemprofile\Applicati on Data\MEGAUPLOADTOOLBAR\megauper.exe
- 2008-05-04 01:35:12 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
+ 2008-05-07 00:45:27 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
+ 2008-05-06 23:16:01 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
- 2008-05-04 01:35:12 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-07 00:45:27 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-06 23:15:55 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050620080 507\index.dat
+ 2008-05-06 23:15:57 78,924 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
- 2008-05-04 01:35:12 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-07 00:45:27 65,536 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-08-12 13:18:58 71,040 ------w C:\WINDOWS\system32\drivers\_005281_.tmp.dll
- 2007-10-11 20:12:48 1,468,968 ------w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-03-20 23:06:36 1,480,232 ------w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2004-10-27 20:21:36 138,240 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\hdaudbus.sys
+ 2008-04-14 00:12:36 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe
- 2006-10-16 21:10:58 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-08-11 01:46:18 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-01-03 17:21:06 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2007-08-11 01:46:18 26,488 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2008-05-07 00:45:42 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_224.dat
- 2000-08-31 13:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-31 13:00:00 130,628 ----a-w C:\WINDOWS\VFind.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ic onOverlayHandlerAccessible]
@={3DBF5F01-3287-46EB-82CF-45AA5C241162}

[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2008-02-02 18:04 380472 --a------ C:\WINDOWS\system32\pgpfsshl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2007-11-07 18:30 67128]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 14:31 22880040]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 05:29 220544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 08:18 26112]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-10-18 16:27 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 13:51 202024]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-07 13:19 50528]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-03-07 05:26 1694656]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-02-26 19:49 160592]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1704960]
"Steam"="c:\program files\steam\steam.exe" [2008-04-06 11:21 1271032]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-18 14:30 3640368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 17:52 8531968]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2007-10-08 10:27 72240]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2007-10-08 10:26 55856]
"Maplom"="C:\Program Files\SlySoft\Game Jackal\GameJackal.exe" [2008-02-15 16:18 5224384]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-04-05 17:16 6731312]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 425984]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AutoInclude"="C:\WINDOWS\TEMP\DILD.tmp" [2008-05-06 19:47 8192]
"runner1"="C:\WINDOWS\mrofinu1001186.exe" [2008-05-06 19:47 37376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-02-26 19:49 160592]
"JavaCore"="C:\Program Files\\JavaCore\\JavaCore.exe" [ ]
"SpeedRunner"="C:\Documents and Settings\Administrator\Application Data\SpeedRunner\SpeedRunner.exe" [2008-05-06 18:26 181248]
"SfKg6wIP"="C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\koilfjuv.exe" [2008-05-06 18:26 35328]
"Tair"="C:\DOCUME~1\ADMINI~1\MYDOCU~1\SEMBLY~1\net dde.exe" [ ]
"Yiphyhgu"="C:\Documents and Settings\Administrator\My Documents\??crosoft\t?skmgr.exe" [ ]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ASUS WiFi-AP Solo.lnk - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe [2007-10-22 20:07:44 1007616]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2007-11-07 18:30:11 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-29 18:15:17 704512]
PGPtray.exe.lnk - C:\WINDOWS\Installer\{3EAF9D5B-B0E8-4344-94E7-B27EB6C1B87B}\Icon6560581611.exe [2008-02-23 13:42:22 98816]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 16:40:46 129536]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=PGPmapih.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"MSVideo"= CSvidcap.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Gear Help]
--a------ 2006-07-27 20:39 429568 C:\Program Files\ASUS\Ai Gear\GearHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]
--a------ 2006-11-30 11:23 1464832 C:\Program Files\ASUS\Ai Nap\AiNap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
--------- 2005-12-12 09:36 221184 C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
--------- 2006-01-08 21:43 65628 C:\Program Files\Creative\Shared Files\CTSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
--------- 1999-10-10 12:00 52736 C:\WINDOWS\CTRegRun.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-12-12 10:46 31232 C:\WINDOWS\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-08-04 11:29 1056552 C:\Program Files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
--a------ 2006-12-08 15:24 3760640 C:\Program Files\ASUS\AI Booster\OverClk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LcdStudio]
C:\Program Files\LcdStudio\LcdStudio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1704960 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 10:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
--a------ 2006-07-10 22:10 213504 C:\WINDOWS\system32\nvraidservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 03:08 2512392 C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 425984 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-08-04 11:30 2043688 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SharK]
C:\WINDOWS\system32\The sharK Project.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 299008 C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinodwsUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Brother XP spl Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer .exe"=
"C:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic.exe"=
"C:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic_online.exe"=
"C:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic_ds.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Common Files\\InstallShield\\Engine\\6\\Intel 32\\IKernel.exe"=
"C:\\Program Files\\Steam\\SteamApps\\obsidian44\\garrysmod\\hl 2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\obsidian44\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\obsidian44\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotc ore3.sys [2007-04-27 17:25]
R0 pgpfs;PGP File Sharing;C:\WINDOWS\system32\Drivers\PGPfsfd.sys [2008-02-02 18:04]
R0 PGPwded;PGPwded Storage Filter Service;C:\WINDOWS\system32\drivers\PGPwded.sys [2008-02-02 18:05]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\orea ns32.sys [2008-02-17 17:22]
R2 DoublePasswordSvc

oublePasswordSvc;C:\Program Files\Double Password\DblPswService.exe [2006-05-11 05:45]
R2 PGPdisk;PGPdisk;C:\WINDOWS\system32\drivers\PGPdis k.sys [2008-02-02 18:04]
R2 PGPsdkDriver;PGPsdkDriver;C:\WINDOWS\system32\Driv ers\PGPsdk.sys [2008-02-02 18:04]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R2 SRTSERVERDAEMON;Titan FTP Server Daemon;"C:\WINDOWS\system32\srxTitan.exe" [2007-08-07 13:36]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 20:15]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 08:36]
R3 MaplomL;MaplomL;C:\WINDOWS\system32\drivers\Maplom L.sys [2008-02-15 12:34]
S2 Abel;Abel;C:\Program Files\Cain\Abel.exe []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 15:22]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 21:12]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2008-01-28 13:13]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.s ys [2006-06-23 10:35]
S4 msvsmon90;Visual Studio 2008 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B1B5B04F-A20B-A6E0-E050-F0F00BCD201C}]
C:\WINDOWS\system32\My_Server.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-29 12:43:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-26 22:27:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-18 23:27:48 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
************************************************** ************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 19:45:55
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Double Password\dblpsw.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\TEMP\DILC.tmp
C:\WINDOWS\mrofinu1001186.exexe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\searchfilterhost.exe
.
************************************************** ************************
.
Completion time: 2008-05-06 19:48:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-07 00:48:53
ComboFix2.txt 2008-05-06 23:13:54
ComboFix3.txt 2008-05-06 01:55:00
ComboFix4.txt 2008-05-05 23:13:01
ComboFix5.txt 2008-05-05 01:43:49

Pre-Run: 9,942,945,792 bytes free
Post-Run: 9,630,089,216 bytes free

551 --- E O F --- 2008-04-09 03:19:36

Pancake · 02:56 AM

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O4 - HKUS\S-1-5-18\..\Run: [SpeedRunner] C:\Documents and Settings\Administrator\Application Data\SpeedRunner\SpeedRunner.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SfKg6wIP] C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\koilfjuv.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Tair] "C:\DOCUME~1\ADMINI~1\MYDOCU~1\SEMBLY~1\netdde .exe " -vt yazb (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Yiphyhgu] "C:\Documents and Settings\Administrator\My Documents\??crosoft\t?skmgr.exe" (User 'SYSTEM')

Reboot.............................
==============================================

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:

Killall::
File::
C:\WINDOWS\system32\SET2FA.tmp
C:\WINDOWS\system32\SET28A.tmp
C:\WINDOWS\system32\SET389.tmp
C:\WINDOWS\system32\SET346.tmp
C:\WINDOWS\system32\SET447.tmp
C:\WINDOWS\system32\SET42B.tmp
C:\WINDOWS\system32\SET23A.tmp
C:\WINDOWS\system32\SET3AF.tmp
C:\WINDOWS\system32\SET28B.tmp
C:\WINDOWS\system32\SET1F8.tmp
C:\WINDOWS\system32\SET30D.tmp
C:\WINDOWS\system32\SET288.tmp
C:\WINDOWS\system32\SET2E6.tmp
C:\WINDOWS\system32\SET217.tmp
C:\WINDOWS\system32\SET43B.tmp
C:\WINDOWS\system32\SET2E1.tmp
C:\WINDOWS\system32\SET369.tmp
C:\WINDOWS\system32\SET1E7.tmp
C:\WINDOWS\system32\SET2F3.tmp
C:\WINDOWS\AppPatch\SET54C.tmp
C:\WINDOWS\AppPatch\SET54B.tmp
C:\WINDOWS\AppPatch\SET54A.tmp
C:\WINDOWS\SET477.tmp
C:\WINDOWS\AppPatch\SET550.tmp
C:\WINDOWS\AppPatch\SET54E.tmp
C:\WINDOWS\AppPatch\SET54F.tmp
C:\WINDOWS\AppPatch\SET54D.tmp
C:\WINDOWS\AppPatch\SET551.tmp
C:\WINDOWS\system32\The sharK Project.exe
C:\WINDOWS\system32\My_Server.exe
C:\WINDOWS\TEMP\DILC.tmp
C:\WINDOWS\mrofinu1001186.exexe
C:\Documents and Settings\Administrator\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\koilfjuv.exe
Folder::
C:\Documents and Settings\Administrator\Application Data\SpeedRunner
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinodwsUpdate]

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*
========================================

Go to Kaspersky Online Scanner
Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Obsidian

Umm really sorry, but you see I once I got my pc generally fixed I figured it be a good time to do a windows update, however I installed SP3 and now have the blue screen on startup with the following:

STOP: c000021a {Fatal System Error}

The windows logon process system process terminated unexpectedly with a status of 0xc0000005 (0x00000000 0x00000000).
The System has been shut down.

Sorry for being stupid, I still have my xp cd so if I need to do a recovery then thats ok and fyi Safemode does not work either.

Member Panel

Sponsors and Ads

Join the Team

Live Tag Cloud