Member Panel

adamussg

Having an issue with my internet,,, tried running spybot s&d and it came up with win32poisionk i believe it was called. I'm kinda new to Hijack this so I'm not sure what to delete....Any help would be much appreciated.... Thanks!!!

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Microsoft] wplayer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\b\AppData\Local\Temp\khffExVP.dll,c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BM2165e889] Rundll32.exe "C:\Users\b\AppData\Local\Temp\oirupqrp.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.line6.net
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddse rv.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5950 bytes

adamussg

I have tried running spybot as an administrator and it claims it deletes the file but within minutes...it's back... Internet is super slow.... Driving me nuts!!!

Pancake

I see the problem.You also missed posting half of your HJT log but no matter we will see it all next time...

Ok.We need to download ComboFix.exe. This will give me a better view to the files that are running and also the ones that are hidden on
your computer.It may also remove some,but not all, of the infected files if found.
Please visit this webpage for download links, and instructions
for running ComboFix

When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so
that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of
Combofix. Mal use can cause serious computer problems
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an
issue or makes it difficult for you - please let me know.

adamussg

Thanks for your help... here is the info you requested...
ComboFix 08-05-12.1 - b 2008-05-14 8:04:11.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1274 [GMT -4:00]
Running from: E:\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
.

2008-05-13 22:31 . 2008-05-13 22:31 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-13 22:31 . 2008-05-13 22:31 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-05-13 22:27 . 2008-05-13 22:27 <DIR> d-------- C:\Users\b\AppData\Roaming\SUPERAntiSpyware.com
2008-05-13 22:27 . 2008-05-13 22:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-13 22:27 . 2008-05-13 22:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-11 07:56 . 2008-05-11 07:57 524,288 --ahs---- C:\Users\Public\NTUSER.DAT{37737317-1f16-11dd-8f59-001b247281d7}.TMContainer00000000000000000002.regt rans-ms
2008-05-11 07:56 . 2008-05-11 07:57 524,288 --ahs---- C:\Users\Public\NTUSER.DAT{37737317-1f16-11dd-8f59-001b247281d7}.TMContainer00000000000000000001.regt rans-ms
2008-05-11 07:56 . 2008-05-11 07:57 65,536 --ahs---- C:\Users\Public\NTUSER.DAT{37737317-1f16-11dd-8f59-001b247281d7}.TM.blf
2008-05-11 00:52 . 2008-05-11 00:52 <DIR> d-------- C:\Program Files\Alwil Software
2008-05-11 00:52 . 2008-05-12 12:37 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-05-11 00:45 . 2008-05-11 00:45 524,288 --ahs---- C:\Users\Public\NTUSER.DAT{8a4a2bbf-1f10-11dd-ba69-001b247281d7}.TMContainer00000000000000000002.regt rans-ms
2008-05-11 00:45 . 2008-05-11 00:45 524,288 --ahs---- C:\Users\Public\NTUSER.DAT{8a4a2bbf-1f10-11dd-ba69-001b247281d7}.TMContainer00000000000000000001.regt rans-ms
2008-05-11 00:45 . 2008-05-11 00:45 65,536 --ahs---- C:\Users\Public\NTUSER.DAT{8a4a2bbf-1f10-11dd-ba69-001b247281d7}.TM.blf
2008-05-11 00:45 . 2008-05-14 08:04 5,120 --ah----- C:\Users\Public\NTUSER.DAT.LOG1
2008-05-11 00:45 . 2008-05-11 00:45 0 --ah----- C:\Users\Public\NTUSER.DAT.LOG2
2008-05-10 23:36 . 2008-05-10 23:36 <DIR> d-------- C:\Users\b\AppData\Roaming\McAfee
2008-05-10 14:51 . 2008-05-10 14:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-10 14:36 . 2008-05-10 14:36 <DIR> d-------- C:\Program Files\CCleaner
2008-05-08 14:47 . 2008-05-08 14:47 <DIR> d-------- C:\Program Files\MagicISO
2008-05-08 07:51 . 2004-08-04 08:00 506,368 --a------ C:\Windows\System32\msxml.dll
2008-04-17 23:53 . 2008-04-17 23:53 <DIR> d-------- C:\Users\All Users\Apple
2008-04-17 23:53 . 2008-04-17 23:53 <DIR> d-------- C:\ProgramData\Apple
2008-04-17 23:53 . 2008-04-17 23:53 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-17 11:55 . 2008-04-17 11:59 <DIR> d-------- C:\Users\b\AppData\Roaming\Line 6
2008-04-17 11:55 . 2008-04-17 11:55 <DIR> d-------- C:\Users\All Users\Line 6
2008-04-17 11:55 . 2008-04-17 11:55 <DIR> d-------- C:\ProgramData\Line 6
2008-04-17 11:55 . 2008-04-17 11:55 <DIR> d-------- C:\Program Files\Common Files\Digidesign
2008-04-17 11:55 . 2008-04-17 11:55 32 --a------ C:\Windows\GearBox.ini
2008-04-17 11:54 . 2008-04-17 11:55 <DIR> d-------- C:\Program Files\Line6
2008-04-17 11:24 . 2008-04-17 11:24 <DIR> d-------- C:\Program Files\Ableton
2008-04-17 11:24 . 2008-03-14 13:22 368,640 --a------ C:\Windows\System32\ReWire.dll
2008-04-17 11:24 . 2008-03-14 13:22 233,472 --a------ C:\Windows\System32\REX Shared Library.dll
2008-04-15 03:46 . 2008-04-15 03:46 <DIR> d-------- C:\Users\b\AppData\Roaming\vlc
2008-04-15 03:19 . 2008-04-15 03:19 <DIR> d-------- C:\Program Files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-14 11:44 58,859 ----a-w C:\Users\b\AppData\Roaming\nvModes.dat
2008-05-14 07:03 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 07:03 --------- d-----w C:\Program Files\Windows Mail
2008-05-11 04:49 --------- d-----w C:\ProgramData\McAfee
2008-05-11 04:44 --------- d-----w C:\ProgramData\SiteAdvisor
2008-05-08 02:40 --------- d-----w C:\Program Files\iolo
2008-04-30 11:55 --------- d-----w C:\Users\b\AppData\Roaming\Roxio
2008-04-30 11:49 --------- d-----w C:\Program Files\Rhapsody
2008-04-28 13:23 --------- d-----w C:\Program Files\BitComet
2008-04-18 03:58 --------- d-----w C:\ProgramData\Apple Computer
2008-04-17 15:24 --------- d-----w C:\Users\b\AppData\Roaming\Ableton
2008-04-15 17:00 --------- d-----w C:\ProgramData\Roxio
2008-04-15 16:53 --------- d-----w C:\Users\b\AppData\Roaming\Azureus
2008-04-09 19:10 --------- d-----w C:\Program Files\WinAce
2008-04-08 05:31 --------- d-----w C:\ProgramData\Azureus
2008-04-08 05:03 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-04-05 18:59 --------- d-----w C:\Users\b\AppData\Roaming\iolo
2008-04-05 18:54 --------- d-----w C:\ProgramData\iolo
2008-04-05 18:43 74,703 ----a-w C:\Windows\System32\mfc45.dll
2008-04-05 17:47 --------- d-----w C:\ProgramData\Symantec
2008-04-05 17:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-03 04:44 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-04-03 04:44 --------- d-----w C:\Users\b\AppData\Roaming\DAEMON Tools
2008-04-02 21:16 521,088 ----a-w C:\Windows\system32\drivers\L6TPortA.sys
2008-04-02 21:16 167,936 ----a-w C:\Windows\System32\l6tpux1.dll
2008-04-01 18:09 --------- d-----w C:\Program Files\World of Warcraft
2008-04-01 17:58 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-01 10:06 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-27 19:03 --------- d-----w C:\Program Files\Java
2008-03-05 20:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll
2008-03-05 20:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll
2008-03-05 20:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll
2008-03-05 19:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll
2008-03-05 19:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2007-08-29 07:11 174 --sha-w C:\Program Files\desktop.ini
2007-11-14 08:04 868,096 --sh--r C:\Windows\System32\wplayer.exe
.

------- Sigcheck -------

2008-04-08 01:03 803328 82c4070707d100febc3d25cf00b77a4c C:\Windows\System32\drivers\tcpip.sys
2006-11-02 04:58 802816 d944522b048a5feb7700b5170d3d9423 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e 0926e99e4\tcpip.sys
2008-01-09 04:04 802816 028061c7f6d2d03068c72e2a27e4228a C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577c e925d75a7\tcpip.sys
2008-04-08 01:03 803328 82c4070707d100febc3d25cf00b77a4c C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b96 4923d030a\tcpip.sys
2008-01-09 04:04 804352 43eae40b50fe3e60d194dd9c97ebb1fd C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb755 5ab898001\tcpip.sys
2008-02-13 04:07 806400 52a8bd6294f7d1443c6184c67ae13af4 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f 9ab7777f4\tcpip.sys

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
"BM2165e889"="C:\Users\b\AppData\Local\Temp\oirupq rp.dll" [2008-05-13 21:47 100928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-14 01:40 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-14 01:40 7766016]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 05:45 222208]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 23:36 827392]
"RegistryMechanic"="" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2008-05-12 12:39 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]
"Microsoft"="wplayer.exe" [2007-11-14 04:04 868096 C:\Windows\System32\wplayer.exe]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2006-06-23 13:00 3394048 C:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
--a------ 2008-01-30 16:33 477696 C:\Program Files\Curse\CurseClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2007-05-04 02:40 312240 C:\Program Files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 03:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
--a------ 2007-03-12 14:54 50696 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 54840 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
--a------ 2007-03-20 18:23 1773568 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2007-03-01 16:18 472776 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
--a------ 2007-03-05 03:40 20480 C:\Program Files\Lexmark 2500 Series\lxddamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
--a------ 2007-05-04 02:38 291760 C:\Program Files\Lexmark 2500 Series\lxddmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-01-14 01:40 81920 C:\Windows\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2007-02-13 14:38 159744 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2007-03-28 20:45 176128 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-01-12 23:36 827392 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
--a------ 2007-01-10 19:12 317128 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-08-11 03:14 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{FABC5D01-90B9-4323-978A-1BC9E0C4B648}"= Profile=Private|C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{9D839C64-DF27-43D5-9374-45F410999409}"= Profile=Private|C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{3E1165D4-6501-4D5C-B527-FD0719E2BFBF}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{AF3360B3-52FB-47E0-B472-39F5E0A261E2}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6466F7C8-9789-4F93-B00F-3F85CFE814FB}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2346F100-EA86-48A7-B581-AAFCBAC9515D}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9EF3943E-DCE5-480B-ADBE-BDF50FFDB414}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{118BCD34-FAA4-4805-883F-0965C17EE6F0}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4B920AD5-989E-4613-ACBB-4B617DFEAD5B}"= UDP:C:\Program Files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{338FFAFB-A8D9-4A37-AA1A-92A87184A5D4}"= TCP:C:\Program Files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{79611AC9-D86E-474E-853F-8C074B94F06E}"= UDP:C:\Program Files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{9DC31132-EBB2-4B99-A385-4360045CB493}"= TCP:C:\Program Files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{4C8A0081-4F22-490A-BA5B-FAAC111A0EDC}"= UDP:C:\Windows\System32\lxddcoms.exe:Lexmark Communications System
"{BEDEF0E4-3493-4D2D-B41E-7C3BB5CAE172}"= TCP:C:\Windows\System32\lxddcoms.exe:Lexmark Communications System
"{B17305F1-7AFB-4612-8A46-F7A0A66B9368}"= Disabled:UDP:135:TCP Port 135
"{2C8BE069-8425-4E06-AF17-D40648F1C46B}"= Disabled:UDP:5000:TCP Port 5000
"{334A0F92-3EB1-45F8-AEC2-653E7CD1E31F}"= Disabled:UDP:5001:TCP Port 5001
"{1470BD03-DC54-44DC-9525-E55BA09E1AB1}"= Disabled:UDP:5002:TCP Port 5002
"{E49E35B1-7C3A-4FF4-A044-BAFE4AF495EF}"= Disabled:UDP:5003:TCP Port 5003
"{C1E76216-4DF4-4020-88EF-535F3CBE8848}"= Disabled:UDP:5004:TCP Port 5004
"{435FCD02-6773-41B5-8A7C-387E7C28E79D}"= Disabled:UDP:5005:TCP Port 5005
"{683542C3-8950-4890-AB56-A933FF94B7B3}"= Disabled:UDP:5006:TCP Port 5006
"{D4A11D83-C751-4799-8525-B9E04B31E41E}"= Disabled:UDP:5007:TCP Port 5007
"{53B62178-2281-45C3-8673-EED009EDB9B3}"= Disabled:UDP:5008:TCP Port 5008
"{FB1DD9C1-5A2E-42EA-BB70-E07022A762CE}"= Disabled:UDP:5009:TCP Port 5009
"{0D468FCC-D6AB-4214-85DA-296081925372}"= Disabled:UDP:5010:TCP Port 5010
"{5665152B-26BF-43A7-8C2C-FCD44798973A}"= Disabled:UDP:5011:TCP Port 5011
"{9FDDBFD5-E632-472E-9848-E53D938FF546}"= Disabled:UDP:5012:TCP Port 5012
"{F0AA7FB4-2E7D-4621-9E2A-587CBC6902D3}"= Disabled:UDP:5013:TCP Port 5013
"{442DDE5B-AEEB-405C-8C48-4D37CBB02FD8}"= Disabled:UDP:5014:TCP Port 5014
"{616A808F-ACDD-4502-A3FE-282B64C3D923}"= Disabled:UDP:5015:TCP Port 5015
"{7486565A-8246-400E-A8E4-54091D17F81D}"= Disabled:UDP:5016:TCP Port 5016
"{205E87C1-EC60-4BBD-BE57-C66FC0322019}"= Disabled:UDP:5017:TCP Port 5017
"{D3E85DC1-9B4E-4FE4-B8D1-E8E96667ACB5}"= Disabled:UDP:5018:TCP Port 5018
"{76C06772-C382-4AC7-8A4A-8B398E8568E4}"= Disabled:UDP:5019:TCP Port 5019
"{F2F593BC-4774-46F3-B17F-395B92B3C26C}"= Disabled:UDP:5020:TCP Port 5020
"{8AD4E1CD-6A50-4BD7-A15D-0F1691B55712}"= UDP:7224:BitComet 7224 TCP
"{29BAC9FD-A69A-4176-BB75-60FA446BB7CC}"= TCP:7224:BitComet 7224 UDP
"{1AC9FE98-354F-494B-BED8-4512AB142C67}"= Disabled:TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{0A1E29C5-F0B1-4E8A-B649-3F90E08C5F89}C:\\program files\\lexmark 2500 series\\lxddamon.exe"= UDP:C:\program files\lexmark 2500 series\lxddamon.exe

evice Monitor Application
"UDP Query User{57B11554-096B-4321-8000-D6EA17298008}C:\\program files\\lexmark 2500 series\\lxddamon.exe"= TCP:C:\program files\lexmark 2500 series\lxddamon.exe

evice Monitor Application
"TCP Query User{91AEFEBC-FA53-4338-AA01-4568BA086C45}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{1B483C52-4A64-49F1-8023-008B60663E0E}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{5DEF26CD-C7C1-40D3-A572-1C4508221B84}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{90847164-7023-4BA2-AB1E-AA70B325EDDB}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{CF7AE67C-311D-4AF0-A423-F2C36B84E209}"= UDP:C:\Program Files\Lexmark 2500 Series\lxddmon.exe:
"{B7100A64-6C3F-4626-BAEC-B3742D65CB5A}"= TCP:C:\Program Files\Lexmark 2500 Series\lxddmon.exe:
"{EC110AC1-E751-41A6-BA53-D9C5F9B0713D}"= Disabled:UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6D86968A-477B-4869-91A4-BC6AF95EF253}"= Disabled:TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D1A0DAED-B4D9-417E-91AA-F1CB28090FF5}"= Disabled:UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CF420997-A179-42A8-A833-07F6C1DE2F71}"= Disabled:TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FA79784F-E9BA-4351-903D-35CAF8782AFC}"= Disabled:C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{94957310-565A-4F9E-B9BA-F08AE147A5D9}"= Disabled:C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{F5384551-42EA-41D2-8504-2960B85F379F}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxd djswx.exe:
"{47928AE9-3B7C-4FA8-9093-A20751ABB4E2}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxd djswx.exe:
"{56AB57DF-14D8-4341-8312-619CF6AD67CD}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxd dtime.exe:
"{B5E772E6-EA8D-48DA-A4B0-BB5E4ED3ED8C}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxd dtime.exe:
"{3A865870-7543-4A62-8B70-381D05DFB680}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxd dpswx.exe:
"{F392DAE4-FB96-47EA-9D31-2D90DE6366EC}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxd dpswx.exe:

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-12 12:36]
R1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\el rawdsk.sys [2007-09-20 14:12]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswF sBlk.sys [2008-05-12 12:38]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\as wMonFlt.sys [2008-05-12 12:37]
R2 lxdd_device;lxdd_device;C:\Windows\system32\lxddco ms.exe [2007-04-26 01:21]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.s ys [2006-08-05 05:39]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 04:50]
S2 lxddCATSCustConnectService;lxddCATSCustConnectServ ice;C:\Windows\system32\spool\DRIVERS\W32X86\3\\lx ddserv.exe [2007-04-26 01:21]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 11:43]
S3 L6TPortA;Service - Line 6 TonePort UX1;C:\Windows\system32\Drivers\L6TPortA.sys [2008-04-02 17:16]

*Newly Created Service* - CATCHME
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 08:06:49
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Users\b\AppData\Local\Temp\oirupqrp.dll
.
Completion time: 2008-05-14 8:08:02
ComboFix-quarantined-files.txt 2008-05-14 12:07:58

Pre-Run: 87,856,476,160 bytes free
Post-Run: 87,832,047,616 bytes free

276 --- E O F --- 2008-05-14 07:03:14

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:01 AM, on 5/14/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wplayer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Microsoft] wplayer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BM2165e889] Rundll32.exe "C:\Users\b\AppData\Local\Temp\oirupqrp.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.line6.net
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddse rv.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6451 bytes
This **** is driving me nuts!!!

Pancake

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKCU\..\Run: [BM2165e889] Rundll32.exe "C:\Users\b\AppData\Local\Temp\oirupqrp.dll",s

Reboot...................................

================================

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:

Killall::

File::
C:\Users\b\AppData\Local\Temp\oirupq rp.dll

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*

adamussg

It did noy happen exactly as you say... here is my new hijack this log and the combofix results now... internet works but only on initial startup page.... gets stuck up when I attempt to go to any other pages.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:29 AM, on 5/16/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BM2165e889] Rundll32.exe "C:\Users\b\AppData\Local\Temp\oirupqrp.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.line6.net
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddse rv.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6050 bytes

I had to run combofix with mozilla running or i wouldn't havee been able to get back on for a long time...
ComboFix 08-05-12.1 - b 2008-05-16 9:42:38.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1288 [GMT -4:00]
Running from: C:\Users\b\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-13 22:31 . 2008-05-13 22:31 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-13 22:31 . 2008-05-13 22:31 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-05-13 22:27 . 2008-05-13 22:27 <DIR> d-------- C:\Users\b\AppData\Roaming\SUPERAntiSpyware.com
2008-05-13 22:27 . 2008-05-14 22:00 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-11 07:56 . 2008-05-11 07:57 524,288 --ahs---- C:\Users\Public\NTUSER.DAT{37737317-1f16-11dd-8f59-001b247281d7}.TMContainer00000000000000000002.regt rans-ms
2008-05-11 07:56 . 2008-05-11 07:57 524,288 --ahs---- C:\Users\Public\NTUSER.DAT{37737317-1f16-11dd-8f59-001b247281d7}.TMContainer00000000000000000001.regt rans-ms
2008-05-11 07:56 . 2008-05-11 07:57 65,536 --ahs---- C:\Users\Public\NTUSER.DAT{37737317-1f16-11dd-8f59-001b247281d7}.TM.blf
2008-05-11 00:52 . 2008-05-11 00:52 <DIR> d-------- C:\Program Files\Alwil Software
2008-05-11 00:52 . 2008-05-12 12:37 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-05-11 00:45 . 2008-05-11 00:45 524,288 --ahs---- C:\Users\Public\NTUSER.DAT{8a4a2bbf-1f10-11dd-ba69-001b247281d7}.TMContainer00000000000000000002.regt rans-ms
2008-05-11 00:45 . 2008-05-11 00:45 524,288 --ahs---- C:\Users\Public\NTUSER.DAT{8a4a2bbf-1f10-11dd-ba69-001b247281d7}.TMContainer00000000000000000001.regt rans-ms
2008-05-11 00:45 . 2008-05-11 00:45 65,536 --ahs---- C:\Users\Public\NTUSER.DAT{8a4a2bbf-1f10-11dd-ba69-001b247281d7}.TM.blf
2008-05-11 00:45 . 2008-05-15 22:04 5,120 --ah----- C:\Users\Public\NTUSER.DAT.LOG1
2008-05-11 00:45 . 2008-05-11 00:45 0 --ah----- C:\Users\Public\NTUSER.DAT.LOG2
2008-05-10 23:36 . 2008-05-10 23:36 <DIR> d-------- C:\Users\b\AppData\Roaming\McAfee
2008-05-10 14:51 . 2008-05-10 14:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-10 14:36 . 2008-05-10 14:36 <DIR> d-------- C:\Program Files\CCleaner
2008-05-08 14:47 . 2008-05-08 14:47 <DIR> d-------- C:\Program Files\MagicISO
2008-05-08 07:51 . 2004-08-04 08:00 506,368 --a------ C:\Windows\System32\msxml.dll
2008-04-17 23:53 . 2008-04-17 23:53 <DIR> d-------- C:\Users\All Users\Apple
2008-04-17 23:53 . 2008-04-17 23:53 <DIR> d-------- C:\ProgramData\Apple
2008-04-17 23:53 . 2008-04-17 23:53 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-17 11:55 . 2008-04-17 11:59 <DIR> d-------- C:\Users\b\AppData\Roaming\Line 6
2008-04-17 11:55 . 2008-04-17 11:55 <DIR> d-------- C:\Users\All Users\Line 6
2008-04-17 11:55 . 2008-04-17 11:55 <DIR> d-------- C:\ProgramData\Line 6
2008-04-17 11:55 . 2008-04-17 11:55 <DIR> d-------- C:\Program Files\Common Files\Digidesign
2008-04-17 11:55 . 2008-04-17 11:55 32 --a------ C:\Windows\GearBox.ini
2008-04-17 11:54 . 2008-04-17 11:55 <DIR> d-------- C:\Program Files\Line6
2008-04-17 11:24 . 2008-04-17 11:24 <DIR> d-------- C:\Program Files\Ableton
2008-04-17 11:24 . 2008-03-14 13:22 368,640 --a------ C:\Windows\System32\ReWire.dll
2008-04-17 11:24 . 2008-03-14 13:22 233,472 --a------ C:\Windows\System32\REX Shared Library.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-16 12:40 58,859 ----a-w C:\Users\b\AppData\Roaming\nvModes.dat
2008-05-14 07:03 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 07:03 --------- d-----w C:\Program Files\Windows Mail
2008-05-11 04:49 --------- d-----w C:\ProgramData\McAfee
2008-05-11 04:44 --------- d-----w C:\ProgramData\SiteAdvisor
2008-05-08 02:40 --------- d-----w C:\Program Files\iolo
2008-04-30 11:55 --------- d-----w C:\Users\b\AppData\Roaming\Roxio
2008-04-30 11:49 --------- d-----w C:\Program Files\Rhapsody
2008-04-28 13:23 --------- d-----w C:\Program Files\BitComet
2008-04-18 03:58 --------- d-----w C:\ProgramData\Apple Computer
2008-04-17 15:24 --------- d-----w C:\Users\b\AppData\Roaming\Ableton
2008-04-15 17:00 --------- d-----w C:\ProgramData\Roxio
2008-04-15 16:53 --------- d-----w C:\Users\b\AppData\Roaming\Azureus
2008-04-15 07:46 --------- d-----w C:\Users\b\AppData\Roaming\vlc
2008-04-15 07:19 --------- d-----w C:\Program Files\VideoLAN
2008-04-09 19:10 --------- d-----w C:\Program Files\WinAce
2008-04-08 05:31 --------- d-----w C:\ProgramData\Azureus
2008-04-08 05:03 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-04-05 18:59 --------- d-----w C:\Users\b\AppData\Roaming\iolo
2008-04-05 18:54 --------- d-----w C:\ProgramData\iolo
2008-04-05 18:43 74,703 ----a-w C:\Windows\System32\mfc45.dll
2008-04-05 17:47 --------- d-----w C:\ProgramData\Symantec
2008-04-05 17:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-03 04:44 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-04-03 04:44 --------- d-----w C:\Users\b\AppData\Roaming\DAEMON Tools
2008-04-02 21:16 521,088 ----a-w C:\Windows\system32\drivers\L6TPortA.sys
2008-04-02 21:16 167,936 ----a-w C:\Windows\System32\l6tpux1.dll
2008-04-01 18:09 --------- d-----w C:\Program Files\World of Warcraft
2008-04-01 17:58 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-01 10:06 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-27 19:03 --------- d-----w C:\Program Files\Java
2008-03-05 20:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll
2008-03-05 20:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll
2008-03-05 20:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll
2008-03-05 19:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll
2008-03-05 19:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2007-08-29 07:11 174 --sha-w C:\Program Files\desktop.ini
2007-11-14 08:04 868,096 --sh--r C:\Windows\System32\wplayer.exe
.

------- Sigcheck -------

2008-04-08 01:03 803328 82c4070707d100febc3d25cf00b77a4c C:\Windows\System32\drivers\tcpip.sys
2006-11-02 04:58 802816 d944522b048a5feb7700b5170d3d9423 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e 0926e99e4\tcpip.sys
2008-01-09 04:04 802816 028061c7f6d2d03068c72e2a27e4228a C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577c e925d75a7\tcpip.sys
2008-04-08 01:03 803328 82c4070707d100febc3d25cf00b77a4c C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b96 4923d030a\tcpip.sys
2008-01-09 04:04 804352 43eae40b50fe3e60d194dd9c97ebb1fd C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb755 5ab898001\tcpip.sys
2008-02-13 04:07 806400 52a8bd6294f7d1443c6184c67ae13af4 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f 9ab7777f4\tcpip.sys

.
((((((((((((((((((((((((((((( snapshot@2008-05-14_ 8.07.38.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-14 11:43:10 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-16 12:39:21 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-14 11:43:11 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2008-05-16 12:39:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2008-05-14 11:43:11 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2008-05-16 12:39:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2008-05-14 11:44:11 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-16 12:41:45 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-14 11:44:11 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2008-05-16 12:41:40 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT
- 2008-05-14 11:43:32 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2008-05-16 12:41:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2008-05-14 11:43:32 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-16 12:41:03 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-14 11:43:32 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-16 12:41:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-14 11:48:06 104,024 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-16 12:44:41 104,024 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-14 11:48:06 618,648 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-16 12:44:41 618,648 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-14 11:45:35 9,446 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1615962445-735074452-360660412-1000_UserData.bin
+ 2008-05-16 12:41:58 9,586 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1615962445-

Member Panel

Sponsors and Ads

Live Tag Cloud