combo fix:
ComboFix 07-12-01.2 - Thy Nguyen 2007-11-30 18:31:06.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1408 [GMT -8:00]
Running from: C:\Documents and Settings\Thy Nguyen\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\dyjstyly.dll
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Thy Nguyen\Favorites\Online Security Guide.lnk
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\WINDOWS\system32\aqnydrad.dll
C:\WINDOWS\system32\atoydera.dll
C:\WINDOWS\system32\brewheoh.dll
C:\WINDOWS\system32\bxafytan.dll
C:\WINDOWS\system32\csjxteex.exe
C:\WINDOWS\system32\dsfvcfhy.dll
C:\WINDOWS\system32\eoievypl.dll
C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\fibagbia
C:\WINDOWS\system32\fibagbia\bg1.gif
C:\WINDOWS\system32\fibagbia\bgtop.gif
C:\WINDOWS\system32\fibagbia\bottom1.gif
C:\WINDOWS\system32\fibagbia\essentials.gif
C:\WINDOWS\system32\fibagbia\fibagbia1.exe
C:\WINDOWS\system32\fibagbia\fibagbia2.exe
C:\WINDOWS\system32\fibagbia\fibagbia3.exe
C:\WINDOWS\system32\fibagbia\icon1.ico
C:\WINDOWS\system32\fibagbia\install1.gif
C:\WINDOWS\system32\fibagbia\left1.gif
C:\WINDOWS\system32\fibagbia\li.gif
C:\WINDOWS\system32\fibagbia\logo.gif
C:\WINDOWS\system32\fibagbia\main.htm
C:\WINDOWS\system32\fibagbia\mainframe.htm
C:\WINDOWS\system32\fibagbia\reinstall1.gif
C:\WINDOWS\system32\fibagbia\right1.gif
C:\WINDOWS\system32\fibagbia\s1.htm
C:\WINDOWS\system32\fibagbia\s2.htm
C:\WINDOWS\system32\fibagbia\s3.htm
C:\WINDOWS\system32\fibagbia\SMTop1.gif
C:\WINDOWS\system32\fibagbia\SMTop2.gif
C:\WINDOWS\system32\fibagbia\SMTop3.gif
C:\WINDOWS\system32\fibagbia\SMTop4.gif
C:\WINDOWS\system32\fibagbia\soft1_off.gif
C:\WINDOWS\system32\fibagbia\soft1_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft1_on.gif
C:\WINDOWS\system32\fibagbia\soft1_on_ext.gif
C:\WINDOWS\system32\fibagbia\soft2_off.gif
C:\WINDOWS\system32\fibagbia\soft2_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft2_on.gif
C:\WINDOWS\system32\fibagbia\soft2_on_ext.gif
C:\WINDOWS\system32\fibagbia\soft3_off.gif
C:\WINDOWS\system32\fibagbia\soft3_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft3_on.gif
C:\WINDOWS\system32\fibagbia\soft3_on_ext.gif
C:\WINDOWS\system32\fibagbia\softbottom_off.gif
C:\WINDOWS\system32\fibagbia\softbottom_on.gif
C:\WINDOWS\system32\fibagbia\softleft_off.gif
C:\WINDOWS\system32\fibagbia\softleft_on.gif
C:\WINDOWS\system32\fibagbia\top1.gif
C:\WINDOWS\system32\fibagbia\top2.gif
C:\WINDOWS\system32\fibagbia\turnoff1.gif
C:\WINDOWS\system32\fibagbia\turnon1.gif
C:\WINDOWS\system32\ibcapouj.dll
C:\WINDOWS\system32\infwswww.dll
C:\WINDOWS\system32\jdcgqxwf.dll
C:\WINDOWS\system32\jkglyjml.dll
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jurjawcy.dll
C:\WINDOWS\system32\khcpkolg.dll
C:\WINDOWS\system32\tixtndps.dll
C:\WINDOWS\system32\vuljdlvu.dll
C:\WINDOWS\system32\winbfi32.dll
C:\WINDOWS\system32\wvuvtus.dll
C:\WINDOWS\system32\xngqghyy.exe
C:\WINDOWS\system32\yedqniqt.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-11-01 to 2007-12-01 )))))))))))))))))))))))))))))))
.
2007-11-30 00:32 . 2007-11-30 00:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-30 00:32 . 2007-11-30 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-30 00:28 . 2007-11-30 00:28 <DIR> d-------- C:\VundoFix Backups
2007-11-29 19:37 . 2007-11-30 00:24 <DIR> d-------- C:\Documents and Settings\Thy Nguyen\.housecall6.6
2007-11-29 19:37 . 2007-11-29 19:37 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-19 01:05 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-19 01:05 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-19 01:05 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-19 01:05 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-19 01:05 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-19 01:05 . 2007-11-19 01:05 1,428 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-18 19:57 . 2007-11-18 19:57 <DIR> d-------- C:\Program Files\lafqlate
2007-11-18 19:57 . 2007-11-18 19:57 <DIR> d-------- C:\Program Files\Axqpxvet
2007-11-16 01:12 . 2007-11-16 01:12 <DIR> d-------- C:\Program Files\Sony Corporation
2007-11-16 01:12 . 2001-08-31 15:07 27,255 --a------ C:\WINDOWS\system32\drivers\NWWMUSB.sys
2007-11-16 01:12 . 2002-09-11 10:20 11,510 --a------ C:\WINDOWS\system32\drivers\VMCUSB.sys
2007-11-03 11:03 . 2007-11-03 11:03 <DIR> d-------- C:\WINDOWS\system32\omusubi dir
2007-11-01 22:29 . 2007-11-01 22:29 <DIR> d-------- C:\Program Files\WinFF
2007-11-01 22:29 . 2007-11-01 22:32 <DIR> d-------- C:\Documents and Settings\Thy Nguyen\Application Data\Winff
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-01 02:36 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-11-30 23:00 --------- d-----w C:\Program Files\Norton Security Scan
2007-11-30 15:28 --------- d-----w C:\Program Files\Java
2007-11-16 09:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-16 09:12 --------- d-----w C:\Program Files\Sony
2007-11-16 09:12 --------- d-----w C:\Program Files\Common Files\Sony Shared
2007-11-14 11:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-26 05:27 --------- d-----w C:\Program Files\World of Warcraft
2007-10-23 11:54 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2007-10-23 11:54 --------- d-----w C:\Program Files\mpegable
2007-10-18 01:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-10-09 05:17 --------- d-----w C:\Program Files\Impulse
2007-10-08 05:48 --------- d-----w C:\Documents and Settings\Thy Nguyen\Application Data\Grisoft
2007-10-08 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-08 05:47 --------- d-----w C:\Program Files\CCleaner
2007-10-02 01:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-10-02 01:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2007-05-21 00:43 778 ----a-w C:\Documents and Settings\Thy Nguyen\Application Data\wklnhst.dat
2006-11-16 08:44 899 ----a-w C:\Documents and Settings\Thy Nguyen\Thy Nguyen_notes.dat
.
((((((((((((((((((((((((((((( snapshot@2007-10-01_18.43.50.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2004-08-04 10:00:00 581,120 -c----w C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
+ 2007-06-15 08:12:28 1,022,976 -c----w C:\WINDOWS\$NtUninstallKB939653$\browseui.dll
+ 2007-06-15 08:12:28 151,040 -c----w C:\WINDOWS\$NtUninstallKB939653$\cdfview.dll
+ 2007-06-15 08:12:28 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB939653$\danim.dll
+ 2007-06-15 08:12:28 357,888 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtmsft.dll
+ 2007-06-15 08:12:28 205,824 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtrans.dll
+ 2007-06-15 08:12:28 55,808 -c----w C:\WINDOWS\$NtUninstallKB939653$\extmgr.dll
+ 2007-06-14 10:32:36 18,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\iedw.exe
+ 2007-06-15 08:12:28 251,904 -c----w C:\WINDOWS\$NtUninstallKB939653$\iepeers.dll
+ 2007-06-15 08:12:28 96,256 -c----w C:\WINDOWS\$NtUninstallKB939653$\inseng.dll
+ 2007-06-15 08:12:28 16,384 -c----w C:\WINDOWS\$NtUninstallKB939653$\jsproxy.dll
+ 2007-06-15 08:12:29 3,064,320 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll
+ 2007-06-15 08:12:29 449,024 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll
+ 2007-06-15 08:12:29 146,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\msrating.dll
+ 2007-06-15 08:12:29 532,480 -c----w C:\WINDOWS\$NtUninstallKB939653$\mstime.dll
+ 2007-06-15 08:12:29 39,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\pngfilt.dll
+ 2007-06-15 08:12:30 1,498,112 -c----w C:\WINDOWS\$NtUninstallKB939653$\shdocvw.dll
+ 2007-06-15 08:12:30 474,112 -c----w C:\WINDOWS\$NtUninstallKB939653$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\updspapi.dll
+ 2007-06-15 08:12:30 616,960 -c----w C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll
+ 2007-06-26 14:35:54 665,600 -c----w C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
+ 2007-06-14 10:08:46 350,720 -c----w C:\WINDOWS\$NtUninstallKB939653$\xpsp3res.dll
+ 2007-05-16 15:12:02 683,520 -c----w C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
+ 2007-10-09 05:08:34 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2007-10-09 05:08:34 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2007-10-09 05:08:34 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2007-10-09 05:08:39 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2005-03-01 21:08:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2005-03-01 21:08:52 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2007-10-09 05:08:41 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2007-10-09 05:08:35 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-05-25 08:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
- 2007-09-28 16:06:08 135,168 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-27 11:58:11 140,288 ----a-w C:\WINDOWS\catchme.exe
+ 2005-03-01 21:08:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2005-03-01 21:08:52 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
- 2007-03-13 17:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-03-13 18:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2007-09-19 08:39:15 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-11-14 11:00:42 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2007-09-19 08:39:16 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-11-14 11:00:42 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-09-19 08:39:15 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2007-11-14 11:00:42 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2007-09-19 08:39:15 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-11-14 11:00:42 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2007-09-19 08:39:16 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2007-11-14 11:00:42 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2007-09-19 08:39:16 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-11-14 11:00:42 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-09-19 08:39:16 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-11-14 11:00:42 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-09-19 08:39:15 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-11-14 11:00:42 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2007-09-19 08:39:15 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-11-14 11:00:42 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2007-09-19 08:39:16 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-11-14 11:00:42 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2007-09-19 08:39:16 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-11-14 11:00:42 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-09-19 08:39:15 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-11-14 11:00:42 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-09-30 07:58:23 40,960 ----a-r C:\WINDOWS\Installer\{91E14B92-8740-49BD-9880-6028C62F4556}\NewShortcut1_91E14B92874049BD98806028C62F4556.exe
+ 2007-10-09 05:17:30 40,960 ----a-r C:\WINDOWS\Installer\{91E14B92-8740-49BD-9880-6028C62F4556}\NewShortcut1_91E14B92874049BD98806028C62F4556.exe
- 2007-09-29 21:10:45 6,817 ----a-w C:\WINDOWS\mozver.dat
+ 2007-11-30 15:28:28 6,938 ----a-w C:\WINDOWS\mozver.dat
- 2007-06-17 07:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2007-06-17 08:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
- 2001-09-13 09:15:28 90,112 ------w C:\WINDOWS\snymsico.dll
+ 2001-09-13 10:15:28 90,112 ------w C:\WINDOWS\snymsico.dll
- 2007-06-15 08:12:28 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-08-22 12:55:28 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
- 2006-05-11 19:02:56 643,072 ----a-w C:\WINDOWS\system32\CDDBControlSony.dll
+ 2006-08-12 01:57:00 643,072 ----a-w C:\WINDOWS\system32\CDDBControlSony.dll
- 2006-05-11 19:05:46 73,728 ----a-w C:\WINDOWS\system32\CddbLinkSony.dll
+ 2006-08-12 01:59:10 73,728 ----a-w C:\WINDOWS\system32\CddbLinkSony.dll
- 2006-05-11 19:03:46 585,728 ----a-w C:\WINDOWS\system32\CddbMusicIDSony.dll
+ 2006-08-12 01:57:40 585,728 ----a-w C:\WINDOWS\system32\CddbMusicIDSony.dll
- 2006-05-11 19:06:28 520,192 ----a-w C:\WINDOWS\system32\CddbPlaylist2Sony.dll
+ 2006-08-12 01:59:46 520,192 ----a-w C:\WINDOWS\system32\CddbPlaylist2Sony.dll
- 2006-05-11 19:05:28 770,048 ----a-w C:\WINDOWS\system32\CDDBUISony.dll
+ 2006-08-12 01:58:54 770,048 ----a-w C:\WINDOWS\system32\CDDBUISony.dll
- 2007-06-15 08:12:28 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-08-22 12:55:29 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2007-09-17 17:51:56 1,536,000 ----a-r C:\WINDOWS\system32\clubbox.exe
+ 2007-10-19 20:41:02 1,536,000 ----a-r C:\WINDOWS\system32\clubbox.exe
- 2007-06-15 08:12:28 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-08-22 12:55:30 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2007-06-15 08:12:28 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-08-22 12:55:28 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-06-15 08:12:28 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-08-22 12:55:29 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-06-15 08:12:28 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
+ 2007-08-22 12:55:30 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
- 2007-06-15 08:12:28 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-08-22 12:55:30 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-06-15 08:12:28 205,824 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-08-22 12:55:31 205,824 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-06-15 08:12:28 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-22 12:55:31 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-14 10:32:36 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-21 10:19:39 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-06-15 08:12:28 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-22 12:55:32 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-05-16 15:12:02 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-06-15 08:12:28 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-22 12:55:32 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-06-15 08:12:28 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-22 12:55:32 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-06-15 08:12:29 3,064,320 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-08-22 12:55:36 3,064,832 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-06-15 08:12:29 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-22 12:55:37 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-06-15 08:12:29 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-08-22 12:55:37 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-06-15 08:12:29 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-08-22 12:55:38 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-06-15 08:12:29 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-08-22 12:55:38 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-07-09 13:09:42 584,192 ------w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2007-06-15 08:12:30 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-08-22 12:55:40 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 ------w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-06-15 08:12:30 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-08-22 12:55:41 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2007-06-15 08:12:30 616,960 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-22 12:55:43 617,984 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-06-26 14:35:54 665,600 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-08-22 12:55:44 665,600 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-05-30 12:10:42 10,872 ----a-w C:\WINDOWS\system32\drivers\AvgAsCln.sys
- 2003-04-02 01:55:46 35,319 ------w C:\WINDOWS\system32\drivers\NETMD031.sys
+ 2003-04-02 02:55:46 35,319 ----a-w C:\WINDOWS\system32\drivers\NETMD031.sys
- 2003-11-10 19:31:38 36,232 ------w C:\WINDOWS\system32\drivers\NETMD033.sys
+ 2003-11-10 20:31:38 36,232 ----a-w C:\WINDOWS\system32\drivers\NETMD033.sys
- 2005-10-31 17:46:56 36,679 ------w C:\WINDOWS\system32\drivers\NETMD052.sys
+ 2005-10-31 18:46:56 36,679 ----a-w C:\WINDOWS\system32\drivers\NETMD052.sys
- 2002-08-08 22:51:32 38,951 ------w C:\WINDOWS\system32\drivers\NETMDUSB.sys
+ 2002-08-08 23:51:32 38,951 ----a-w C:\WINDOWS\system32\drivers\NETMDUSB.sys
- 2007-06-15 08:12:28 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-22 12:55:30 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-06-15 08:12:28 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-22 12:55:31 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-06-15 08:12:28 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-22 12:55:31 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-06-15 08:12:28 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-22 12:55:32 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-06-15 08:12:28 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-22 12:55:32 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-07-12 08:22:00 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-25 06:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-07-12 08:22:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 06:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-07-12 09:22:38 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-25 07:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2007-06-15 08:12:28 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-22 12:55:32 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2005-05-24 20:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 23:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 23:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2007-09-06 02:50:42 17,474,680 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-06-15 08:12:29 3,064,320 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-22 12:55:36 3,064,832 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-15 08:12:29 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-22 12:55:37 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-06-15 08:12:29 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-22 12:55:37 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-06-15 08:12:29 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-22 12:55:38 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-09-11 01:15:55 34,304 ----a-w C:\WINDOWS\system32\omusubi dir\saver1.dll
+ 2007-11-03 19:03:08 34,304 ----a-w C:\WINDOWS\system32\omusubi dir\saver1.dll
- 2007-09-11 01:15:55 18,192 ----a-w C:\WINDOWS\system32\omusubi dir\saver2.dll
+ 2007-11-03 19:03:08 18,192 ----a-w C:\WINDOWS\system32\omusubi dir\saver2.dll
- 2007-09-11 01:15:54 201,728 ----a-w C:\WINDOWS\system32\omusubi.scr
+ 2007-11-03 19:03:07 201,728 ----a-w C:\WINDOWS\system32\omusubi.scr
- 2007-09-22 17:35:39 62,032 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-05 07:28:04 62,032 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-09-22 17:35:39 402,426 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-05 07:28:04 402,426 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-06-15 08:12:29 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-22 12:55:38 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-04 10:00:00 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2007-06-15 08:12:30 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-08-22 12:55:40 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-06-15 08:12:30 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-08-22 12:55:41 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-07-23 01:39:27 844,800 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-07-23 02:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
- 2007-06-15 08:12:30 616,960 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-22 12:55:43 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-06-26 14:35:54 665,600 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-08-22 12:55:44 665,600 ----a-w C:\WINDOWS\system32\wininet.dll
- 2007-06-14 10:08:46 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}]
2007-11-18 19:57 114688 --a------ C:\Program Files\Axqpxvet\zluiiosw.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 14:35]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-11-02 13:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 17:07]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-26 16:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll [2005-10-05 11:00 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-01-30 01:15 65536 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 14:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sunotify]
sunotify.dll 2005-01-12 22:49 90112 C:\WINDOWS\system32\sunotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=vsmvhk.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhhf.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ShadowUser Pro Edition.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ShadowUser Pro Edition.lnk
backup=C:\WINDOWS\pss\ShadowUser Pro Edition.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Thy Nguyen^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Thy Nguyen\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Thy Nguyen^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\Thy Nguyen\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
2005-04-04 17:58 856064 --a------ C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe -h
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-08-22 09:52 94208 --a------ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2006-03-24 16:14 53408 --a------ C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-02-09 14:34 106496 --a------ C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 00:00 45056 --------- C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 02:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 02:20 122940 --a------ C:\WINDOWS\System32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 00:12 94208 --a------ C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Synchronization]
2005-10-05 11:00 53248 --a------ C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 --a------ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2006-07-06 04:15 151552 --a------ C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech BT Wizard]
LBTWiz.exe -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-09-08 16:20 110592 --a------ C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 16:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2007-08-14 16:02 1063752 --a------ C:\Program Files\Spyware Doctor\SDTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-11-02 13:43 472632 --a------ C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 03:00 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuNotification]
2005-01-12 22:49 40960 --a------ C:\Program Files\ShadowStor\ShadowUser\suatshut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 --------- C:\WINDOWS\UpdReg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
2004-11-10 20:15 111816 --a------ C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
2006-05-27 00:40 124656 --a------ C:\PROGRA~1\SYMANT~1\VPTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SSScsiSV"=3 (0x3)
"SQLAgent$MICROSOFTSMLBIZ"=3 (0x3)
"SPTISRV"=3 (0x3)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"SavRoam"=3 (0x3)
"RSVP"=3 (0x3)
"PACSPTISVR"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Netlogon"=3 (0x3)
"NBService"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"MSCSPTISRV"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"DSBrokerService"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"Adobe Version Cue CS2"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"aawservice"=2 (0x2)
R0 Shadow;Shadow;C:\WINDOWS\system32\drivers\Shadow.sys
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys
S2 IcRecUsb;IC Recorder Driver;C:\WINDOWS\system32\Drivers\IcRecUsb.sys
S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State;C:\WINDOWS\system32\Drivers\frmupgr.sys
S3 NOWMEMDF;NOWMEMDF;\??\C:\WINDOWS\system32\NOWMEMDF.sys
S3 zebrbus;Sony Ericsson Composite Device driver;C:\WINDOWS\system32\DRIVERS\zebrbus.sys
S3 zebrmdfl;Sony Ericsson Modem Filter;C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys
S3 zebrmdm;Sony Ericsson Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdm.sys
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-12-01 02:26:01 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-11-30 18:36:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-30 18:38:33 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-01 17:44
C:\ComboFix2.txt ... 2007-10-01 17:44
.
--- E O F ---
hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:39 PM, on 11/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell.comR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2060909
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - C:\Program Files\Axqpxvet\zluiiosw.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) -
http://www.clubbox.co.kr/neo.fld/NowStarter.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cabO16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) -
http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) -
http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) -
http://asp.mathxl.com/books/_Players/EconPlayer.cabO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: vsmvhk.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 10040 bytes
-thanks alot!