Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

Unable to run Malbytes

2»

Comments

  • Closed Accounts Posts: 16 misterbremer



    KASPERSKY ONLINE SCANNER 7.0 REPORT
    Wednesday, July 8, 2009
    Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Program database last update: Thursday, July 09, 2009 00:39:13
    Records in database: 2445763

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - Critical Areas:
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    C:\Documents and Settings\Tom and Wendy\Start Menu\Programs\Startup
    C:\Program Files
    C:\WINDOWS

    Scan statistics:
    Files scanned: 124344
    Threat name: 1
    Infected objects: 1
    Suspicious objects: 0
    Duration of the scan: 02:19:58


    File name / Threat name / Threats count
    C:\Program Files\Mozilla Firefox\components\cbccdbcfadc.dll Infected: Trojan-Proxy.Win32.Horst.ggx 1

    The selected area was scanned.


  • Closed Accounts Posts: 16 misterbremer


    Did the whole computer Kapersky scan as well...:
    KASPERSKY ONLINE SCANNER 7.0 REPORT
    Thursday, July 9, 2009
    Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Program database last update: Thursday, July 09, 2009 00:39:13
    Records in database: 2445763

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    K:\

    Scan statistics:
    Files scanned: 194082
    Threat name: 11
    Infected objects: 23
    Suspicious objects: 0
    Duration of the scan: 03:48:41


    File name / Threat name / Threats count
    C:\Program Files\Mozilla Firefox\components\cbccdbcfadc.dll/C:\Program Files\Mozilla Firefox\components\cbccdbcfadc.dll Infected: Trojan-Proxy.Win32.Horst.ggx 1
    C:\Program Files\Mozilla Firefox\components\cbccdbcfadc.dll Infected: Trojan-Proxy.Win32.Horst.ggx 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\_cadabfbfcbfcc_.dll.zip Infected: Worm.Win32.AutoRun.abyp 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\_cbccdbcfadc_.dll.zip Infected: Worm.Win32.AutoRun.raz 2
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1262\A0125295.dll Infected: Trojan-Proxy.Win32.Horst.ggx 1
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1262\A0126294.dll Infected: Trojan-Proxy.Win32.Horst.ggx 1
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1263\A0126366.dll Infected: Trojan-Proxy.Win32.Horst.ggx 1
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1267\A0126431.dll Infected: Trojan-Proxy.Win32.Horst.ggx 1
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1278\A0127394.bat Infected: Trojan.Win32.Agent.cfvd 1
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1278\A0127395.bat Infected: Trojan.Win32.Agent.cfvd 1
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1301\A0130465.exe Infected: Trojan.Win32.Agent.ceay 1
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1301\A0130473.exe Infected: Trojan.Win32.Agent.ceay 1
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1319\A0132469.exe Infected: Trojan.Win32.Agent.ceay 1
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1319\A0132471.exe Infected: Trojan.Win32.Agent.ceay 1
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1323\A0133380.exe Infected: Trojan-Downloader.Win32.FraudLoad.veel 1
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1323\A0133381.exe Infected: Trojan-Downloader.Win32.FraudLoad.veel 1
    K:\p1y2.cmd Infected: Trojan-GameThief.Win32.Magania.amqn 1
    K:\2u.com Infected: Trojan-GameThief.Win32.Magania.amqn 1
    K:\xh319r9b.bat Infected: Trojan-GameThief.Win32.Magania.bcvu 1
    K:\6phx.com Infected: Trojan-GameThief.Win32.Magania.bgky 1
    K:\yhh.bat Infected: Trojan-GameThief.Win32.OnLineGames.bmdk 1
    K:\ix8bmwx.bat Infected: Trojan-GameThief.Win32.Magania.bkbk 1

    The selected area was scanned.


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    hi

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:
    File::
    C:\Program Files\Mozilla Firefox\components\cbccdbcfadc.dll
    K:\p1y2.cmd
    K:\2u.com
    K:\xh319r9b.bat
    K:\6phx.com
    K:\yhh.bat
    K:\ix8bmwx.bat

    Folder::

    Registry::

    Driver::

    Save this as CFScript.txt, in the same location as ComboFix.exe


    CFScriptB-4.gif

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



    CLICK HERE to download the HijackThis Installer:
    1. Save HJTInstall.exe to your desktop.
    2. Double-click on HJTInstall.exe to run the program.
    3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
    4. Accept the license agreement by clicking the "I Accept" button.
    5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    6. Click "Save log" to save the log file and then the log will open in Notepad.
    7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
    8. Come back here to this thread and paste the log in your next reply.
    9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


  • Closed Accounts Posts: 16 misterbremer


    ComboFix 09-07-09.02 - Tom and Wendy 07/09/2009 15:13.6.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.516 [GMT -5:00]
    Running from: c:\documents and settings\Tom and Wendy\Desktop\Combo-Fix.exe
    Command switches used :: c:\documents and settings\Tom and Wendy\Desktop\CFScript.txt

    FILE ::
    "c:\program files\Mozilla Firefox\components\cbccdbcfadc.dll"
    "K:\2u.com"
    "K:\6phx.com"
    "K:\ix8bmwx.bat"
    "K:\p1y2.cmd"
    "K:\xh319r9b.bat"
    "K:\yhh.bat"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Mozilla Firefox\components\cbccdbcfadc.dll
    K:\2u.com
    K:\6phx.com
    K:\ix8bmwx.bat
    K:\p1y2.cmd
    K:\xh319r9b.bat
    K:\yhh.bat

    .
    ((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
    .

    2009-07-08 22:30 . 2009-04-30 22:57 199192 ----a-w- c:\windows\system32\lvci1201278.dll
    2009-07-08 22:29 . 2009-07-08 22:31
    d
    w- c:\windows\LastGood
    2009-07-08 20:56 . 2009-07-08 20:56 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-07-08 20:55 . 2009-07-08 20:55
    d
    w- c:\documents and settings\Tom and Wendy\Application Data\Malwarebytes
    2009-07-08 20:55 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-07-08 20:55 . 2009-07-08 20:56
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2009-07-08 20:55 . 2009-07-08 20:55
    d
    w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-07-08 20:55 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-07-08 20:31 . 2009-07-08 20:31
    d
    w- C:\_OTM
    2009-07-08 00:24 . 2009-07-07 03:44 937984 ----a-w- c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
    2009-07-08 00:24 . 2009-07-07 03:44 65536 ----a-w- c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    2009-07-08 00:24 . 2009-07-07 03:44 4722688 ----a-w- c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
    2009-07-08 00:24 . 2009-07-07 03:44 344064 ----a-w- c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
    2009-07-08 00:24 . 2009-07-07 03:44 106496 ----a-w- c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    2009-07-08 00:24 . 2009-07-07 03:44 103424 ----a-w- c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
    2009-06-23 20:01 . 2009-06-23 20:01 7040 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
    2009-06-23 20:01 . 2009-06-23 20:01
    d
    w- c:\documents and settings\All Users\Application Data\FNET
    2009-06-23 20:01 . 2009-06-23 20:01 17792 ----a-w- c:\windows\system32\drivers\FNETTBOH.SYS
    2009-06-23 20:01 . 2009-06-23 20:01
    d
    w- c:\program files\TurboHddUsb
    2009-06-22 05:08 . 2009-06-22 05:09
    d
    w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-06-22 05:00 . 2009-06-05 16:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-06-22 04:57 . 2009-06-22 04:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
    2009-06-22 04:55 . 2009-06-22 04:55
    d
    w- c:\program files\Bonjour
    2009-06-18 23:37 . 2009-06-29 23:37 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
    2009-06-18 23:37 . 2009-06-29 23:37 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
    2009-06-18 23:37 . 2009-06-29 23:37 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
    2009-06-18 23:37 . 2009-06-29 23:37 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
    2009-06-18 23:37 . 2009-06-29 23:37 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
    2009-06-18 23:37 . 2009-06-29 23:37 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
    2009-06-18 23:37 . 2009-06-29 23:37 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
    2009-06-18 23:37 . 2009-06-29 23:37 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
    2009-06-18 23:37 . 2009-06-29 23:37 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
    2009-06-18 23:37 . 2009-06-29 23:37 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
    2009-06-18 23:36 . 2009-07-06 23:38 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
    2009-06-18 23:36 . 2009-06-29 23:37 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
    2009-06-18 23:36 . 2009-06-29 23:37 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
    2009-06-18 23:36 . 2009-06-29 23:37 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
    2009-06-11 13:09 . 2009-04-17 21:58 65536 ----a-w- c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\extensions\piclens@cooliris.com-trash\components\coolirisstub.dll
    2009-06-11 13:09 . 2009-04-17 21:58 4534272 ----a-w- c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\extensions\piclens@cooliris.com-trash\libs\cooliris19.dll
    2009-06-11 13:02 . 2009-06-11 13:02 152576 ----a-w- c:\documents and settings\Tom and Wendy\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
    2009-06-11 12:59 . 2009-04-30 23:01 265496 ----a-w- c:\windows\system32\drivers\lvrs.sys
    2009-06-11 12:59 . 2008-12-17 05:55 195096 ----a-w- c:\windows\system32\lvci11901262.dll
    2009-06-11 12:58 . 2009-07-08 22:28
    d
    w- c:\program files\Logitech

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-08 23:18 . 2006-10-20 01:11
    d
    w- c:\documents and settings\All Users\Application Data\Google Updater
    2009-07-08 23:14 . 2008-01-22 01:26
    d
    w- c:\documents and settings\Tom and Wendy\Application Data\Skype
    2009-07-08 22:31 . 2007-12-11 20:20
    d
    w- c:\program files\Common Files\LogiShrd
    2009-07-08 22:29 . 2007-12-11 21:10 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
    2009-07-08 22:29 . 2008-02-09 23:08 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
    2009-07-05 19:02 . 2008-11-01 15:07 158764 ---ha-w- c:\windows\system32\mlfcache.dat
    2009-07-01 22:18 . 2006-11-17 22:49 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-06-29 23:37 . 2009-05-28 23:37 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
    2009-06-29 23:37 . 2009-05-28 23:36 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
    2009-06-29 23:37 . 2009-05-28 23:36 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
    2009-06-22 05:13 . 2008-11-01 14:47
    d
    w- c:\program files\Safari
    2009-06-22 05:09 . 2007-06-08 16:19
    d
    w- c:\program files\iTunes
    2009-06-22 05:08 . 2006-03-04 15:08
    d
    w- c:\program files\iPod
    2009-06-22 05:08 . 2007-07-20 16:12
    d
    w- c:\program files\Common Files\Apple
    2009-06-22 05:05 . 2007-06-08 16:13
    d
    w- c:\program files\QuickTime
    2009-06-22 05:01 . 2007-07-20 16:12
    d
    w- c:\documents and settings\All Users\Application Data\Apple
    2009-06-19 18:07 . 2007-08-01 13:42 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
    2009-06-13 22:16 . 2006-02-21 21:27
    d
    w- c:\documents and settings\All Users\Application Data\Viewpoint
    2009-06-13 22:16 . 2006-02-21 21:27
    d
    w- c:\program files\Viewpoint
    2009-06-13 22:06 . 2008-08-19 20:57
    d
    w- c:\program files\Unity
    2009-06-13 21:54 . 2007-04-11 22:26
    d
    w- c:\program files\Reaxxion
    2009-06-13 21:48 . 2006-02-21 21:23
    d--h--w- c:\program files\InstallShield Installation Information
    2009-06-13 21:44 . 2007-08-16 15:00
    d
    w- c:\program files\Macromedia
    2009-06-13 21:44 . 2007-08-16 15:00
    d
    w- c:\program files\Common Files\Macromedia
    2009-06-13 21:43 . 2007-07-22 18:15
    d
    w- c:\program files\IrfanView
    2009-06-13 21:43 . 2006-02-21 21:34
    d
    w- c:\program files\Google
    2009-06-13 21:42 . 2006-03-28 15:34
    d
    w- c:\program files\GIMP-2.0
    2009-06-13 21:41 . 2006-02-21 21:28
    d
    w- c:\program files\Dell
    2009-06-13 15:00 . 2006-10-22 22:59
    d
    w- c:\documents and settings\Tom and Wendy\Application Data\uTorrent
    2009-06-11 13:03 . 2006-02-21 21:18
    d
    w- c:\program files\Java
    2009-06-11 12:58 . 2007-12-11 20:19
    d
    w- c:\documents and settings\All Users\Application Data\LogiShrd
    2009-06-07 02:00 . 2009-06-07 02:00
    d
    r- c:\program files\Skype
    2009-06-07 02:00 . 2008-01-22 01:25
    d
    w- c:\documents and settings\All Users\Application Data\Skype
    2009-06-06 05:02 . 2008-01-22 01:29
    d
    w- c:\documents and settings\Tom and Wendy\Application Data\skypePM
    2009-06-05 16:42 . 2007-11-21 03:16 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-05-28 23:37 . 2009-05-28 23:37 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
    2009-05-28 23:37 . 2009-05-08 01:21 15688 ----a-w- c:\windows\system32\lsdelete.exe
    2009-05-16 15:37 . 2006-12-24 21:25 395568 -c--a-w- c:\documents and settings\Haley\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-08 15:39 . 2009-05-08 15:39 296208 ----a-w- c:\documents and settings\All Users\Application Data\LogiShrd\LQCVFX\Filters\VMSEF.dll
    2009-05-08 15:36 . 2009-05-08 15:36 6781200 ----a-w- c:\documents and settings\All Users\Application Data\LogiShrd\LQCVFX\Filters\MMSEF.dll
    2009-05-08 15:13 . 2009-05-08 15:13 13584 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll
    2009-05-07 23:35 . 2009-05-07 23:36 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-05-07 23:35 . 2009-05-07 23:35 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
    2009-05-07 15:44 . 2005-08-16 10:18 344064 ----a-w- c:\windows\system32\localspl.dll
    2009-04-30 23:03 . 2007-12-11 21:10 23832 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
    2009-04-30 23:03 . 2007-12-11 21:10 6754712 ----a-w- c:\windows\system32\drivers\lvuvc.sys
    2009-04-30 23:02 . 2007-12-11 21:10 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
    2009-04-30 23:02 . 2007-12-11 21:10 539160 ----a-w- c:\windows\system32\LVUI2.dll
    2009-04-30 22:57 . 2007-12-11 21:10 416280 ----a-w- c:\windows\system32\lvcodec2.dll
    2009-04-30 22:39 . 2007-12-11 21:10 34068 ----a-w- c:\windows\system32\Repository.reg
    2009-04-30 21:00 . 2009-04-30 21:00 25624 ----a-w- c:\windows\system32\drivers\LVPr2Mon.sys
    2009-04-29 04:56 . 2005-08-16 10:18 827392 ----a-w- c:\windows\system32\wininet.dll
    2009-04-29 04:55 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-04-17 09:58 . 2005-08-16 10:18 1846656 ----a-w- c:\windows\system32\win32k.sys
    2009-04-15 15:11 . 2005-08-16 10:18 584192 ----a-w- c:\windows\system32\rpcrt4.dll
    2008-08-06 22:05 . 2008-02-10 16:59 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2007-02-28 00:17 . 2006-02-28 21:41 104 --sh--r- c:\windows\system32\EA0708D47F.sys
    2007-02-28 00:18 . 2006-02-28 21:41 6060 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-07-07_20.49.43 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-08 22:20 . 2009-07-08 22:20 16384 c:\windows\temp\Perflib_Perfdata_7cc.dat
    + 2009-07-08 22:29 . 2008-12-17 06:02 23832 c:\windows\system32\ReinstallBackups\0017\DriverFiles\lvuvcflt.sys
    + 2009-07-08 22:29 . 2004-08-04 04:08 31616 c:\windows\system32\ReinstallBackups\0017\DriverFiles\i386\usbccgp.sys
    - 2009-06-11 12:59 . 2007-10-12 02:00 41752 c:\windows\system32\ReinstallBackups\0014\DriverFiles\LVUSBSta.sys
    + 2009-07-08 22:30 . 2008-12-17 06:01 41752 c:\windows\system32\ReinstallBackups\0014\DriverFiles\LVUSBSta.sys
    + 2009-07-08 22:30 . 2004-08-04 05:56 53760 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\vfwwdm32.dll
    + 2009-07-08 22:30 . 2004-08-04 05:56 17408 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\msyuv.dll
    + 2009-07-08 22:30 . 2004-08-04 05:56 47616 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\iyuv_32.dll
    + 2009-07-08 22:30 . 2008-12-17 06:01 41752 c:\windows\system32\ReinstallBackups\0013\DriverFiles\LVUSBSta.sys
    + 2009-07-08 22:30 . 2004-08-10 11:00 23552 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\wdmaud.drv
    + 2009-07-08 22:30 . 2004-08-04 04:07 59264 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\USBAUDIO.sys
    + 2009-07-08 22:30 . 2004-08-04 04:08 48640 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\stream.sys
    + 2009-07-08 22:30 . 2004-08-04 04:08 60288 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\drmk.sys
    + 2009-07-08 22:30 . 2009-04-30 23:01 66456 c:\windows\system32\DRVSTORE\lvPRO5s_2D6E30F74D2E72EA8163B690B05F1BC54597B89C\lvselsus.sys
    + 2009-07-08 22:29 . 2009-04-30 23:03 23832 c:\windows\system32\DRVSTORE\lvPRO5c_952966D5B4F6B5A523B590D564614430AA76DAA1\lvuvcflt.sys
    + 2009-07-08 22:29 . 2009-04-30 22:55 13976 c:\windows\system32\DRVSTORE\lvPEPI2s_99D499EFF87B07D6166F5EA387697BB6072519E5\lv302af.sys
    + 2007-04-14 01:58 . 2007-04-14 01:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4092\_mscorsn.dll
    + 2009-07-08 22:30 . 2004-08-10 11:00 23552 c:\windows\LastGood\system32\wdmaud.drv
    + 2009-07-08 22:31 . 2004-08-04 05:56 53760 c:\windows\LastGood\system32\vfwwdm32.dll
    + 2009-07-08 22:31 . 2004-08-04 05:56 17408 c:\windows\LastGood\system32\msyuv.dll
    + 2009-07-08 22:31 . 2004-08-04 05:56 47616 c:\windows\LastGood\system32\iyuv_32.dll
    + 2009-07-08 22:29 . 2004-08-04 04:08 31616 c:\windows\LastGood\system32\drivers\usbccgp.sys
    + 2009-07-08 22:30 . 2004-08-04 04:07 59264 c:\windows\LastGood\system32\drivers\USBAUDIO.sys
    + 2009-07-08 22:30 . 2004-08-04 04:08 48640 c:\windows\LastGood\system32\drivers\stream.sys
    + 2009-07-08 22:29 . 2008-12-17 06:02 23832 c:\windows\LastGood\system32\drivers\lvuvcflt.sys
    + 2009-07-08 22:30 . 2004-08-04 04:08 60288 c:\windows\LastGood\system32\drivers\drmk.sys
    + 2009-07-08 22:28 . 2009-07-08 22:28 57344 c:\windows\Installer\{AC96671C-2001-432C-9826-5266D84EF1DC}\QuickCamStartMenuS_65895B9BA1A04BCBAB7BF5673B44A0E4.exe
    + 2009-07-08 22:28 . 2009-07-08 22:28 57344 c:\windows\Installer\{AC96671C-2001-432C-9826-5266D84EF1DC}\QuickCamDesktopSho_C0678C37AA5341A4BE4781BAF94DE0CC.exe
    + 2009-07-08 22:28 . 2009-07-08 22:28 57344 c:\windows\Installer\{AC96671C-2001-432C-9826-5266D84EF1DC}\ARPPRODUCTICON.exe
    + 2009-07-08 22:30 . 2001-08-18 03:36 8192 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\tsbyuv.dll
    + 2009-07-08 22:30 . 2004-08-04 06:56 4096 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\ksuser.dll
    - 2009-06-11 12:59 . 2004-08-04 06:56 4096 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\ksuser.dll
    + 2009-07-08 22:30 . 2004-08-04 06:56 4096 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\ksuser.dll
    + 2009-07-08 22:31 . 2001-08-18 03:36 8192 c:\windows\LastGood\system32\tsbyuv.dll
    + 2009-07-08 22:30 . 2004-08-04 06:56 4096 c:\windows\LastGood\system32\ksuser.dll
    - 2007-12-11 20:22 . 2008-12-17 06:02 145944 c:\windows\twain_32\QuickCam\lvWIAext.dll
    + 2007-12-11 20:22 . 2009-04-30 23:04 145944 c:\windows\twain_32\QuickCam\lvWIAext.dll
    + 2009-07-08 22:30 . 2009-04-30 22:53 460048 c:\windows\system32\ReinstallBackups\0014\DriverFiles\WUApp32.exe
    + 2009-07-08 22:30 . 2009-04-30 23:04 145944 c:\windows\system32\ReinstallBackups\0014\DriverFiles\lvWIAext.dll
    + 2009-07-08 22:30 . 2009-04-30 23:02 539160 c:\windows\system32\ReinstallBackups\0014\DriverFiles\LVUI2RC.dll
    + 2009-07-08 22:30 . 2009-04-30 23:02 539160 c:\windows\system32\ReinstallBackups\0014\DriverFiles\LVUI2.dll
    - 2009-06-11 12:59 . 2007-10-12 01:57 195096 c:\windows\system32\ReinstallBackups\0014\DriverFiles\lvcoinst.dll
    + 2009-07-08 22:30 . 2008-12-17 05:55 195096 c:\windows\system32\ReinstallBackups\0014\DriverFiles\lvcoinst.dll
    + 2009-07-08 22:30 . 2009-04-30 22:57 416280 c:\windows\system32\ReinstallBackups\0014\DriverFiles\lvcodec2.dll
    + 2009-07-08 22:30 . 2004-08-04 05:56 294912 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\msh263.drv
    + 2009-07-08 22:30 . 2004-08-04 04:15 140928 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\ks.sys
    - 2009-06-11 12:59 . 2004-08-10 11:00 140928 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\ks.sys
    + 2009-07-08 22:30 . 2008-12-17 05:51 443664 c:\windows\system32\ReinstallBackups\0013\DriverFiles\WUApp32.exe
    + 2009-07-08 22:30 . 2008-12-17 06:00 768024 c:\windows\system32\ReinstallBackups\0013\DriverFiles\lvrs.sys
    + 2009-07-08 22:30 . 2008-12-17 05:55 195096 c:\windows\system32\ReinstallBackups\0013\DriverFiles\lvcoinst.dll
    + 2009-07-08 22:30 . 2004-03-16 17:58 136960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\portcls.sys
    + 2009-07-08 22:30 . 2004-08-04 04:15 140928 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\ks.sys
    + 2009-07-08 22:30 . 2009-04-30 22:53 460048 c:\windows\system32\DRVSTORE\lvPRO5v_1A7EB537982BCE55DEA520F73987B7FF65597DB2\WUApp32.exe
    + 2009-07-08 22:30 . 2009-04-30 23:04 145944 c:\windows\system32\DRVSTORE\lvPRO5v_1A7EB537982BCE55DEA520F73987B7FF65597DB2\lvWIAext.dll
    + 2009-07-08 22:30 . 2009-04-30 23:02 539160 c:\windows\system32\DRVSTORE\lvPRO5v_1A7EB537982BCE55DEA520F73987B7FF65597DB2\LVUI2RC.dll
    + 2009-07-08 22:30 . 2009-04-30 23:02 539160 c:\windows\system32\DRVSTORE\lvPRO5v_1A7EB537982BCE55DEA520F73987B7FF65597DB2\LVUI2.dll
    + 2009-07-08 22:30 . 2009-04-30 22:57 199192 c:\windows\system32\DRVSTORE\lvPRO5v_1A7EB537982BCE55DEA520F73987B7FF65597DB2\lvcoinst.dll
    + 2009-07-08 22:30 . 2009-04-30 22:57 416280 c:\windows\system32\DRVSTORE\lvPRO5v_1A7EB537982BCE55DEA520F73987B7FF65597DB2\lvcodec2.dll
    + 2009-07-08 22:30 . 2009-04-30 22:53 460048 c:\windows\system32\DRVSTORE\lvPRO5s_2D6E30F74D2E72EA8163B690B05F1BC54597B89C\WUApp32.exe
    + 2009-07-08 22:30 . 2009-04-30 23:01 265496 c:\windows\system32\DRVSTORE\lvPRO5s_2D6E30F74D2E72EA8163B690B05F1BC54597B89C\lvrs.sys
    + 2009-07-08 22:30 . 2009-04-30 22:59 114712 c:\windows\system32\DRVSTORE\lvPRO5s_2D6E30F74D2E72EA8163B690B05F1BC54597B89C\lvpopflt.sys
    + 2009-07-08 22:30 . 2009-04-30 22:57 199192 c:\windows\system32\DRVSTORE\lvPRO5s_2D6E30F74D2E72EA8163B690B05F1BC54597B89C\lvcoinst.dll
    + 2009-07-08 22:30 . 2009-04-30 22:53 460048 c:\windows\system32\DRVSTORE\lvPEPI2v_4022AD047131F8DA6FCF38A5AF78577F22AF2D50\WUApp32.exe
    + 2009-07-08 22:30 . 2009-04-30 23:04 145944 c:\windows\system32\DRVSTORE\lvPEPI2v_4022AD047131F8DA6FCF38A5AF78577F22AF2D50\lvWIAext.dll
    + 2009-07-08 22:30 . 2009-04-30 23:02 539160 c:\windows\system32\DRVSTORE\lvPEPI2v_4022AD047131F8DA6FCF38A5AF78577F22AF2D50\LVUI2RC.dll
    + 2009-07-08 22:30 . 2009-04-30 23:02 539160 c:\windows\system32\DRVSTORE\lvPEPI2v_4022AD047131F8DA6FCF38A5AF78577F22AF2D50\LVUI2.dll
    + 2009-07-08 22:30 . 2009-04-30 22:57 199192 c:\windows\system32\DRVSTORE\lvPEPI2v_4022AD047131F8DA6FCF38A5AF78577F22AF2D50\lvcoinst.dll
    + 2009-07-08 22:30 . 2009-04-30 22:57 416280 c:\windows\system32\DRVSTORE\lvPEPI2v_4022AD047131F8DA6FCF38A5AF78577F22AF2D50\lvcodec2.dll
    + 2009-07-08 22:29 . 2009-04-30 22:53 460048 c:\windows\system32\DRVSTORE\lvPEPI2s_99D499EFF87B07D6166F5EA387697BB6072519E5\WUApp32.exe
    + 2009-07-08 22:29 . 2009-04-30 23:01 265496 c:\windows\system32\DRVSTORE\lvPEPI2s_99D499EFF87B07D6166F5EA387697BB6072519E5\lvrs.sys
    + 2009-07-08 22:29 . 2009-04-30 22:57 199192 c:\windows\system32\DRVSTORE\lvPEPI2s_99D499EFF87B07D6166F5EA387697BB6072519E5\lvcoinst.dll
    + 2009-07-08 22:29 . 2009-04-30 22:53 460048 c:\windows\system32\DRVSTORE\lvELCHv_C913F138AE598F3E209DDE0B8ECE2F1694FFE1C9\WUApp32.exe
    + 2009-07-08 22:29 . 2009-04-30 23:04 145944 c:\windows\system32\DRVSTORE\lvELCHv_C913F138AE598F3E209DDE0B8ECE2F1694FFE1C9\lvWIAext.dll
    + 2009-07-08 22:29 . 2009-04-30 23:02 539160 c:\windows\system32\DRVSTORE\lvELCHv_C913F138AE598F3E209DDE0B8ECE2F1694FFE1C9\LVUI2RC.dll
    + 2009-07-08 22:29 . 2009-04-30 23:02 539160 c:\windows\system32\DRVSTORE\lvELCHv_C913F138AE598F3E209DDE0B8ECE2F1694FFE1C9\LVUI2.dll
    + 2009-07-08 22:29 . 2009-04-30 22:57 199192 c:\windows\system32\DRVSTORE\lvELCHv_C913F138AE598F3E209DDE0B8ECE2F1694FFE1C9\lvcoinst.dll
    + 2009-07-08 22:29 . 2009-04-30 22:57 416280 c:\windows\system32\DRVSTORE\lvELCHv_C913F138AE598F3E209DDE0B8ECE2F1694FFE1C9\lvcodec2.dll
    + 2009-07-08 22:29 . 2009-04-30 22:56 495768 c:\windows\system32\DRVSTORE\lvELCHv_C913F138AE598F3E209DDE0B8ECE2F1694FFE1C9\LV561AV.sys
    + 2003-02-21 10:42 . 2003-02-21 10:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4092\_msvcr71.dll
    + 2007-04-14 01:56 . 2007-04-14 01:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4092\_mscorjit.dll
    + 2004-07-15 06:24 . 2004-07-15 06:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4092\_fusion.dll
    + 2009-07-08 22:31 . 2009-04-30 23:04 145944 c:\windows\LastGood\TWAIN_32\QuickCam\lvWIAext.dll
    + 2009-07-08 22:31 . 2004-08-04 05:56 294912 c:\windows\LastGood\system32\msh263.drv
    + 2009-07-08 22:31 . 2009-04-30 23:02 539160 c:\windows\LastGood\system32\LVUI2RC.dll
    + 2009-07-08 22:31 . 2009-04-30 23:02 539160 c:\windows\LastGood\system32\LVUI2.dll
    + 2009-07-08 22:31 . 2009-04-30 22:57 416280 c:\windows\LastGood\system32\lvcodec2.dll
    + 2009-07-08 22:31 . 2009-04-30 22:57 199192 c:\windows\LastGood\system32\lvci1201278.dll
    + 2009-07-08 22:30 . 2004-03-16 17:58 136960 c:\windows\LastGood\system32\drivers\portcls.sys
    + 2009-07-08 22:30 . 2008-12-17 06:00 768024 c:\windows\LastGood\system32\drivers\lvrs.sys
    + 2009-07-08 22:30 . 2004-08-04 04:15 140928 c:\windows\LastGood\system32\drivers\ks.sys
    + 2009-07-08 22:30 . 2008-12-17 06:01 6364440 c:\windows\system32\ReinstallBackups\0014\DriverFiles\lvuvc.sys
    + 2009-07-08 22:30 . 2009-04-30 23:03 6754712 c:\windows\system32\DRVSTORE\lvPRO5v_1A7EB537982BCE55DEA520F73987B7FF65597DB2\lvuvc.sys
    + 2009-07-08 22:30 . 2009-04-30 22:55 2687512 c:\windows\system32\DRVSTORE\lvPEPI2v_4022AD047131F8DA6FCF38A5AF78577F22AF2D50\LV302V32.SYS
    - 2009-07-07 20:49 . 2007-06-29 22:07 9249736 c:\windows\SoftwareDistribution\Download\Install\NDP1.1sp1-KB928366-X86.exe
    + 2007-04-14 01:57 . 2007-04-14 01:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4092\_mscorwks.dll
    + 2007-04-14 01:50 . 2007-04-14 01:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4092\_mscorlib.dll
    + 2009-07-08 22:31 . 2008-12-17 06:01 6364440 c:\windows\LastGood\system32\drivers\lvuvc.sys
    + 2009-07-08 22:28 . 2009-07-08 22:28 5072384 c:\windows\Installer\2b473.msi
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 68856]
    "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]
    "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-03-11 24095528]
    "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-06 29744]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
    "IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-10-25 35328]
    "Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
    "ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2007-08-21 73728]
    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
    "BarbieGirlsTray"="c:\program files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe" [2007-03-15 24576]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-11 185896]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
    "TurboHddUsb"="c:\program files\TurboHddUsb\TurboHddUsb.exe" [2009-06-23 3327488]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 68856]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2008-10-11 136768]
    "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-10 53760]

    c:\documents and settings\Tom and Wendy\Start Menu\Programs\Startup\
    Monitor.lnk - c:\program files\802.11g Wireless LAN\Monitor.exe [2005-8-2 901120]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2007-11-12 25214]
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1161296625\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1161296625\\ee\\aim6.exe"=
    "c:\\Documents and Settings\\Tom and Wendy\\Desktop\\utorrent.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Sony Online Entertainment\\Q-bert\\Q-bert.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Smartparts\\Smartparts Desktop\\OptiPix.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "6881:TCP"= 6881:TCP:electric sheep

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/7/2009 6:36 PM 64160]
    R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [6/23/2009 3:01 PM 7040]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1029456]
    S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [6/23/2009 3:01 PM 17792]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/21/2006 4:34 PM 29744]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2/9/2008 6:10 PM 17792]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2/9/2008 6:10 PM 7680]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2/9/2008 6:10 PM 40832]
    S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2/9/2008 6:11 PM 21504]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - LVPRCSRV
    .
    Contents of the 'Scheduled Tasks' folder

    2009-07-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 23:37]

    2009-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

    2009-07-09 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 13:11]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Search
    IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
    IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
    TCP: {73541F4C-ED16-4947-9CA1-00CD000BED89} = 68.87.72.130,68.87.77.130
    FF - ProfilePath - c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?.home=ytff
    FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58757&ei=utf-8&yahoo_domain=search.yahoo.com&p=
    FF - component: c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\extensions\{18b8f08d-62fe-4dfc-ad6c-9ce46515d5ec}\components\Engine.dll
    FF - component: c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
    FF - plugin: c:\documents and settings\Tom and Wendy\Application Data\Mozilla\Firefox\Profiles\r36k37xi.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
    FF - plugin: c:\program files\OverTheEdge\Unity\WebPlayer\loader\npUnityWeb32.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-09 15:24
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2009-07-09 15:26
    ComboFix-quarantined-files.txt 2009-07-09 20:26
    ComboFix2.txt 2009-07-08 12:54
    ComboFix3.txt 2009-07-08 00:22
    ComboFix4.txt 2009-07-07 21:01

    Pre-Run: 15,570,747,392 bytes free
    Post-Run: 15,836,381,184 bytes free

    412 --- E O F --- 2009-07-09 08:01


  • Closed Accounts Posts: 16 misterbremer


    and.....
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:44:39 PM, on 7/9/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\DRIVERS\WtSrv.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\Program Files\Common Files\AOL\1161296625\ee\aolsoftware.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\TurboHddUsb\TurboHddUsb.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\802.11g Wireless LAN\Monitor.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [BarbieGirlsTray] C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TurboHddUsb] C:\Program Files\TurboHddUsb\TurboHddUsb.exe
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: Monitor.lnk = C:\Program Files\802.11g Wireless LAN\Monitor.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
    O16 - DPF: {36D04559-44B7-45E0-BA81-E1508FAB359F} (UnityWebPlayerAX Control) - http://otee.dk/download_webplayer/UnityWebPlayer.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
    O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{73541F4C-ED16-4947-9CA1-00CD000BED89}: NameServer = 68.87.72.130,68.87.77.130
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

    --
    End of file - 15543 bytes


  • Advertisement
  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Your logs are clean


    Follow these steps to uninstall Combofix and tools used in the removal of malware
    • Click START then RUN
    • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      CF_Cleanup.png


    • Download OTC to your desktop and run it
    • Click Yes to beginning the Cleanup process and remove these components, including this application.
    • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.


    Below I have included a number of recommendations for how to protect your computer against malware infections.
    • Keep Windows updated by regularly checking their website at :
      http://windowsupdate.microsoft.com/
      This will ensure your computer has always the latest security updates available installed on your computer.

    • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

    • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

    • Make Internet Explorer more secure
      • Click Start > Run
      • Type Inetcpl.cpl & click OK
      • Click on the Security tab
      • Click Reset all zones to default level
      • Make sure the Internet Zone is selected & Click Custom level
      • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
      • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
    • TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

    • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
      secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
      blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
      Here


      If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
      • NoScript - for blocking ads and other potential website attacks
      • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

    • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

    • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

    • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

    • Please read my guide on how to prevent malware and about safe computing here
    Thank you for your patience, and performing all of the procedures requested.


Advertisement